You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@guacamole.apache.org by "Patrick Sullivan (JIRA)" <ji...@apache.org> on 2019/01/16 04:52:00 UTC

[jira] [Commented] (GUACAMOLE-703) m

    [ https://issues.apache.org/jira/browse/GUACAMOLE-703?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16743613#comment-16743613 ] 

Patrick Sullivan commented on GUACAMOLE-703:
--------------------------------------------

HI guys, 

 

Thanks for the responses, I've provided more detail above.

Regarding the SSH Server, for the working client it shows as simply being OpenSSH 2.3, the actual appliance itself is a "black box" Gemalto KeySecure VM. Unfortunately we have no way of knowing any more details as to the proprietary nature of their shell, as we can't get to the actual OS underneath.

Are there any more detailed logs I can get from Guac to see what it's complaining about than "SSH Handshake Failed"?

> m 
> --
>
>                 Key: GUACAMOLE-703
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-703
>             Project: Guacamole
>          Issue Type: Bug
>          Components: SSH
>    Affects Versions: 0.9.14
>            Reporter: Patrick Sullivan
>            Priority: Minor
>
> Update: Built a brand new Guac 1.0.0 install, same issue. Further details below.
> When attempting to use Guacamole 1.0.0 to connect via SSH to an Appliance that has a proprietary shell (non-bash), SSH connects to the server via Guac, however disconnects after password is submitted.
> Event logs on Guac server show 'SSH Handshake Failed', but no other info. Able to connect to the appliance using Putty, Terraterm SSH clients, and able to SSH from Guac server CLI also without issue. 
> Only occurs on SSH servers where the vendor has implemented their own restricted shell, e.g. as many pre-packaged virtual appliances have. 
> Guac Server OS: CentOS Linux release 7.6.1810 (Core)
> SSH Server: Server version: SSH-2.0-OpenSSH_5.3
> Log excerpts below. 
>  
>  GUAC Log:
> {code:none}
> Jan 15 18:53:33 <hostname> guacd[7046]: User "@abf93eb1-fef9-4bb6-908d-bd5316093b0d" joined connection "$92e78549-bd3e-4743-97e6-54925ada845a" (1 users now present)
> Jan 15 18:53:33 <hostname> server: 18:53:33.404 [http-bio-8443-exec-4] INFO  o.a.g.tunnel.TunnelRequestService - User "guacadmin" connected to connection "15".
> Jan 15 18:53:38 <hostname> guacd[7046]: SSH handshake failed.
> Jan 15 18:53:38 <hostname> guacd[7046]: User "@abf93eb1-fef9-4bb6-908d-bd5316093b0d" disconnected (0 users remain)
> Jan 15 18:53:38 <hostname> guacd[7046]: Last user of connection "$92e78549-bd3e-4743-97e6-54925ada845a" disconnected
> {code}
>  
>  In the below log except, taken from a working client (PUtty), the Guac server usually disconnects between the {{<—XXXXXXXXX—>}} parts of the sequence straight after the user provides the password, appears to be when the server switches to it's proprietary shell. 
> From a (Working) SSH Client Log to the affected SSH Server/Appliance:
> {code:none}
> Event Log: Server version: SSH-2.0-OpenSSH_5.3
> Event Log: We believe remote version has SSH-2 channel request bug
> Event Log: Using SSH protocol version 2
> Event Log: Doing Diffie-Hellman group exchange
> Event Log: Doing Diffie-Hellman key exchange with hash SHA-256
> Event Log: Host key fingerprint is:
> Event Log: Initialised AES-256 SDCTR client->server encryption
> Event Log: Initialised HMAC-SHA-256 client->server MAC algorithm
> Event Log: Initialised AES-256 SDCTR server->client encryption
> Event Log: Initialised HMAC-SHA-256 server->client MAC algorithm
> Event Log: Sent password
> <---XXXXXXXX--->
> Event Log: Access granted
> Event Log: Opening session as main channel
> Event Log: Opened main channel                                 
> Event Log: Allocated pty (ospeed 38400bps, ispeed 38400bps)                                
> Event Log: Started a shell/command
> Incoming packet #0x9, type 93 / 0x5d (SSH2_MSG_CHANNEL_WINDOW_ADJUST) 
> <---XXXXXXXX--->
> {code}
> Install versions of libssh as requested:
> libssh2.x86_64 1.4.3-12.el7 @base
>  libssh2-devel.x86_64 1.4.3-12.el7 @base
>  openssh.x86_64 7.4p1-16.el7 @anaconda
>  openssh-clients.x86_64 7.4p1-16.el7 @anaconda
>  openssh-server.x86_64 7.4p1-16.el7 @anaconda



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)