mac-系统升级到MacOS Mojave 10.14.1 后 ssh 登陆不了远程主机_mac升级后登录不了跳板机了是什么情况

使用ssh 登陆后，提示如下错误： 

$ ssh -i ./z_key_2010 -p 26 -v z@119.xx.xx.151 
OpenSSH_7.8p1, LibreSSL 2.7.3
debug1: Reading configuration data /Users/zyh/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 48: Applying options for *
debug1: Connecting to 119.xx.xx.151 [119.xx.xx.151] port 26.
debug1: Connection established.
debug1: identity file ./z_key_2010 type -1
debug1: identity file ./z_key_2010-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.8
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002
debug1: Authenticating to 119.xx.xx.151:26 as 'zyh'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:iejlGNnK3SkrDLu+OU1Z4U3tA3Q87yLU
debug1: Host '[119.xx.xx.151]:26' is known and matches the ECDSA host key.
debug1: Found key in /Users/z/.ssh/known_hosts:11
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: Skipping ssh-dss key ./z_key_2010 - not in PubkeyAcceptedKeyTypes
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Next authentication method: publickey
debug1: Trying private key: ./z_key_2010
Enter passphrase for key './z_key_2010': 
sign_and_send_pubkey: no mutual signature supported
debug1: No more authentication methods to try.
z@119.xx.xx.151: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

主要错误为：sign_and_send_pubkey: no mutual signature supported

原因：

MacOS升级10.14.1 后，SSH版本OpenSSH_7.9p1,不再支持dsa算法。使用iterm2远程免密登录跳板机（堡垒机）失败。 提示不支持相互签名。 

解决方法：
新的OpenSSH版本（7.0+）不推荐使用DSA密钥，默认情况下不使用DSA密钥（不在服务器或客户端上）。这些密钥不再被使用，因此如果可以，我建议尽可能使用RSA密钥。
如果确实需要使用DSA密钥，则需要在客户端配置中使用
PubKeyAcceptedKeyTypes+ssh-dss
应该将该行放入~/.ssh/config中

$ cat .ssh/config 
Host *
    PubkeyAcceptedKeyTypes=+ssh-dss

然后修改config的权限为600

chmode 600 ~/.ssh/config

再次登陆，已经成功了：

$ ssh -i .keys/2010/z_key_2010 -p 26 zyh@119.xx.xx.151
Last login: Thu Apr 18 09:14:45 2019 from 58.xx.xx.12

参考：

https://www.sunjs.com/article/detail/4e7d634c87d440d5913bb12b859b9505.html