解决 macOS 连接 Oracle Cloud 控制台问题
在 macOS 14.3 连接 Oracle Cloud 的控制台,如果直接拷贝网页提供的连接命令,此时会提示 no matching host key type found
# ssh -o ProxyCommand='ssh -W %h:%p -p 443 ocid1.instanceconsoleconnection.oc1.ap-seoul-1.anuwgljryo5x33ac474hmssi6rdeyojcbebghmcatigqawamjjfb7himsjca@instance-console.ap-seoul-1.oci.oraclecloud.com' -N -L localhost:5900:ocid1.instance.oc1.ap-seoul-1.anuwgljryo5x33acw7aiq3oos6ktkb5aeqh4tpthifit4jpd2f2ataavelzq:5900 ocid1.instance.oc1.ap-seoul-1.anuwgljryo5x33acw7aiq3oos6ktkb5aeqh4tpthifit4jpd2f2ataavelzq
Unable to negotiate with 140.204.24.227 port 443: no matching host key type found. Their offer: ssh-rsa
kex_exchange_identification: Connection closed by remote host
Connection closed by UNKNOWN port 65535
查找了一下资料,需要添加 -o HostKeyAlgorithms=+ssh-rsa
,将网页端提供的指令进行修改,再次连接提示 Permission denied (publickey)
# ssh -o HostKeyAlgorithms=+ssh-rsa -o ProxyCommand='ssh -o HostKeyAlgorithms=+ssh-rsa -W %h:%p -p 443 ocid1.instanceconsoleconnection.oc1.ap-seoul-1.anuwgljryo5x33ac474hmssi6rdeyojcbebghmcatigqawamjjfb7himsjca@instance-console.ap-seoul-1.oci.oraclecloud.com' -N -L localhost:5900:ocid1.instance.oc1.ap-seoul-1.anuwgljryo5x33acw7aiq3oos6ktkb5aeqh4tpthifit4jpd2f2ataavelzq:5900 ocid1.instance.oc1.ap-seoul-1.anuwgljryo5x33acw7aiq3oos6ktkb5aeqh4tpthifit4jpd2f2ataavelzq
=================================================
IMPORTANT: Use a console connection to troubleshoot a malfunctioning instance. For normal operations, you should connect to the instance using a Secure Shell (SSH) or Remote Desktop connection. For steps, see https://docs.cloud.oracle.com/iaas/Content/Compute/Tasks/accessinginstance.htm
For more information about troubleshooting your instance using a console connection, see the documentation: https://docs.cloud.oracle.com/en-us/iaas/Content/Compute/References/serialconsole.htm#four
=================================================
ocid1.instanceconsoleconnection.oc1.ap-seoul-1.anuwgljryo5x33ac474hmssi6rdeyojcbebghmcatigqawamjjfb7himsjca@instance-console.ap-seoul-1.oci.oraclecloud.com: Permission denied (publickey).
kex_exchange_identification: Connection closed by remote host
Connection closed by UNKNOWN port 65535
看样子有正确连接上,但是不知道为什么自己提交的公钥无法连接,只能改成网页端提供的私钥,在指令中添加 -i 私钥文件路径
,再次连接提示 bad permissions
# ssh -i /Users/apple/Downloads/ssh-key-2024-02-24.key -o HostKeyAlgorithms=+ssh-rsa -o ProxyCommand='ssh -i /Users/apple/Downloads/ssh-key-2024-02-24.key -o HostKeyAlgorithms=+ssh-rsa -W %h:%p -p 443 ocid1.instanceconsoleconnection.oc1.ap-seoul-1.anuwgljryo5x33ac474hmssi6rdeyojcbebghmcatigqawamjjfb7himsjca@instance-console.ap-seoul-1.oci.oraclecloud.com' -N -L localhost:5900:ocid1.instance.oc1.ap-seoul-1.anuwgljryo5x33acw7aiq3oos6ktkb5aeqh4tpthifit4jpd2f2ataavelzq:5900 ocid1.instance.oc1.ap-seoul-1.anuwgljryo5x33acw7aiq3oos6ktkb5aeqh4tpthifit4jpd2f2ataavelzq
=================================================
IMPORTANT: Use a console connection to troubleshoot a malfunctioning instance. For normal operations, you should connect to the instance using a Secure Shell (SSH) or Remote Desktop connection. For steps, see https://docs.cloud.oracle.com/iaas/Content/Compute/Tasks/accessinginstance.htm
For more information about troubleshooting your instance using a console connection, see the documentation: https://docs.cloud.oracle.com/en-us/iaas/Content/Compute/References/serialconsole.htm#four
=================================================
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0755 for '/Users/apple/Downloads/ssh-key-2024-02-24.key' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for '/Users/apple/Downloads/ssh-key-2024-02-24.key' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "/Users/apple/Downloads/ssh-key-2024-02-24.key": bad permissions
ocid1.instanceconsoleconnection.oc1.ap-seoul-1.anuwgljryo5x33ac474hmssi6rdeyojcbebghmcatigqawamjjfb7himsjca@instance-console.ap-seoul-1.oci.oraclecloud.com: Permission denied (publickey).
kex_exchange_identification: Connection closed by remote host
Connection closed by UNKNOWN port 65535
看来 macOS 的 ssh 对于私钥有权限要求,执行一下 chmod 600 私钥文件路径
把私钥权限修改为 600
,再次连接提示 no mutual signature supported
# ssh -i /Users/apple/Downloads/ssh-key-2024-02-24.key -o HostKeyAlgorithms=+ssh-rsa -o ProxyCommand='ssh -i /Users/apple/Downloads/ssh-key-2024-02-24.key -o HostKeyAlgorithms=+ssh-rsa -W %h:%p -p 443 ocid1.instanceconsoleconnection.oc1.ap-seoul-1.anuwgljryo5x33ac474hmssi6rdeyojcbebghmcatigqawamjjfb7himsjca@instance-console.ap-seoul-1.oci.oraclecloud.com' -N -L localhost:5900:ocid1.instance.oc1.ap-seoul-1.anuwgljryo5x33acw7aiq3oos6ktkb5aeqh4tpthifit4jpd2f2ataavelzq:5900 ocid1.instance.oc1.ap-seoul-1.anuwgljryo5x33acw7aiq3oos6ktkb5aeqh4tpthifit4jpd2f2ataavelzq
=================================================
IMPORTANT: Use a console connection to troubleshoot a malfunctioning instance. For normal operations, you should connect to the instance using a Secure Shell (SSH) or Remote Desktop connection. For steps, see https://docs.cloud.oracle.com/iaas/Content/Compute/Tasks/accessinginstance.htm
For more information about troubleshooting your instance using a console connection, see the documentation: https://docs.cloud.oracle.com/en-us/iaas/Content/Compute/References/serialconsole.htm#four
=================================================
sign_and_send_pubkey: no mutual signature supported
ocid1.instanceconsoleconnection.oc1.ap-seoul-1.anuwgljryo5x33ac474hmssi6rdeyojcbebghmcatigqawamjjfb7himsjca@instance-console.ap-seoul-1.oci.oraclecloud.com: Permission denied (publickey).
kex_exchange_identification: Connection closed by remote host
Connection closed by UNKNOWN port 65535
再次查了一下资料,发现需要再添加 -o PubkeyAcceptedKeyTypes=+ssh-rsa
这个参数,修改指令后再次尝试连接,此时已经可以正常连接
# ssh -i /Users/apple/Downloads/ssh-key-2024-02-24.key -o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa -o ProxyCommand='ssh -i /Users/apple/Downloads/ssh-key-2024-02-24.key -o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa -W %h:%p -p 443 ocid1.instanceconsoleconnection.oc1.ap-seoul-1.anuwgljryo5x33ac474hmssi6rdeyojcbebghmcatigqawamjjfb7himsjca@instance-console.ap-seoul-1.oci.oraclecloud.com' -N -L localhost:5900:ocid1.instance.oc1.ap-seoul-1.anuwgljryo5x33acw7aiq3oos6ktkb5aeqh4tpthifit4jpd2f2ataavelzq:5900 ocid1.instance.oc1.ap-seoul-1.anuwgljryo5x33acw7aiq3oos6ktkb5aeqh4tpthifit4jpd2f2ataavelzq
=================================================
IMPORTANT: Use a console connection to troubleshoot a malfunctioning instance. For normal operations, you should connect to the instance using a Secure Shell (SSH) or Remote Desktop connection. For steps, see https://docs.cloud.oracle.com/iaas/Content/Compute/Tasks/accessinginstance.htm
For more information about troubleshooting your instance using a console connection, see the documentation: https://docs.cloud.oracle.com/en-us/iaas/Content/Compute/References/serialconsole.htm#four
=================================================
总算是连接成功了,总结一下:建议从网页下载私钥并且设置权限为 600
,然后在两个 ssh 后面添加 -i 私钥文件路径 -o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa
才可以正常连接。