dpwqicw157673 2019-07-10 10:01
浏览 705
已采纳

配置rclone以支持diffie-hellman-group-exchange-sha256 diffie-hellman-group-exchange-sha1

Some quick background. I use rclone to transfer data to a SFTP server. rclone is written in Golang and uses lib crypto under the hood. When we try to establish ssh connection to SFTP server, we get the error message

couldn't connect SSH: ssh: handshake failed: ssh: no common algorithm for key exchange; client offered: [curve25519-sha256@libssh.org ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 diffie-hellman-group14-sha1 diffie-hellman-group1-sha1], server offered: [diffie-hellman-group-exchange-sha256 diffie-hellman-group-exchange-sha1].

crypto lib has added the support for diffie-hellman-group-exchange-sha256 diffie-hellman-group-exchange-sha1 around 3 weeks ago, but needs to be opt-in. (See https://github.com/golang/crypto/commit/57b3e21c3d5606066a87e63cfe07ec6b9f0db000)

Obviously, the latest rclone version hasn’t opt-in those algorithms support yet. So the question is: Anyone know how to config rclone to opt-in algorithm support for diffie-hellman-group-exchange-sha256 diffie-hellman-group-exchange-sha1

  • 写回答

1条回答 默认 最新

  • 普通网友 2019-07-12 07:17
    关注

    We have managed to opt-in those algorithms support and submitted a PR here: https://github.com/ncw/rclone/pull/3341

    Note: since those algorithms are considered insecure, your also need to use the exisiting rclone flag --sftp-use-insecure-cipher to make them available for SSH handshake.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 如何获取APP内弹出的网址链接
  • ¥15 wifi 图标不见了 不知道怎么办 上不了网 变成小地球了
  • ¥50 STM32单片机传感器读取错误
  • ¥50 power BI 从Mysql服务器导入数据,但连接进去后显示表无数据
  • ¥15 (关键词-阻抗匹配,HFSS,RFID标签)
  • ¥50 sft下载大文阻塞卡死
  • ¥15 机器人轨迹规划相关问题
  • ¥15 word样式右侧翻页键消失
  • ¥15 springboot+vue 集成keycloak sso到阿里云
  • ¥15 win7系统进入桌面过一秒后突然黑屏