[
https://issues.apache.org/jira/browse/GUACAMOLE-1461?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17446260#comment-17446260
]
Patrick Young commented on GUACAMOLE-1461:
------------------------------------------
Wait a minute... First of First, Let us just keep FreeRDP out of the scope of
this issue. Upgrading libssh2 is not a working solution here (although broke
FreeRDP also). libssh2 indeed added the support for both ECDSA and ED25519,
however, why it does not offer corresponding algorithm in the handshake packet?
That is our original and most basic problem.
> Include libssh2 1.9.0 or later in guacd Docker image
> ----------------------------------------------------
>
> Key: GUACAMOLE-1461
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-1461
> Project: Guacamole
> Issue Type: Improvement
> Components: guacd-docker
> Reporter: Patrick Young
> Priority: Major
> Attachments: CleanShot 2021-11-18 at [email protected],
> image-2021-11-18-14-26-03-940.png, image-2021-11-18-14-27-02-502.png,
> ssh-debug.pcap
>
>
> libssh2 has recently grown support for elliptic curve cryptography, including
> support for elliptic curve KEX algorithms. The current guacd Docker image
> doesn't inherit this support, however, because it uses Debian Buster as its
> base image. To have access to a newer libssh2, the guacd image will need to
> use at least Debian Bullseye.
> It may be worth updating the image to simply point at Debian stable, assuming
> there is no longer any issue with the FreeRDP version included by that
> version of Debian. Meanwhile, the Jenkins build that performs nightly
> rebuilds of the established Docker images for the previous release can simply
> be updated to point to Debian Bullseye with its build args and thus magically
> become up-to-date.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
