[jira] [Updated] (GUACAMOLE-407) Support "modern" ssh crypto - only SHA1 is available

Mon, 09 Oct 2017 15:02:30 -0700 

     [ 
https://issues.apache.org/jira/browse/GUACAMOLE-407?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Jumper updated GUACAMOLE-407:
-------------------------------------
    Description: 
The version of libssh2 within CentOS 7 lacks support for the more-recent 
versions of SSH key exchange methods and MACs. As the [guacamole/guacd Docker 
image|https://hub.docker.com/r/guacamole/guacd/] uses CentOS 7, it also lacks 
this support.

Currently, the following key exchange methods are supported:

* diffie-hellman-group14-sha1
* diffie-hellman-group-exchange-sha1
* diffie-hellman-group1-sha1

and the following MACs are supported:

* hmac-sha1,hmac-sha1-96
* hmac-md5,hmac-md5-96
* hmac-ripemd160
* hmac-ripemd...@openssh.com

More recent libssh2 includes support for SHA2 and curve25519. See 
https://wiki.mozilla.org/Security/Guidelines/OpenSSH for more information and 
references.

  was:
It seems that guacamole doesn't support any "modern" ssh crypto.

The following key exchange methods are supported:
* diffie-hellman-group14-sha1
* diffie-hellman-group-exchange-sha1
* diffie-hellman-group1-sha1

The following MACs are supported:
* hmac-sha1,hmac-sha1-96
* hmac-md5,hmac-md5-96
* hmac-ripemd160
* hmac-ripemd...@openssh.com

Guacamole SHOULD support modern crypto like SHA2 and curve25519, see 
https://wiki.mozilla.org/Security/Guidelines/OpenSSH for more information and 
references.


> Support "modern" ssh crypto - only SHA1 is available
> ----------------------------------------------------
>
>                 Key: GUACAMOLE-407
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-407
>             Project: Guacamole
>          Issue Type: Improvement
>          Components: guacd-docker
>    Affects Versions: 0.9.13-incubating
>            Reporter: Sven Gottwald
>
> The version of libssh2 within CentOS 7 lacks support for the more-recent 
> versions of SSH key exchange methods and MACs. As the [guacamole/guacd Docker 
> image|https://hub.docker.com/r/guacamole/guacd/] uses CentOS 7, it also lacks 
> this support.
> Currently, the following key exchange methods are supported:
> * diffie-hellman-group14-sha1
> * diffie-hellman-group-exchange-sha1
> * diffie-hellman-group1-sha1
> and the following MACs are supported:
> * hmac-sha1,hmac-sha1-96
> * hmac-md5,hmac-md5-96
> * hmac-ripemd160
> * hmac-ripemd...@openssh.com
> More recent libssh2 includes support for SHA2 and curve25519. See 
> https://wiki.mozilla.org/Security/Guidelines/OpenSSH for more information and 
> references.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to