[
https://issues.apache.org/jira/browse/GUACAMOLE-1461?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mike Jumper reopened GUACAMOLE-1461:
------------------------------------
> KEX failed when using SSH with relatively new SSH Server
> --------------------------------------------------------
>
> Key: GUACAMOLE-1461
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-1461
> Project: Guacamole
> Issue Type: Bug
> Components: guacd, guacd-docker, SSH
> Affects Versions: 1.3.0
> Reporter: Patrick Young
> Priority: Major
> Attachments: image-2021-11-18-14-26-03-940.png,
> image-2021-11-18-14-27-02-502.png, ssh-debug.pcap
>
>
> All previous versions are affected. I use the latest docker official image on
> both guacamole and guacd.
> Before I create this issue, I just searched the whole Jira here. Just found
> some related issues like GUACAMOLE-703, GUACAMOLE-435, GUACAMOLE-1315,
> GUACAMOLE-1052.
> Security should be considered as a lifeline of such a widely-used remote
> connection software. Every user will finally follow the libssh upgrade since
> the distributions on their Linux machine did so.
> The problem is that the `libssh2` library you've previously used only have 2
> legacy and deprecated SSH host key algorithm support. However, since it's
> 2021 now, OpenSSH 8.8 on my Arch Linux, just dropped support of those
> algorithms which already should be considered as unsafe.
> It's so obvious that:
> guacd supports:
> !image-2021-11-18-14-26-03-940.png|width=100%!
> What OpenSSH server offers:
> !image-2021-11-18-14-27-02-502.png|width=100%!
> The captured packaet is attached, check it please. (In this capture, SSH
> server port is 22201)
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
