當(dāng)前位置:
首頁(yè) >
linux下ssh登录PIX防火墙
發(fā)布時(shí)間:2025/7/14
37
豆豆
生活随笔
收集整理的這篇文章主要介紹了
linux下ssh登录PIX防火墙
小編覺(jué)得挺不錯(cuò)的,現(xiàn)在分享給大家,幫大家做個(gè)參考.
臨時(shí)解決方法 用ssh -v -1 -c des參數(shù)連接 ssh -v -1 -c des pix@10.63.128.80
OpenSSH_4.7p1 Debian-8ubuntu1.2, OpenSSL 0.9.8g 19 Oct 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 10.63.128.80 [10.63.128.80] port 22.
debug1: Connection established.
debug1: identity file /home/sunrc/.ssh/identity type -1
debug1: Remote protocol version 1.5, remote software version Cisco-1.25
debug1: no match: Cisco-1.25
debug1: Local version string SSH-1.5-OpenSSH_4.7p1 Debian-8ubuntu1.2
debug1: Waiting for server public key.
debug1: Received server public key (768 bits) and host key (2048 bits).
debug1: Host '10.63.128.80' is known and matches the RSA1 host key.
debug1: Found key in /home/sunrc/.ssh/known_hosts:1
debug1: Encryption type: des
debug1: Sent encrypted session key.
Warning: use of DES is strongly discouraged due to cryptographic weaknesses
debug1: Installing crc compensation attack detector.
debug1: Received encrypted confirmation.
debug1: Doing password authentication.
pix@10.63.128.80'spassword:
debug1: Requesting pty.
debug1: Requesting shell.
debug1: Entering interactive session.
debug1: fd 0 clearing O_NONBLOCK
Type help or '?' for a list of available commands.
CallCentre> 永久解決方法 如果你不想每次都帶著一大串參數(shù)SSH,就需要重新生成一個(gè)合適的key,步驟如下: 登錄到PIX,可以用上面的方法ssh >enable
configure terminal
crypto key zeroize rsa 清除現(xiàn)存RSA KEY
crypto key generate rsa modulus 1024 noconfirm 生成新的RSA KEY 如果你在剛才使用上面的方式SSH登錄,那么現(xiàn)在你的機(jī)器中儲(chǔ)存的KEY將與PIX不符,SSH將會(huì)提示這樣的錯(cuò)誤: @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
xx.xx.xx.xx
Please contact your system administrator.
Add correct host key in /home/skywalker/.ssh/known_hosts to get rid of this message.
Offending key in /home/skywalker/.ssh/known_hosts:5
RSA host key for Firewall’s IP has changed and you have requested strict checking.
Host key verification failed. 你必須首先在/.ssh/known_hosts中清除對(duì)應(yīng)PIX的失效KEY ,如果不知道哪個(gè)KEY是PIX的,將known_hosts全部清除也沒(méi)有關(guān)系,只是在第一次登錄其他機(jī)器的時(shí)候,需要確認(rèn)一次(yes/no)。 清除掉失效KEY后,ssh就可以正常登錄PIX了。
OpenSSH_4.7p1 Debian-8ubuntu1.2, OpenSSL 0.9.8g 19 Oct 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 10.63.128.80 [10.63.128.80] port 22.
debug1: Connection established.
debug1: identity file /home/sunrc/.ssh/identity type -1
debug1: Remote protocol version 1.5, remote software version Cisco-1.25
debug1: no match: Cisco-1.25
debug1: Local version string SSH-1.5-OpenSSH_4.7p1 Debian-8ubuntu1.2
debug1: Waiting for server public key.
debug1: Received server public key (768 bits) and host key (2048 bits).
debug1: Host '10.63.128.80' is known and matches the RSA1 host key.
debug1: Found key in /home/sunrc/.ssh/known_hosts:1
debug1: Encryption type: des
debug1: Sent encrypted session key.
Warning: use of DES is strongly discouraged due to cryptographic weaknesses
debug1: Installing crc compensation attack detector.
debug1: Received encrypted confirmation.
debug1: Doing password authentication.
pix@10.63.128.80'spassword:
debug1: Requesting pty.
debug1: Requesting shell.
debug1: Entering interactive session.
debug1: fd 0 clearing O_NONBLOCK
Type help or '?' for a list of available commands.
CallCentre> 永久解決方法 如果你不想每次都帶著一大串參數(shù)SSH,就需要重新生成一個(gè)合適的key,步驟如下: 登錄到PIX,可以用上面的方法ssh >enable
configure terminal
crypto key zeroize rsa 清除現(xiàn)存RSA KEY
crypto key generate rsa modulus 1024 noconfirm 生成新的RSA KEY 如果你在剛才使用上面的方式SSH登錄,那么現(xiàn)在你的機(jī)器中儲(chǔ)存的KEY將與PIX不符,SSH將會(huì)提示這樣的錯(cuò)誤: @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
xx.xx.xx.xx
Please contact your system administrator.
Add correct host key in /home/skywalker/.ssh/known_hosts to get rid of this message.
Offending key in /home/skywalker/.ssh/known_hosts:5
RSA host key for Firewall’s IP has changed and you have requested strict checking.
Host key verification failed. 你必須首先在/.ssh/known_hosts中清除對(duì)應(yīng)PIX的失效KEY ,如果不知道哪個(gè)KEY是PIX的,將known_hosts全部清除也沒(méi)有關(guān)系,只是在第一次登錄其他機(jī)器的時(shí)候,需要確認(rèn)一次(yes/no)。 清除掉失效KEY后,ssh就可以正常登錄PIX了。
轉(zhuǎn)載于:https://blog.51cto.com/sunrc/255873
總結(jié)
以上是生活随笔為你收集整理的linux下ssh登录PIX防火墙的全部?jī)?nèi)容,希望文章能夠幫你解決所遇到的問(wèn)題。
- 上一篇: 我的巧克力播放器
- 下一篇: 学习Unix/Linux编程要学些什么