[
https://issues.apache.org/jira/browse/GUACAMOLE-1461?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mike Jumper updated GUACAMOLE-1461:
-----------------------------------
Description:
All previous versions are affected. I use the latest docker official image on
both guacamole and guacd.
Before I create this issue, I just searched the whole Jira here. Just found
some related issues like GUACAMOLE-703, GUACAMOLE-435, GUACAMOLE-1315,
GUACAMOLE-1052.
Security should be considered as a lifeline of such a widely-used remote
connection software. Every user will finally follow the libssh upgrade since
the distributions on their Linux machine did so.
The problem is that the `libssh2` library you've previously used only have 2
legacy and deprecated SSH host key algorithm support. However, since it's 2021
now, OpenSSH 8.8 on my Arch Linux, just dropped support of those algorithms
which already should be considered as unsafe.
It's so obvious that:
guacd supports:
!image-2021-11-18-14-26-03-940.png|width=100%!
What OpenSSH server offers:
!image-2021-11-18-14-27-02-502.png|width=100%!
The captured packaet is attached, check it please. (In this capture, SSH server
port is 22201)
was:
All previous versions are affected. I use the latest docker official image on
both guacamole and guacd.
Before I create this issue, I just searched the whole Jira here. Just found
some related issues like GUACAMOLE-703, GUACAMOLE-435, GUACAMOLE-1315,
GUACAMOLE-1052.
Security should be considered as a lifeline of such a widely-used remote
connection software. Every user will finally follow the libssh upgrade since
the distributions on their Linux machine did so.
The problem is that the `libssh2` library you've previously used only have 2
legacy and deprecated SSH host key algorithm support. However, since it's 2021
now, OpenSSH 8.8 on my Arch Linux, just dropped support of those algorithms
which already should be considered as unsafe.
It's so obvious that:
guacd supports:
!image-2021-11-18-14-26-03-940.png!
What OpenSSH server offers:
!image-2021-11-18-14-27-02-502.png!
The captured packaet is attached, check it please. (In this capture, SSH server
port is 22201)
> KEX failed when using SSH with relatively new SSH Server
> --------------------------------------------------------
>
> Key: GUACAMOLE-1461
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-1461
> Project: Guacamole
> Issue Type: Bug
> Components: guacd, guacd-docker, SSH
> Affects Versions: 1.3.0
> Reporter: Patrick Young
> Priority: Major
> Attachments: image-2021-11-18-14-26-03-940.png,
> image-2021-11-18-14-27-02-502.png, ssh-debug.pcap
>
>
> All previous versions are affected. I use the latest docker official image on
> both guacamole and guacd.
> Before I create this issue, I just searched the whole Jira here. Just found
> some related issues like GUACAMOLE-703, GUACAMOLE-435, GUACAMOLE-1315,
> GUACAMOLE-1052.
> Security should be considered as a lifeline of such a widely-used remote
> connection software. Every user will finally follow the libssh upgrade since
> the distributions on their Linux machine did so.
> The problem is that the `libssh2` library you've previously used only have 2
> legacy and deprecated SSH host key algorithm support. However, since it's
> 2021 now, OpenSSH 8.8 on my Arch Linux, just dropped support of those
> algorithms which already should be considered as unsafe.
> It's so obvious that:
> guacd supports:
> !image-2021-11-18-14-26-03-940.png|width=100%!
> What OpenSSH server offers:
> !image-2021-11-18-14-27-02-502.png|width=100%!
> The captured packaet is attached, check it please. (In this capture, SSH
> server port is 22201)
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
