Fwd: SSH handshake failed
i tried via public key but didn't help either ssh-keygen -t rsa -b 4096 -m PEM You can also use OpenSSL to create the private key: openssl genrsa -out id_rsa 4096 Then to get the public key: ssh-keygen -y -f id_rsa a source: https://www.reddit.com/r/selfhosted/comments/os4d52/guacamole_ssh_keys_help/ OS: Linux version 5.10.84-1-MANJARO openssh-8.8p1-1 17.12.2021 21:24, Nick Couchman пишет: What are the properties of the system you're connecting to - what type of system, version of OpenSSH, etc.? We've had reports recently of this when connecting to newer OpenSSH installs that limit host key and key exchange algorithms to ones that aren't currently implemented in Guacamole. - To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
Re: SSH handshake failed
On Fri, Dec 17, 2021 at 2:43 AM Golota S.V. wrote: > Hello!! I have an error "SSH handshake failed" when connecting ssh > client manjaro zsh normal bash clients connect without problems. tell me > how to solve the problem. > > What are the properties of the system you're connecting to - what type of system, version of OpenSSH, etc.? We've had reports recently of this when connecting to newer OpenSSH installs that limit host key and key exchange algorithms to ones that aren't currently implemented in Guacamole. -Nick
SSH handshake failed
Hello!! I have an error "SSH handshake failed" when connecting ssh client manjaro zsh normal bash clients connect without problems. tell me how to solve the problem. - To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
Re: guacd : SSH handshake failed
Hi, I've searched a lot on Internet but without success. The 2 links provided didn't help me. I think the issue comes from my ssh config (not necessarily related to libssh2) but I do not have found yet the reason. 1) I've already made it work. It means that I've broken 2 pcs. Possible but surprising. 2) I can connect to the server. Why not on another pc if I use the same guacd process to communicate ? Regards. Xuo. -- Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/ - To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
Re: guacd : SSH handshake failed
Xuo, I'm not able to replicate the problem here (I don't use those distributions) but looking at the error log from the pc, and with a little searching you might want to consider this information: https://www.ezeelogin.com/kb/article/4/no-matching-host-key-type-found-their-offer-ssh-rsa-ssh-dss-preauth-249.html https://askubuntu.com/questions/836048/ssh-returns-no-matching-host-key-type-found-their-offer-ssh-dss While they're not necessarily for your distribution the detail seems relevant to me? - To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
Re: guacd : SSH handshake failed
Hi, Thank you for your answer. I already had a look at this post but I didn't help me. What I really don't understand is the fact that connecting to the server itself works, but if I want to connect to another client (through the guacd process of the server) it fails. The "worst" is that I already had made it work but after some issues, I had to re-install (the server) from scratch and now I've broken something. The main difference I see is that when it was working, all my pc were running Mageia7 and not a mix of Mageia7 and 8. But I don't think this is the reason for the issue. I continue trying to debug. Regards. Xuo. -- Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/ - To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
Re: guacd : SSH handshake failed
Xuo, I'm not familiar with the distributions you mention, however there have been some issues with SSH in the past which have tended to revolve around the version of libssh2 in use, and/or the private key format. It may be that this post could give you some ideas to consider?: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/Issues-with-VNC-and-SSH-on-2-different-connections-td9315.html#a9489 - To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
guacd : SSH handshake failed
Hi, I have 3 pc : pc1, pc2 and server. server runs the guacd process (version 1.3.0). It runs under Mageia7. pc1 runs under Mageia8. pc2 runs under Mageia7. server and pc1 have the lib64ssh2 packages installed (not pc2) : lib64ssh2_1-1.8.2-1.1.mga7 lib64ssh2-devel-1.8.2-1.1.mga7 I can connect from pc1 or pc2 to server using either an ssh connection or a vnc one. Now, if I want to connect from pc2 to pc1 using an ssh connection, I get the following error message : On server : Mar 7 17:54:17 server guacd[32680]: Creating new client for protocol "ssh" Mar 7 17:54:17 server guacd[32680]: Connection ID is "$1654b89f-87be-41cb-93c8-00d124058a97" Mar 7 17:54:17 server guacd[752]: User "@4b8812aa-d0d7-42fb-8370-ed2ca09ff21e" joined connection "$1654b89f-87be-41cb-93c8-00d124058a97" (1 users now present) Mar 7 17:54:17 server server[32690]: 17:54:17.144 [http-nio-8080-exec-8] INFO o.a.g.tunnel.TunnelRequestService - User "xuo" connected to connection "3". Mar 7 17:54:17 server guacd[752]: SSH handshake failed. Mar 7 17:54:17 server guacd[752]: User "@4b8812aa-d0d7-42fb-8370-ed2ca09ff21e" disconnected (0 users remain) Mar 7 17:54:17 server guacd[752]: Last user of connection "$1654b89f-87be-41cb-93c8-00d124058a97" disconnected Mar 7 17:54:17 server guacd[32680]: Connection "$1654b89f-87be-41cb-93c8-00d124058a97" removed. On pc1 : Mar 7 17:54:31 pc1 sshd[773109]: Unable to negotiate with 192.168.0.14 port 38812: no matching host key type found. Their offer: ssh-rsa,ssh-dss [preauth] (192.168.0.14 = server). I can connect in both ways (pc1 to server and server to pc1 with the ssh command line). Could you help me to solve this issue ? Regards. Xuo. smime.p7s Description: Signature cryptographique S/MIME
Re: 9.14: SSH Handshake failed (extremeswitches)
Well no such lock, i decided to do a fork on the github guacamole-server and use that instead, but to no avail, still can't connect to the devices with the older version of openssh running. So the new libssh2 library from the debian release didn't fix it -- Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
Re: 9.14: SSH Handshake failed (extremeswitches)
On Fri, Jun 22, 2018 at 11:53 PM cchance wrote: > i switched to the guacamole/guacd docker container and still have the same > issue, it seems the issue is DSA, some of my switches have a different > version that supports RSA and that logs in right away but DSA doesn't seem > to work when the switch has a DSA key on the server side, it doesn't appear > to work and gives a handshake failed. > > > The Docker image currently published (0.9.14) still uses an older version of libssh2 from CentOS7. Version 1.0.0, when it is released, switches to Debian stable as its base, and will have an updated libssh2. You can build the Docker image from the current git repo and get this Debian-based image, but you'll have to build manually. >From my earlier response I speculated about DSS vs. DSA - I'm not an expert on SSH or Cryptography, but some further reading indicates that DSA is an implementation of DSS, so the later versions of libssh2 *probably* will support your Extreme switches. However, again, you need to make sure you're actually using that later version, and the 0.9.14 Docker image available in Docker hub will not have that. -Nick
Re: 9.14: SSH Handshake failed (extremeswitches)
i switched to the guacamole/guacd docker container and still have the same issue, it seems the issue is DSA, some of my switches have a different version that supports RSA and that logs in right away but DSA doesn't seem to work when the switch has a DSA key on the server side, it doesn't appear to work and gives a handshake failed. -- Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
Re: 9.14: SSH Handshake failed (extremeswitches)
On Fri, Jun 15, 2018 at 12:49 PM cchance wrote: > docker image > (https://github.com/oznu/docker-guacamole/blob/master/Dockerfile) so > appears > to be libssh2-1-dev > > Two things: 1) That doesn't tell me the version of the library. 2) That is not the official Guacamole docker image, nor a fork of that image. It looks like it is based on the official tomcat Docker image, which also appears to be Debian-based, but it's hard to know what versions of packages are being loaded there. Also, while libssh2 appears to support diffie-hellman-group1-sha1, it does appear to support ssh-dsa host keys - the web site lists ssh-rsa and ssh-dss. -Nick
Re: 9.14: SSH Handshake failed (extremeswitches)
docker image (https://github.com/oznu/docker-guacamole/blob/master/Dockerfile) so appears to be libssh2-1-dev -- Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
Re: 9.14: SSH Handshake failed (extremeswitches)
On Fri, Jun 15, 2018 at 11:48 AM cchance wrote: > To log in to these switches normally we have to do +ssh-dsa and > +diffie-hellman-group-sha1 in my ssh config for a pc to be able to cleanly > ssh to one of these switches so not sure if that is whats causing issues > when it comes time to connect with Guacamole... > > But every time I try to connect I get an SSH Handshake failed after > entering > a password, same when using a private key... Always just SSH Handshake > failed... > > Any idea what I can do to fix the problem? > > What type of system are you running guacd on? What version of libssh2 is installed? -Nick
9.14: SSH Handshake failed (extremeswitches)
To log in to these switches normally we have to do +ssh-dsa and +diffie-hellman-group-sha1 in my ssh config for a pc to be able to cleanly ssh to one of these switches so not sure if that is whats causing issues when it comes time to connect with Guacamole... But every time I try to connect I get an SSH Handshake failed after entering a password, same when using a private key... Always just SSH Handshake failed... Any idea what I can do to fix the problem? guacd[902]: DEBUG: Parameter "font-name" omitted. Using default value of "monospace". guacd[902]: DEBUG: Parameter "font-size" omitted. Using default value of 12. guacd[902]: DEBUG: Parameter "color-scheme" omitted. Using default value of "". guacd[902]: DEBUG: Parameter "enable-sftp" omitted. Using default value of 0. guacd[902]: DEBUG: Parameter "sftp-root-directory" omitted. Using default value of "/". guacd[902]: DEBUG: Parameter "port" omitted. Using default value of "22". guacd[902]: DEBUG: Parameter "read-only" omitted. Using default value of 0. guacd[902]: DEBUG: Parameter "typescript-name" omitted. Using default value of "typescript". guacd[902]: DEBUG: Parameter "create-typescript-path" omitted. Using default value of 0. guacd[902]: DEBUG: Parameter "recording-name" omitted. Using default value of "recording". guacd[902]: DEBUG: Parameter "create-recording-path" omitted. Using default value of 0. guacd[902]: DEBUG: Parameter "server-alive-interval" omitted. Using default value of 0. guacd[902]: INFO: User "@5d2e6ec5-c5d6-42bb-a260-7f3ffc837e5e" joined connection "$35b81227-7e70-4672-bdf1-538af83eed45" (1 users now present) guacd[902]: DEBUG: Attempting private key import (WITHOUT passphrase) guacd[902]: INFO: Auth key successfully imported. guacd[902]: DEBUG: Successfully connected to host 192.168.0.1, port 22 guacd[902]: ERROR: SSH handshake failed. -- Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
Re: SSH handshake failed: only RSA keys possible?
On Sat, Dec 23, 2017 at 10:41 PM, NTMMFTSwrote: > It appears that libssh2 includes the aes256-cbc key exchange method > supported > by pfSense, so I modded the ssh.c code and let it compile during > installation using hanaciamiento's guacamole install script > (https://sourceforge.net/projects/guacamoleinstallscript/), but guacamole > won't load at all afterwards. > > Here's the code and where I inserted it in ssh.c in the > guac_common_ssh_create_session function: > > /* Open SSH session */ > // existing code > > /* added preferred method for key exchange method supported by > pfSense */ > int returnval = libssh2_session_method_pref(session, > LIBSSH2_METHOD_CRYPT_CS, "aes256-cbc"); > if (returnval != 0) { > guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR, > "Setting session preferred key exchange method to > AES256-CBC > failed."); > free(common_session); > close(fd); > return NULL; > } > > /* Perform handshake */ > // existing code > First, I don't think this should be necessary to get it working if libssh2 supports that crypt method. I believe it will use any supported method without having to set it as a preferred method, no? That said, setting it as preferred should not impede the connection, either, so this should be fine. > > Anyone want to comment on this approach or try to get it working? > With guacd in debug mode (guacd -L debug), what messages do you see during the SSH connection? Also, when you say it "won't load at all with it afterwards," what does this mean? It segfaults? Or guacd runs but the connection doesn't start? Or sometihng else? -Nick
Re: SSH handshake failed: only RSA keys possible?
It appears that libssh2 includes the aes256-cbc key exchange method supported by pfSense, so I modded the ssh.c code and let it compile during installation using hanaciamiento's guacamole install script (https://sourceforge.net/projects/guacamoleinstallscript/), but guacamole won't load at all afterwards. Here's the code and where I inserted it in ssh.c in the guac_common_ssh_create_session function: /* Open SSH session */ // existing code /* added preferred method for key exchange method supported by pfSense */ int returnval = libssh2_session_method_pref(session, LIBSSH2_METHOD_CRYPT_CS, "aes256-cbc"); if (returnval != 0) { guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR, "Setting session preferred key exchange method to AES256-CBC failed."); free(common_session); close(fd); return NULL; } /* Perform handshake */ // existing code Anyone want to comment on this approach or try to get it working? Thanks! Jay L -- Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
Re: SSH handshake failed: only RSA keys possible?
Hello Nick, thanks for the clarification! So libssl2 ist to blame - seems to be a little antiquated... Thanks for the proposal to add some documentation. I would suggest the description of the parameter "private-key": - a reference to libssl2 - Maybe you could also write that the private key has to be pasted as text. Many people believe that a filename has to be given. TIA, Flittermice -- Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
SSH handshake failed: only RSA keys possible?
I'm using version 0.9.13. My goal was to make a SSH connection to a host using my existing ed25519 keys. But I permanently got "SSH handshake failed" in guacd. So I have spent many hours of searching for the reason. Finally it turned out that it is only possible to use RSA keys: 1. ECDSA and Ed25519 private keys will not work because Guacamole won't be able to recognize the key format. 2. I configured my server to send an Ed25519 host key. This was the reason for the "SSH handshake failed" errors. Switching back to RSA keys solved the problem for me. Should this behaviour be documented? Or should the new key types be implemented? Or am I missing something? Thanks! Flittermice -- Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/