[jira] [Commented] (GUACAMOLE-1461) Include libssh2 1.9.0 or later in guacd Docker image

Thu, 18 Nov 2021 00:51:29 -0800 


    [ 
https://issues.apache.org/jira/browse/GUACAMOLE-1461?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17445745#comment-17445745
 ] 

Patrick Young commented on GUACAMOLE-1461:
------------------------------------------

After a brief searching in libssh2 repo, I just found another interesting thing:

They've already supported ED25519 from 
[https://github.com/libssh2/libssh2/commit/03092292597ac601c3f9f0c267ecb145dda75e4e]
 , however it seems just public key and  private key, not host key. So ssh host 
key which generated using `ssh-ed25519` might also working. 

 

My client offers this to server:

server_host_key_algorithms string: 
rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519

 

So either `ecdsa-sha2-nistp256` or `ssh-ed25519` should work.

> Include libssh2 1.9.0 or later in guacd Docker image
> ----------------------------------------------------
>
>                 Key: GUACAMOLE-1461
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-1461
>             Project: Guacamole
>          Issue Type: Improvement
>          Components: guacd-docker
>            Reporter: Patrick Young
>            Priority: Major
>         Attachments: CleanShot 2021-11-18 at [email protected], 
> image-2021-11-18-14-26-03-940.png, image-2021-11-18-14-27-02-502.png, 
> ssh-debug.pcap
>
>
> libssh2 has recently grown support for elliptic curve cryptography, including 
> support for elliptic curve KEX algorithms. The current guacd Docker image 
> doesn't inherit this support, however, because it uses Debian Buster as its 
> base image. To have access to a newer libssh2, the guacd image will need to 
> use at least Debian Bullseye.
> It may be worth updating the image to simply point at Debian stable, assuming 
> there is no longer any issue with the FreeRDP version included by that 
> version of Debian. Meanwhile, the Jenkins build that performs nightly 
> rebuilds of the established Docker images for the previous release can simply 
> be updated to point to Debian Bullseye with its build args and thus magically 
> become up-to-date.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Reply via email to