[
https://issues.apache.org/jira/browse/GUACAMOLE-1619?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17652979#comment-17652979
]
Nick Couchman commented on GUACAMOLE-1619:
------------------------------------------
[~nunnsby]:
1. This particular issue is closed as Invalid because it is based on upstream
support, not on Guacamole.
2. Changes were made in the not-too-distant past to build the
guacamole-server/guacd Docker image against Alpine Linux instead of Debian, and
to check out dependencies from git instead of using packages. However, these
changes have not been released to the Docker image, so the current nightly
image is still built against Debian with the packages. These changes were
introduced by GUACAMOLE-1540, which is slated for the 1.5.0 release. It is the
next release, though there is no date for it - it will be released when we wrap
up the final issues that are slated for that release.
> SSH Server > 8.5 - Guacamole
> ----------------------------
>
> Key: GUACAMOLE-1619
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-1619
> Project: Guacamole
> Issue Type: Bug
> Components: guacamole
> Affects Versions: 1.4.0
> Environment: Ubuntu LTS 22.04 / Docker with latest guacamole image
> Reporter: Kenneth D'hoe
> Priority: Major
>
> Not able to SSH to ubuntu 22.04 LTS host from latest dockerized guacamole.
> On the remote server i receive the error: Unable to negotiate with
> xx.xx.xx.xx port 44138: no matching host key type found. Their offer:
> ssh-rsa,ssh-dss [preauth]
> SSH Version on remote host: user@hostname:~# ssh -V
> OpenSSH_8.9p1 Ubuntu-3, OpenSSL 3.0.2 15 Mar 2022
> Looks like guacamole is not able to use newer key algorithms ?
>
> Workarround:
> Add below to sshd config.
> {{HostKeyAlgorithms=ssh-rsa,ssh-rsa-cert-...@openssh.com
> PubkeyAcceptedAlgorithms=+ssh-rsa,ssh-rsa-cert-...@openssh.com}}
>
> Disclaimer:
> Warning! As mentioned in the OpenSSH man, enable the old rsa-sha1 algorithm
> has a risk. rsa-sha1 is now being classified as breached since it costs less
> then 50K to calculate a collision hash.
>
> Debug Log:
> {code:java}
> Jun 3 09:36:49 hostname sshd[1053815]: debug1: Forked child 1054212.
> Jun 3 09:36:49 hostname sshd[1054212]: debug1: Set /proc/self/oom_score_adj
> to 0
> Jun 3 09:36:49 hostname sshd[1054212]: debug1: rexec start in 5 out 5
> newsock 5 pipe 7 sock 8
> Jun 3 09:36:49 hostname sshd[1054212]: debug1: inetd sockets after dupping:
> 4, 4
> Jun 3 09:36:49 hostname sshd[1054212]: Connection from 172.23.0.2 port 44142
> on 172.31.15.16 port 22 rdomain ""
> Jun 3 09:36:49 hostname sshd[1054212]: debug1: Local version string
> SSH-2.0-OpenSSH_8.9p1 Ubuntu-3
> Jun 3 09:36:49 hostname sshd[1054212]: debug1: Remote protocol version 2.0,
> remote software version libssh2_1.8.0
> Jun 3 09:36:49 hostname sshd[1054212]: debug1: compat_banner: no match:
> libssh2_1.8.0
> Jun 3 09:36:49 hostname sshd[1054212]: debug1: permanently_set_uid:
> 106/65534 [preauth]
> Jun 3 09:36:49 hostname sshd[1054212]: debug1: list_hostkey_types:
> rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
> Jun 3 09:36:49 hostname sshd[1054212]: debug1: SSH2_MSG_KEXINIT sent
> [preauth]
> Jun 3 09:36:49 hostname sshd[1054212]: debug1: SSH2_MSG_KEXINIT received
> [preauth]
> Jun 3 09:36:49 hostname sshd[1054212]: debug1: kex: algorithm:
> diffie-hellman-group-exchange-sha256 [preauth]
> Jun 3 09:36:49 hostname sshd[1054212]: debug1: kex: host key algorithm: (no
> match) [preauth]
> Jun 3 09:36:49 hostname sshd[1054212]: Unable to negotiate with 172.23.0.2
> port 44142: no matching host key type found. Their offer: ssh-rsa,ssh-dss
> [preauth]
> Jun 3 09:36:49 hostname sshd[1054212]: debug1: do_cleanup [preauth]
> Jun 3 09:36:49 hostname sshd[1054212]: debug1: monitor_read_log: child log
> fd closed
> Jun 3 09:36:49 hostname sshd[1054212]: debug1: do_cleanup
> Jun 3 09:36:49 hostname sshd[1054212]: debug1: Killing privsep child 1054213
> Jun 3 09:36:49 hostname sshd[1054212]: debug1: audit_event: unhandled event
> 12{code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
