Unity: Kan ikke bruke SSH til IP-adresse for enhetsadministrasjon, men brukergrensesnittpålogging fungerer

Summary: Kunden kan ikke bruke SSH til Unity Management IP, men kunden kan logge på brukergrensesnittet uten problemer. (Kan korrigeres av brukeren)

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

Brukeren kan logge på Unity over UI, men kan ikke koble til via SSH, feilen viser at ingen samsvarende nøkkelutvekslingsmetode ble funnet.

C:\Users\administrator>ssh <Unity mgmt IP>
Unable to negotiate with <Unity mgmt IP> port 22: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

Unity kjører kode 5.3 som allerede hadde fjernet alle sha1-nøkkelutvekslingsalgoritmer.

 

Cause

Kunden bruker en programvare kalt DBSAFER som en SSH-proxy for å kontrollere SSH-tilgangen fra klienten til Unity. Klienten oppretter en ssh-forbindelse med DBSAFER i stedet for Unity når ssh til Unity management IP. DBSAFER kjører en gammel openssh-versjon som bare støtter noen gamle kex-utvekslingsalgoritmer som ikke støttes av klienten.

"ssh -vvv <Unity mgmt IP">-utgangen viser at serveren kjører åpen SSH versjon 3.0, og den indikerer også DBSAFER versjon 2.30.205.

debug1: Local version string SSH-2.0-OpenSSH_for_Windows_9.5
debug1: Remote protocol version 2.0, remote software version OpenSSH_3.0 DBSAFER_2.30.205
debug1: compat_banner: match: OpenSSH_3.0 DBSAFER_2.30.205 pat OpenSSH_2.*,OpenSSH_3.0*,OpenSSH_3.1* compat 0x01200002

"ssh -vvv" -utgangen indikerer også at serveren bare støttet følgende gamle kex-algoritmer.

KEX-algoritmer: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com   <<<<<< client supported key exchange algorithms
debug2: host key algorithms: ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1  <<<<< server supported key exchange algorithms
debug2: host key algorithms: ssh-rsa,ssh-dss
debug2: ciphers ctos: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: ciphers stoc: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: MACs ctos: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: MACs stoc: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: compression ctos: none,zlib
debug2: compression stoc: none,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: (no match)
Unable to negotiate with 10.14.161.84 port 22: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

 

Resolution

  • Deaktiver DBSAFER eller konfigurer DBSAFER for å tillate klienten direkte ssh til Unity.
  • Oppgrader DBSAFER for å få den til å støtte sikrere SSH-algoritmer.

 

Affected Products

Dell EMC Unity
Article Properties
Article Number: 000306077
Article Type: Solution
Last Modified: 22 Apr 2025
Version:  2
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.