workspaces-issues icon indicating copy to clipboard operation
workspaces-issues copied to clipboard
verified publisher icon kasmtech

[Bug] - SSH not being able to connect on modern OpenSSH servers

Open maltesermailo opened this issue 10 months ago • 2 comments

Existing Resources

  • [X] Please search the existing issues for related problems
  • [X] Consult the product documentation : Docs
  • [X] Consult the FAQ : FAQ
  • [X] Consult the Troubleshooting Guide : Guide
  • [x] Reviewed existing training videos: Youtube

Describe the bug When using SSH to connect to a Server, I get an "Invalid credentials" error. Looking at my auth.log for OpenSSH, I see a failed connection attempt from a Docker container that has been trying to use the outdated "ssh-rsa" signature algorithm.

"userauth_pubkey: signature algorithm ssh-rsa not in PubkeyAcceptedAlgorithms"

To Reproduce

  • Create Fixed Infrastructure Server with SSH Private Key using the required SSH algorithm
  • Try to connect to session with modern SSH servers and PubkeyAcceptedAlgorithms at default.
  • Execute "tail -f /var/log/auth.log"

Expected behavior A successful connection to the Terminal

Screenshots

  • Not needed

Workspaces Version Version 1.16.1 Workspaces Installation Method Single Server

Client Browser (please complete the following information):

  • OS: Windows
  • Browser: Firefox
  • Version: 135.0.1

Workspace Server Information (please provide the output of the following commands):

  • uname -a: Linux v220200727885123227 6.8.0-51-generic #52-Ubuntu SMP PREEMPT_DYNAMIC Thu Dec 5 13:09:44 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
  • cat /etc/os-release: "PRETTY_NAME="Ubuntu 24.04.2 LTS" NAME="Ubuntu" VERSION_ID="24.04" VERSION="24.04.2 LTS (Noble Numbat)" VERSION_CODENAME=noble ID=ubuntu ID_LIKE=debian HOME_URL="https://www.ubuntu.com/" SUPPORT_URL="https://help.ubuntu.com/" BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/" PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" UBUNTU_CODENAME=noble LOGO=ubuntu-logo "
  • sudo docker info: Client: Docker Engine - Community Version: 28.0.0 Context: default Debug Mode: false Plugins: buildx: Docker Buildx (Docker Inc.) Version: v0.21.0 Path: /usr/libexec/docker/cli-plugins/docker-buildx compose: Docker Compose (Docker Inc.) Version: v2.2.3 Path: /usr/local/lib/docker/cli-plugins/docker-compose

Server: Containers: 37 Running: 37 Paused: 0 Stopped: 0 Images: 41 Server Version: 28.0.0 Storage Driver: overlay2 Backing Filesystem: extfs Supports d_type: true Using metacopy: false Native Overlay Diff: true userxattr: false Logging Driver: json-file Cgroup Driver: systemd Cgroup Version: 2 Plugins: Volume: local Network: bridge host ipvlan kasmweb/sidecar:1.1 macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog Swarm: inactive Runtimes: io.containerd.runc.v2 runc Default Runtime: runc Init Binary: docker-init containerd version: bcc810d6b9066471b0b6fa75f557a15a1cbf31bb runc version: v1.2.4-0-g6c52b3f init version: de40ad0 Security Options: apparmor seccomp Profile: builtin cgroupns Kernel Version: 6.8.0-51-generic Operating System: Ubuntu 24.04.2 LTS OSType: linux Architecture: x86_64 CPUs: 6 Total Memory: 15.62GiB Name: redacted ID: redacted Docker Root Dir: /var/lib/docker Debug Mode: false Username: redacted Experimental: false Insecure Registries: ::1/128 127.0.0.0/8 Live Restore Enabled: false

  • sudo docker ps | grep kasm: 6c1287722b4f kasmweb/proxy:1.16.1 "/docker-entrypoint.…" 2 hours ago Up 2 hours 80/tcp, 0.0.0.0:8444->8444/tcp, [::]:8444->8444/tcp kasm_proxy 2ed9fa6e0f81 kasmweb/rdp-https-gateway:1.16.1 "/opt/rdpgw/rdpgw" 2 hours ago Up 2 hours (healthy) kasm_rdp_https_gateway 20afbcbd2dde kasmweb/share:1.16.1 "/bin/sh -c '/usr/bi…" 2 hours ago Up 2 hours (healthy) 8182/tcp kasm_share 3a23241cb754 kasmweb/rdp-gateway:1.16.1 "/start.sh" 2 hours ago Up 2 hours (healthy) 0.0.0.0:3389->3389/tcp, [::]:3389->3389/tcp kasm_rdp_gateway d15c889aba9d kasmweb/agent:1.16.1 "/bin/sh -c '/usr/bi…" 2 hours ago Up 2 hours (healthy) 4444/tcp kasm_agent ac86ee9bc76a kasmweb/manager:1.16.1 "/usr/bin/startup.sh…" 2 hours ago Up 2 hours (healthy) 8181/tcp kasm_manager 62c791f0c7d5 kasmweb/api:1.16.1 "/bin/sh -c '/usr/bi…" 2 hours ago Up 2 hours (healthy) 8080/tcp kasm_api 910eb324a6b4 kasmweb/kasm-guac:1.16.1 "/dockerentrypoint.sh" 2 hours ago Up 2 hours (healthy) kasm_guac 440106736c80 redis:5-alpine "docker-entrypoint.s…" 2 hours ago Up 2 hours 6379/tcp kasm_redis 889ea3c6901d postgres:14-alpine "docker-entrypoint.s…" 2 hours ago Up 2 hours (healthy) 5432/tcp kasm_db

Additional context Add any other context about the problem here.

maltesermailo avatar Feb 23 '25 17:02 maltesermailo

I also have this problem. We need to be able to connect through ssh to our machines. Is there a fix on this problem?

hiroi-p avatar Apr 22 '25 12:04 hiroi-p

I believe the workaround for now is to update your sshd_config with the following and restart the services

HostKeyAlgorithms +ssh-rsa
PubkeyAcceptedKeyTypes +ssh-rsa

https://kasmweb.com/docs/latest/guide/compute/servers.html#authentication-options-when-connecting-to-an-ssh-server

We are tracking this limitation and hope to provide a fix in the future

j-travis avatar Apr 22 '25 13:04 j-travis