问题回溯
由centos版本在线升级(CentOS Linux release 7.3.1611 (Core)升级到CentOS Linux release 7.5.1804 (Core) )
# yum -y update后出现的ssh连接报错expected key exchange group packet from server
很明显这个是ssh客户端报出来的,我们看看内核运行日志具体是什么错
# journalctl --unit sshd --no-pager
-- Logs begin at Sun 2018-07-08 15:54:48 CST, end at Sun 2018-07-08 16:06:32 CST. --
Jul 08 15:55:14 k8s-node-1 systemd[1]: Starting OpenSSH server daemon...
Jul 08 15:55:15 k8s-node-1 sshd[1358]: Server listening on 0.0.0.0 port 22.
Jul 08 15:55:15 k8s-node-1 systemd[1]: Started OpenSSH server daemon.
Jul 08 15:55:15 k8s-node-1 sshd[1358]: Server listening on :: port 22.
Jul 08 15:55:30 k8s-node-1 sshd[3845]: error: kex protocol error: type 30 seq 1 [preauth]
Jul 08 15:55:30 k8s-node-1 sshd[3845]: Connection closed by 192.168.176.1 port 59378 [preauth]
Jul 08 16:00:39 k8s-node-1 sshd[13923]: error: kex protocol error: type 30 seq 1 [preauth]
Jul 08 16:00:39 k8s-node-1 sshd[13923]: Connection closed by 192.168.176.1 port 59532 [preauth]
Jul 08 16:04:09 k8s-node-1 sshd[14571]: error: kex protocol error: type 30 seq 1 [preauth]
Jul 08 16:04:09 k8s-node-1 sshd[14571]: Connection closed by 192.168.176.1 port 59591 [preauth]
老外给出的经验:https://github.com/Studio3T/robomongo/issues/1125
在sshd-config文件添加
KexAlgorithms [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1重启sshd
的确ok!