[ https://issues.apache.org/jira/browse/GUACAMOLE-703?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16791432#comment-16791432 ]
Freddie Bryce commented on GUACAMOLE-703: ----------------------------------------- Hi, I've also experienced this issue when using Guacamole to SSH to a CentOS image locked down to CIS benchmarks. We fixed the issue by installing libSSH2 [https://www.libssh2.org/download/libssh2-1.8.0.tar.gz] If it is not easy or appropriate to include this fix within Guacamole, could this be included in the documentation, so that other users will have the potential issue & it's fix highlighted at the relevent place they would look when installing or checking for errors? Guacamole in general works really nicely but this took some time to figure out. > SSH Handshake Failed > -------------------- > > Key: GUACAMOLE-703 > URL: https://issues.apache.org/jira/browse/GUACAMOLE-703 > Project: Guacamole > Issue Type: Bug > Components: SSH > Affects Versions: 0.9.14, 1.0.0 > Reporter: Patrick Sullivan > Priority: Minor > > Update: Built a brand new Guac 1.0.0 install, same issue. Further details > below. > When attempting to use Guacamole 1.0.0 to connect via SSH to an Appliance > that has a proprietary shell (non-bash), SSH connects to the server via Guac, > however disconnects after password is submitted. > Event logs on Guac server show 'SSH Handshake Failed', but no other info. > Able to connect to the appliance using Putty, Terraterm SSH clients, and able > to SSH from Guac server CLI also without issue. > Only occurs on SSH servers where the vendor has implemented their own > restricted shell, e.g. as many pre-packaged virtual appliances have. > Guac Server OS: CentOS Linux release 7.6.1810 (Core) > SSH Server: Server version: SSH-2.0-OpenSSH_5.3 > Log excerpts below. > > GUAC Log: > {code:none} > Jan 15 18:53:33 <hostname> guacd[7046]: User > "@abf93eb1-fef9-4bb6-908d-bd5316093b0d" joined connection > "$92e78549-bd3e-4743-97e6-54925ada845a" (1 users now present) > Jan 15 18:53:33 <hostname> server: 18:53:33.404 [http-bio-8443-exec-4] INFO > o.a.g.tunnel.TunnelRequestService - User "guacadmin" connected to connection > "15". > Jan 15 18:53:38 <hostname> guacd[7046]: SSH handshake failed. > Jan 15 18:53:38 <hostname> guacd[7046]: User > "@abf93eb1-fef9-4bb6-908d-bd5316093b0d" disconnected (0 users remain) > Jan 15 18:53:38 <hostname> guacd[7046]: Last user of connection > "$92e78549-bd3e-4743-97e6-54925ada845a" disconnected > {code} > > In the below log except, taken from a working client (PUtty), the Guac > server usually disconnects between the {{<—XXXXXXXXX—>}} parts of the > sequence straight after the user provides the password, appears to be when > the server switches to it's proprietary shell. > From a (Working) SSH Client Log to the affected SSH Server/Appliance: > {code:none} > Event Log: Server version: SSH-2.0-OpenSSH_5.3 > Event Log: We believe remote version has SSH-2 channel request bug > Event Log: Using SSH protocol version 2 > Event Log: Doing Diffie-Hellman group exchange > Event Log: Doing Diffie-Hellman key exchange with hash SHA-256 > Event Log: Host key fingerprint is: > Event Log: Initialised AES-256 SDCTR client->server encryption > Event Log: Initialised HMAC-SHA-256 client->server MAC algorithm > Event Log: Initialised AES-256 SDCTR server->client encryption > Event Log: Initialised HMAC-SHA-256 server->client MAC algorithm > Event Log: Sent password > <---XXXXXXXX---> > Event Log: Access granted > Event Log: Opening session as main channel > Event Log: Opened main channel > Event Log: Allocated pty (ospeed 38400bps, ispeed 38400bps) > > Event Log: Started a shell/command > Incoming packet #0x9, type 93 / 0x5d (SSH2_MSG_CHANNEL_WINDOW_ADJUST) > <---XXXXXXXX---> > {code} > Install versions of libssh as requested: > libssh2.x86_64 1.4.3-12.el7 @base > libssh2-devel.x86_64 1.4.3-12.el7 @base > openssh.x86_64 7.4p1-16.el7 @anaconda > openssh-clients.x86_64 7.4p1-16.el7 @anaconda > openssh-server.x86_64 7.4p1-16.el7 @anaconda -- This message was sent by Atlassian JIRA (v7.6.3#76005)