异常表现
com.jcraft.jsch.JSchException: Algorithm negotiation fail
at com.jcraft.jsch.Session.receive_kexinit(Session.java:595)
at com.jcraft.jsch.Session.connect(Session.java:325)
出现这个问题主要是客户端与服务器的算法不一致导致的,主要是ssh版本不一致
解决方案一
使用命令查看服务器支持的算法
ssh -vvv 目标机器ip再返回的结果中找到服务端的HostKeyAlgorithms和KexAlgorithms配置,如
HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss
KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
手动登陆实例主机,编辑ssh配置文件,注释掉原有的HostKeyAlgorithms和KexAlgorithms配置,把上一步找的配置粘贴进去
vi /etc/ssh/sshd_config重启sshd
systemctl restart sshd检查ssh运行状态是否成功重启,状态为running为正常
可以通过以下命令检查配置是否生效
ssh -o ProxyCommand="ncat --proxy {代理ip}:{代理port} --proxy-type socks5 --proxy-auth {代理账号}:{代理密码} %h %p" {目标主机ip} -vvv
