Patrick Young created GUACAMOLE-1461:
----------------------------------------
Summary: KEX failed when using SSH with relatively new SSH Server
Key: GUACAMOLE-1461
URL: https://issues.apache.org/jira/browse/GUACAMOLE-1461
Project: Guacamole
Issue Type: Bug
Components: guacd, guacd-docker, SSH
Reporter: Patrick Young
Attachments: image-2021-11-18-14-26-03-940.png,
image-2021-11-18-14-27-02-502.png, ssh-debug.pcap
All previous versions are affected.
Before I create this issue, I just searched the whole Jira here. Just found
some related issues like GUACAMOLE-703, GUACAMOLE-435, GUACAMOLE-1315,
GUACAMOLE-1052.
Everything you've done before is just ignored all of your users.
Security should be considered as a lifeline of such a widely-used remote
connection software. Every user will finally follow the libssh upgrade since
the distributions on their Linux machine did so.
The problem is that the `libssh2` library you've previously used only have 2
legacy and deprecated SSH host key algorithm support. However, since it's 2021
now, OpenSSH 8.8 on my Arch Linux, just dropped support of those algorithms
which already should be considered as unsafe.
It's so obvious that:
guacd supports:
!image-2021-11-18-14-26-03-940.png!
What OpenSSH server offers:
!image-2021-11-18-14-27-02-502.png!
The captured packaet is attached, check it please. (In this capture, SSH server
port is 22201)
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
