linux下ssh登录PIX防火墙
生活随笔
收集整理的這篇文章主要介紹了
linux下ssh登录PIX防火墙
小編覺得挺不錯的,現在分享給大家,幫大家做個參考.
臨時解決方法 用ssh -v -1 -c des參數連接 ssh -v -1 -c des pix@10.63.128.80
OpenSSH_4.7p1 Debian-8ubuntu1.2, OpenSSL 0.9.8g 19 Oct 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 10.63.128.80 [10.63.128.80] port 22.
debug1: Connection established.
debug1: identity file /home/sunrc/.ssh/identity type -1
debug1: Remote protocol version 1.5, remote software version Cisco-1.25
debug1: no match: Cisco-1.25
debug1: Local version string SSH-1.5-OpenSSH_4.7p1 Debian-8ubuntu1.2
debug1: Waiting for server public key.
debug1: Received server public key (768 bits) and host key (2048 bits).
debug1: Host '10.63.128.80' is known and matches the RSA1 host key.
debug1: Found key in /home/sunrc/.ssh/known_hosts:1
debug1: Encryption type: des
debug1: Sent encrypted session key.
Warning: use of DES is strongly discouraged due to cryptographic weaknesses
debug1: Installing crc compensation attack detector.
debug1: Received encrypted confirmation.
debug1: Doing password authentication.
pix@10.63.128.80'spassword:
debug1: Requesting pty.
debug1: Requesting shell.
debug1: Entering interactive session.
debug1: fd 0 clearing O_NONBLOCK
Type help or '?' for a list of available commands.
CallCentre> 永久解決方法 如果你不想每次都帶著一大串參數SSH,就需要重新生成一個合適的key,步驟如下: 登錄到PIX,可以用上面的方法ssh >enable
configure terminal
crypto key zeroize rsa 清除現存RSA KEY
crypto key generate rsa modulus 1024 noconfirm 生成新的RSA KEY 如果你在剛才使用上面的方式SSH登錄,那么現在你的機器中儲存的KEY將與PIX不符,SSH將會提示這樣的錯誤: @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
xx.xx.xx.xx
Please contact your system administrator.
Add correct host key in /home/skywalker/.ssh/known_hosts to get rid of this message.
Offending key in /home/skywalker/.ssh/known_hosts:5
RSA host key for Firewall’s IP has changed and you have requested strict checking.
Host key verification failed. 你必須首先在/.ssh/known_hosts中清除對應PIX的失效KEY ,如果不知道哪個KEY是PIX的,將known_hosts全部清除也沒有關系,只是在第一次登錄其他機器的時候,需要確認一次(yes/no)。 清除掉失效KEY后,ssh就可以正常登錄PIX了。
OpenSSH_4.7p1 Debian-8ubuntu1.2, OpenSSL 0.9.8g 19 Oct 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 10.63.128.80 [10.63.128.80] port 22.
debug1: Connection established.
debug1: identity file /home/sunrc/.ssh/identity type -1
debug1: Remote protocol version 1.5, remote software version Cisco-1.25
debug1: no match: Cisco-1.25
debug1: Local version string SSH-1.5-OpenSSH_4.7p1 Debian-8ubuntu1.2
debug1: Waiting for server public key.
debug1: Received server public key (768 bits) and host key (2048 bits).
debug1: Host '10.63.128.80' is known and matches the RSA1 host key.
debug1: Found key in /home/sunrc/.ssh/known_hosts:1
debug1: Encryption type: des
debug1: Sent encrypted session key.
Warning: use of DES is strongly discouraged due to cryptographic weaknesses
debug1: Installing crc compensation attack detector.
debug1: Received encrypted confirmation.
debug1: Doing password authentication.
pix@10.63.128.80'spassword:
debug1: Requesting pty.
debug1: Requesting shell.
debug1: Entering interactive session.
debug1: fd 0 clearing O_NONBLOCK
Type help or '?' for a list of available commands.
CallCentre> 永久解決方法 如果你不想每次都帶著一大串參數SSH,就需要重新生成一個合適的key,步驟如下: 登錄到PIX,可以用上面的方法ssh >enable
configure terminal
crypto key zeroize rsa 清除現存RSA KEY
crypto key generate rsa modulus 1024 noconfirm 生成新的RSA KEY 如果你在剛才使用上面的方式SSH登錄,那么現在你的機器中儲存的KEY將與PIX不符,SSH將會提示這樣的錯誤: @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
xx.xx.xx.xx
Please contact your system administrator.
Add correct host key in /home/skywalker/.ssh/known_hosts to get rid of this message.
Offending key in /home/skywalker/.ssh/known_hosts:5
RSA host key for Firewall’s IP has changed and you have requested strict checking.
Host key verification failed. 你必須首先在/.ssh/known_hosts中清除對應PIX的失效KEY ,如果不知道哪個KEY是PIX的,將known_hosts全部清除也沒有關系,只是在第一次登錄其他機器的時候,需要確認一次(yes/no)。 清除掉失效KEY后,ssh就可以正常登錄PIX了。
轉載于:https://blog.51cto.com/sunrc/255873
總結
以上是生活随笔為你收集整理的linux下ssh登录PIX防火墙的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 我的巧克力播放器
- 下一篇: 学习Unix/Linux编程要学些什么