paramiko Incompatible ssh peer (no acceptable kex algorithm)

后端 未结 7 1518
醉梦人生
醉梦人生 2020-12-29 04:10

I\'m getting the following error when trying to ssh to a Cisco ACS device using the paramiko library. I\'ve used paramiko in python without issue, and I can ssh to this box

7条回答
  •  孤城傲影
    2020-12-29 05:12

    That error is in a situation where your version of paramiko does not support the key exchange algorithms that is using the device you want to connect.

    ssh.connect('10.119.94.8', 22, username="user",password='passwor')
    t = ssh.get_transport()
    so = t.get_security_options()
    so.kex
    ('diffie-hellman-group1-sha1', 'diffie-hellman-group-exchange-sha1')
    so.ciphers
    ('aes128-ctr', 'aes256-ctr', 'aes128-cbc', 'blowfish-cbc', 'aes256-cbc', '3des-cbc', 'arcfour128', 'arcfour256')
    paramiko.__version__
    '1.10.1'
    

    In the paramiko logs you can see the key exchange algos of your connection.

    DEB paramiko.transport: starting thread (client mode): 0x11897150L
    INF paramiko.transport: Connected (version 2.0, client OpenSSH_7.2)
    DEB paramiko.transport: kex algos:['diffie-hellman-group14-sha1', 'ecdh-sha2-nistp256', 'ecdh-sha2-nistp384'] server key:['ssh-rsa'] client encrypt:['aes128-ctr', 'aes256-ctr'] server encrypt:['aes128-ctr', 'aes256-ctr'] client mac:['hmac-sha1'] server mac:['hmac-sha1'] client compress:['none', 'zlib@openssh.com'] server compress:['none', 'zlib@openssh.com'] client lang:[''] server lang:[''] kex follows?False
    ERR paramiko.transport: Exception: Incompatible ssh peer (no acceptable kex algorithm)
    ERR paramiko.transport: Traceback (most recent call last):
    ERR paramiko.transport:     raise SSHException('Incompatible ssh peer (no acceptable kex algorithm)')
    ERR paramiko.transport: SSHException: Incompatible ssh peer (no acceptable kex algorithm)
    

    So I recommend to upgrade to a recent paramiko version, for example 2.4.2 for 2018. In this version is supported sha1 and sha2 for key exchange algorithms.

    >>> ssh.connect("hostdev",22,username="user",password="pass")
    >>> transport1=ssh.get_transport()
    >>> so=transport1.get_security_options()
    >>> so.kex
    ('ecdh-sha2-nistp256', 'ecdh-sha2-nistp384', 'ecdh-sha2-nistp521', 'diffie-hellman-group-exchange-sha256', 'diffie-hellman-group-exchange-sha1', 'diffie-hellman-group14-sha1', 'diffie-hellman-group1-sha1')
    >>> 
    >>> so.ciphers
    ('aes128-ctr', 'aes192-ctr', 'aes256-ctr', 'aes128-cbc', 'aes192-cbc', 'aes256-cbc', 'blowfish-cbc', '3des-cbc')
    >>> 
    >>> print paramiko.__version__
    2.4.2
    

提交回复
热议问题