On Wed, Jan 24, 2018 at 11:49 AM, <harry.dev...@faa.gov> wrote: > Did some more debugging. When we try to connect to a server that is FIPS > 140-2 compliant, here’s what the algorithms that are expected are: > > > > When I try to connect via a Guacamole SSH session, here are the algorithms > being sent: > > debug2: KEX algorithms: ecdh-sha2-nistp256,ecdh-sha2- > nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange- > sha256,diffie-hellman-group16-sha512,diffie-hellman-group18- > sha512,diffie-hellman-group14-sha256,ext-info-c > > debug2: host key algorithms: ecdsa-sha2-nistp256-cert-...@openssh.com, > ecdsa-sha2-nistp384-cert-...@openssh.com,ecdsa-sha2-nistp521-cert-v01@ > openssh.com,ssh-ed25519-cert-...@openssh.com,ssh-rsa-cert-...@openssh.com, > ssh-dss-cert-...@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384, > ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss > > debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256- > ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc,rijndael-...@lysator.liu.se > > debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256- > ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc,rijndael-...@lysator.liu.se > > debug2: MACs ctos: hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-sha1-etm@ > openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com > > debug2: MACs stoc: hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-sha1-etm@ > openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com > > > > Jan 24 14:42:38 carts sshd[6890]: FIPS mode initialized > > Jan 24 14:42:38 carts sshd[6890]: Unable to negotiate with 172.26.170.72 > port 57948: no matching key exchange method found. Their offer: > diffie-hellman-group14-sha1,diffie-hellman-group-exchange- > sha1,diffie-hellman-group1-sha1 [preauth] > > > > Looks like, to me, that Guacamole isn’t sending the proper algorithms or > ciphers in its SSH request. Not sure if the issue is in Guacamole itself > or in libssh2, which is 1.4.3 at the moment. > > >
The connection handshake for SSH connections (key exchange, ciphers, etc.) is actually dictated internally by libssh2, so that much is out of Guacamole's control. Checking the current libssh2 source, the key exchange methods reported as rejected above are the only key exchange methods supported by libssh2: https://github.com/libssh2/libssh2/blob/bcd492163b71608f8e46cdc864741d6c566ce9bc/src/kex.c#L1777-L1783 and the feature list on https://www.libssh2.org/ matches this: > > Capabilities and Features > > * Key Exchange Methods: diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, diffie-hellman-group-exchange-sha1, diffie-hellman-group-exchange-sha256 > * ... > If these methods truly are not compliant with FIPS 140-2, then adding that support to libssh2 would be the only possibility. If they are acceptable within FIPS 140-2, then the SSH server likely needs to be configured to allow them. Googling around, I've not yet found documentation explicitly stating that these key exchange methods are non-compliant, though I see several security policy PDFs for implementing FIPS 140-2 compliance including a subset of these in their allowed key exchange methods. Is there anything you could point to which explicitly lists what's allowed/disallowed in your case? - Mike
