[
https://issues.apache.org/jira/browse/GUACAMOLE-1461?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17446644#comment-17446644
]
Mike Jumper commented on GUACAMOLE-1461:
----------------------------------------
{quote}
Let us just keep FreeRDP out of the scope of this issue.
{quote}
With respect to updating the established image, all existing functionality has
to be maintained. If the existing image cannot be rebuilt such that a newer
libssh2 is present without breaking other functionality like the RDP support,
then the only path forward for _the Docker image_ is updates to the image
itself. To that end, there is GUACAMOLE-1447.
If you need this functionality now, you already have it - all you need is a
distro that has libssh2 1.10.0. If you build guacamole-server on a platform
that has libssh2 1.10.0, you will have the needed support. The Docker image
can't necessarily be updated such that this is there, but that doesn't have to
hold you back.
{quote}
... why it does not offer corresponding algorithm in the handshake packet?
{quote}
I believe that libssh2 1.10.0 does include the algorithm in the handshake. If
it does not, this still is not something Guacamole can handle externally to the
library - it's something the library (thankfully) takes care of and abstracts
from downstream usage of the library. If that truly is the behavior of libssh2
1.10.0, that would presumably be a bug in libssh2, but I do not believe that is
the case for their latest release; everything with the latest libssh2 is
working beautifully, hence the closure of the previously-proposed migration to
a different SSH library.
> Include libssh2 1.9.0 or later in guacd Docker image
> ----------------------------------------------------
>
> Key: GUACAMOLE-1461
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-1461
> Project: Guacamole
> Issue Type: Improvement
> Components: guacd-docker
> Reporter: Patrick Young
> Priority: Major
> Attachments: CleanShot 2021-11-18 at [email protected],
> image-2021-11-18-14-26-03-940.png, image-2021-11-18-14-27-02-502.png,
> ssh-debug.pcap
>
>
> libssh2 has recently grown support for elliptic curve cryptography, including
> support for elliptic curve KEX algorithms. The current guacd Docker image
> doesn't inherit this support, however, because it uses Debian Buster as its
> base image. To have access to a newer libssh2, the guacd image will need to
> use at least Debian Bullseye.
> It may be worth updating the image to simply point at Debian stable, assuming
> there is no longer any issue with the FreeRDP version included by that
> version of Debian. Meanwhile, the Jenkins build that performs nightly
> rebuilds of the established Docker images for the previous release can simply
> be updated to point to Debian Bullseye with its build args and thus magically
> become up-to-date.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
