由于存在, SSH 无法连接到节点 HMAC-ripemd160 和 / 或 HMAC-ripemd160-ETM MAC 算法
适用于
- ONTAP 9.8RC1
- 从 ONTAP 9.3 -9.7 升级到 9.8RC1
问题描述
升级到 ONTAP 9.8 后,无法通过 SSH 连接到集群管理端口。
- SSH 客户端发出以下错误消息:
ssh_exchange_identification: Connection closed by remote host- 验证已配置的算法
::*> security ssh show -vserver vserer_name Vserver: vserver_name Key Exchange Algorithms: diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, curve25519-sha256 Ciphers: aes256-ctr, aes192-ctr, aes128-ctr, aes256-cbc, aes192-cbc, aes128-cbc, 3des-cbc, aes128-gcm, aes256-gcm MAC Algorithms: hmac-sha1, hmac-sha1-96, hmac-sha2-256, hmac-sha2-512, hmac-sha1-etm, hmac-sha1-96-etm, hmac-sha2-256-etm, hmac-sha2-512-etm, hmac-md5, hmac-md5-96, hmac-ripemd160, umac-64, umac-128, hmac-md5-etm, hmac-md5-96-etm, hmac-ripemd160-etm, umac-64-etm, umac-128-etm Max Authentication Retry Count: 6
messages.log.gz 日志(可从 Active IQ 数字顾问查看)
- 单击 此处 访问 Active IQ 数字顾问
00000003.00002274 00016d74 Sun Nov 08 2020 14:09:20 +05:30 [auth:CRITICAL] 1 2020-11-08T14:09:20.816189+05:30 cluster1-01 sshd 21372 - - fatal: /etc/ssh/sshd_config line 102: Bad SSH2 mac spec 'hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-sha1-etm@openssh.com, hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-64@openssh.com, umac-128@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com, hmac-ripemd160,hmac-ripemd160@openssh.com'.- 此消息包含
"hmac-ripemd160" 或"hmac-ripemd160-etm",这两者均不受支持。