docker-guacamole icon indicating copy to clipboard operation
docker-guacamole copied to clipboard

Published 20 hours ago verified publisher icon jwetzell

Missing Secure SSH Protocols

Open BlwAvg opened this issue 3 years ago • 1 comments

Describe Your Problem: This version of Guac only supports DSS and RSA protocols for SSH connectivity. This should be fixed in later versions of the guac 1.4.0 github. https://issues.apache.org/jira/browse/GUACAMOLE-1655

When trying to connect to a modern OS, like Ubuntu 2204 (Jammy), you are not able to connect via SSH.

Logs:

guacd[371]: ERROR: SSH handshake failed.

Screenshots: N/A

Environment:

  • Guacamole Version: 1.4.0
  • Operating System: Docker

BlwAvg avatar Aug 06 '22 16:08 BlwAvg

Hello All,

Yes, I found that the ECDSA is not supported, when connect SSH via ECDSA or ED25519, it's prompt up need input passphrase, however I haven't set passphrase , even I gen a Key need the passphrase and input the passphrase, it's not work

I view the SSH server log, there is no connection, mean the Guac haven't try to connect to the server when I switch to RSA it's work

How can I config the Guac to support ECDSA?

Thanks~~

yauyauwind avatar Aug 20 '22 02:08 yauyauwind

same problem here. can't connect ubuntu 2204.

seems like bullseye's libssh2 is a bit old (1.9.0) can't support more morden cypertypes.

I suggest using a more recent linux base image or upgrade libssh2 version in images.

libssh2

bullseye (libs): 1.9.0-2 bookworm (libs): 1.10.0-3 trixie (libs): 1.11.0-2 sid (libs): 1.11.0-2

and however, an temporary workaround here: https://www.reddit.com/r/linuxquestions/comments/ued2vq/apache_guacamole_cant_ssh_into_ubuntu_2204/

more doc's here: https://lists.apache.org/thread/wht9k7xwk05cjlp8nfokf72mp5mjy14p

cc to @jwetzell

boin avatar Sep 19 '23 12:09 boin

@boin Wish I could use a more recent base image easily, I will look into seeing if there is a way to get a newer version of libssh2 in though.

jwetzell avatar Sep 19 '23 13:09 jwetzell

Oh that's nice. I am not a java guy, I thounght maybe "from 9.0/jre11/temurin-jammy" ?

Anyway, thank you for the wonderful job to synology users.

Cheers

boin avatar Sep 19 '23 16:09 boin

@boin yeah the real problem is the version of Postgres. That can't be updated easily as it would require some sort of "auto migrate" or instructions for users on how to migrate their data folders. Kind of the big downside of trying to keep this image a drop in replacement of the old oznu image

jwetzell avatar Sep 19 '23 16:09 jwetzell

Running into this trying to connect to Unraid 6.12.3 via SSH.

Sep 29 18:54:21 Tower sshd[4245]: Connection from 10.0.10.107 port 45688 on 10.0.20.30 port 22 rdomain ""
Sep 29 18:54:21 Tower sshd[4245]: Unable to negotiate with 10.0.10.107 port 45688: no matching host key type found. Their offer: ssh-rsa,ssh-dss [preauth]

Judman avatar Sep 30 '23 02:09 Judman