Uploaded image for project: 'Guacamole'
  1. Guacamole
  2. GUACAMOLE-1619

SSH Server > 8.5 - Guacamole

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Invalid
    • 1.4.0
    • None
    • guacamole
    • None
    • Ubuntu LTS 22.04 / Docker with latest guacamole image

    Description

      Not able to SSH to ubuntu 22.04 LTS host from latest dockerized guacamole.

      On the remote server i receive the error: Unable to negotiate with xx.xx.xx.xx port 44138: no matching host key type found. Their offer: ssh-rsa,ssh-dss [preauth]

      SSH Version on remote host: user@hostname:~# ssh -V
      OpenSSH_8.9p1 Ubuntu-3, OpenSSL 3.0.2 15 Mar 2022

      Looks like guacamole is not able to use newer key algorithms ?

       

      Workarround:

      Add below to sshd config. 

      {{HostKeyAlgorithms=ssh-rsa,ssh-rsa-cert-v01@openssh.com

      PubkeyAcceptedAlgorithms=+ssh-rsa,ssh-rsa-cert-v01@openssh.com}}

       

      Disclaimer:

      Warning! As mentioned in the OpenSSH man, enable the old rsa-sha1 algorithm has a risk. rsa-sha1 is now being classified as breached since it costs less then 50K to calculate a collision hash.  

       

      Debug Log:

      Jun  3 09:36:49 hostname sshd[1053815]: debug1: Forked child 1054212.
Jun  3 09:36:49 hostname sshd[1054212]: debug1: Set /proc/self/oom_score_adj to 0
Jun  3 09:36:49 hostname sshd[1054212]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
Jun  3 09:36:49 hostname sshd[1054212]: debug1: inetd sockets after dupping: 4, 4
Jun  3 09:36:49 hostname sshd[1054212]: Connection from 172.23.0.2 port 44142 on 172.31.15.16 port 22 rdomain ""
Jun  3 09:36:49 hostname sshd[1054212]: debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3
Jun  3 09:36:49 hostname sshd[1054212]: debug1: Remote protocol version 2.0, remote software version libssh2_1.8.0
Jun  3 09:36:49 hostname sshd[1054212]: debug1: compat_banner: no match: libssh2_1.8.0
Jun  3 09:36:49 hostname sshd[1054212]: debug1: permanently_set_uid: 106/65534 [preauth]
Jun  3 09:36:49 hostname sshd[1054212]: debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
Jun  3 09:36:49 hostname sshd[1054212]: debug1: SSH2_MSG_KEXINIT sent [preauth]
Jun  3 09:36:49 hostname sshd[1054212]: debug1: SSH2_MSG_KEXINIT received [preauth]
Jun  3 09:36:49 hostname sshd[1054212]: debug1: kex: algorithm: diffie-hellman-group-exchange-sha256 [preauth]
Jun  3 09:36:49 hostname sshd[1054212]: debug1: kex: host key algorithm: (no match) [preauth]
Jun  3 09:36:49 hostname sshd[1054212]: Unable to negotiate with 172.23.0.2 port 44142: no matching host key type found. Their offer: ssh-rsa,ssh-dss [preauth]
Jun  3 09:36:49 hostname sshd[1054212]: debug1: do_cleanup [preauth]
Jun  3 09:36:49 hostname sshd[1054212]: debug1: monitor_read_log: child log fd closed
Jun  3 09:36:49 hostname sshd[1054212]: debug1: do_cleanup
Jun  3 09:36:49 hostname sshd[1054212]: debug1: Killing privsep child 1054213
Jun  3 09:36:49 hostname sshd[1054212]: debug1: audit_event: unhandled event 12

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. GUACAMOLE-1497 Guacamole 1.4.0 ssh client seems to have host key sig compatibility issues with my ssh server

          • Major - Major loss of function.
          • Closed

          Activity

            People

              Unassigned Unassigned
              kdhoe Kenneth D'hoe
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: