[ https://issues.apache.org/jira/browse/GUACAMOLE-407?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Michael Jumper updated GUACAMOLE-407: ------------------------------------- Description: The version of libssh2 within CentOS 7 lacks support for the more-recent versions of SSH key exchange methods and MACs. As the [guacamole/guacd Docker image|https://hub.docker.com/r/guacamole/guacd/] uses CentOS 7, it also lacks this support. Currently, the following key exchange methods are supported: * diffie-hellman-group14-sha1 * diffie-hellman-group-exchange-sha1 * diffie-hellman-group1-sha1 and the following MACs are supported: * hmac-sha1,hmac-sha1-96 * hmac-md5,hmac-md5-96 * hmac-ripemd160 * hmac-ripemd...@openssh.com More recent libssh2 includes support for SHA2 and curve25519. See https://wiki.mozilla.org/Security/Guidelines/OpenSSH for more information and references. was: It seems that guacamole doesn't support any "modern" ssh crypto. The following key exchange methods are supported: * diffie-hellman-group14-sha1 * diffie-hellman-group-exchange-sha1 * diffie-hellman-group1-sha1 The following MACs are supported: * hmac-sha1,hmac-sha1-96 * hmac-md5,hmac-md5-96 * hmac-ripemd160 * hmac-ripemd...@openssh.com Guacamole SHOULD support modern crypto like SHA2 and curve25519, see https://wiki.mozilla.org/Security/Guidelines/OpenSSH for more information and references. > Support "modern" ssh crypto - only SHA1 is available > ---------------------------------------------------- > > Key: GUACAMOLE-407 > URL: https://issues.apache.org/jira/browse/GUACAMOLE-407 > Project: Guacamole > Issue Type: Improvement > Components: guacd-docker > Affects Versions: 0.9.13-incubating > Reporter: Sven Gottwald > > The version of libssh2 within CentOS 7 lacks support for the more-recent > versions of SSH key exchange methods and MACs. As the [guacamole/guacd Docker > image|https://hub.docker.com/r/guacamole/guacd/] uses CentOS 7, it also lacks > this support. > Currently, the following key exchange methods are supported: > * diffie-hellman-group14-sha1 > * diffie-hellman-group-exchange-sha1 > * diffie-hellman-group1-sha1 > and the following MACs are supported: > * hmac-sha1,hmac-sha1-96 > * hmac-md5,hmac-md5-96 > * hmac-ripemd160 > * hmac-ripemd...@openssh.com > More recent libssh2 includes support for SHA2 and curve25519. See > https://wiki.mozilla.org/Security/Guidelines/OpenSSH for more information and > references. -- This message was sent by Atlassian JIRA (v6.4.14#64029)