OpenWRT 默认使用的是 Dropbear SSH 服务器,macOS 上的 SSH 默认是 OpenSSH,它们使用的密钥格式不同。
Dropbear 可以使用 OpenSSH 格式的公钥(id_rsa.pub),但是如果在 macOS 上直接使用 ssh 连接会报错:
$ ssh [email protected]
Unable to negotiate with 172.20.10.1 port 22: no matching host key type found. Their offer: ssh-rsa
具体报错原因可以查看 OpenSSH 的更新日志: https://www.openssh.com/txt/release-8.8
This release disables RSA signatures using the SHA-1 hash algorithm by default. This change has been made as the SHA-1 hash algorithm is cryptographically broken, and it is possible to create chosen-prefix hash collisions for <USD$50K [1]
For most users, this change should be invisible and there is no need to replace ssh-rsa keys. OpenSSH has supported RFC8332 RSA/SHA-256/512 signatures since release 7.2 and existing ssh-rsa keys will automatically use the stronger algorithm where possible.
Incompatibility is more likely when connecting to older SSH implementations that have not been upgraded or have not closely tracked improvements in the SSH protocol. For these cases, it may be necessary to selectively re-enable RSA/SHA1 to allow connection and/or user authentication via the HostkeyAlgorithms and PubkeyAcceptedAlgorithms options. For example, the following stanza in ~/.ssh/config will enable RSA/SHA1 for host and user authentication for a single destination host:
Host old-host HostkeyAlgorithms +ssh-rsa PubkeyAcceptedAlgorithms +ssh-rsa
We recommend enabling RSA/SHA1 only as a stopgap measure until legacy implementations can be upgraded or reconfigured with another key type (such as ECDSA or Ed25519).
简单的说就是 OpenWRT 里的 Dropbear 只认新格式的密钥,客户端如果是旧版本的密钥不能直接使用。 解决方法是客户端登录的时候添加两个参数:
ssh -oHostKeyAlgorithms=+ssh-rsa \
-oPubkeyAcceptedAlgorithms=+ssh-rsa -i ~/.ssh/id_rsa \
[email protected]
再登录就没有问题了。
最后,推荐使用更安全的算法生成新的 SSH Key,就不需要上面的命令了:
ssh-keygen -t ed25519 -C "[email protected]"