一些快速背景知识。我使用rclone将数据传输到SFTP服务器。 rclone用Golang编写,在后台使用lib crypto。当我们尝试建立与SFTP服务器的SSH连接时,会收到错误消息
无法连接SSH:ssh:握手失败:ssh:没有通用算法 用于密钥交换;提供的客户端:[curve25519-sha256@libssh.org ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 diffie-hellman-group14-sha1],服务器 提供:[diffie-hellman-group-exchange-sha256 diffie-hellman-group-exchange-sha1]。
crypto lib已在3周前添加了对diffie-hellman-group-exchange-sha256 diffie-hellman-group-exchange-sha1的支持,但需要选择加入。 (请参见https://github.com/golang/crypto/commit/57b3e21c3d5606066a87e63cfe07ec6b9f0db000)
很明显,最新的rclone版本尚未选择加入那些算法支持。因此,问题是:任何人都知道如何配置rclone以选择加入diffie-hellman-group-exchange-sha256 diffie-hellman-group-exchange-sha1
答案 0 :(得分:1)
我们设法选择了这些算法支持,并在此处提交了PR:https://github.com/ncw/rclone/pull/3341
注意:由于这些算法被认为是不安全的,因此您还需要使用现有的rclone标志--sftp-use-insecure-cipher使其可用于SSH握手。
答案 1 :(得分:0)
交互式 rclone config 现在也提供启用不安全密码:
Enable the use of insecure ciphers and key exchange methods.
This enables the use of the following insecure ciphers and key exchange methods:
- aes128-cbc
- aes192-cbc
- aes256-cbc
- 3des-cbc
- diffie-hellman-group-exchange-sha256
- diffie-hellman-group-exchange-sha1
Those algorithms are insecure and may allow plaintext data to be recovered by an attacker.
Enter a boolean value (true or false). Press Enter for the default ("false").
Choose a number from below, or type in your own value
1 / Use default Cipher list.
\ "false"
2 / Enables the use of the aes128-cbc cipher and diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1 key exchange.
\ "true"
use_insecure_cipher> 2