You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@guacamole.apache.org by "Patrick Young (Jira)" <ji...@apache.org> on 2021/11/18 06:30:00 UTC
[jira] [Created] (GUACAMOLE-1461) KEX failed when using SSH with relatively new SSH Server
Patrick Young created GUACAMOLE-1461:
----------------------------------------
Summary: KEX failed when using SSH with relatively new SSH Server
Key: GUACAMOLE-1461
URL: https://issues.apache.org/jira/browse/GUACAMOLE-1461
Project: Guacamole
Issue Type: Bug
Components: guacd, guacd-docker, SSH
Reporter: Patrick Young
Attachments: image-2021-11-18-14-26-03-940.png, image-2021-11-18-14-27-02-502.png, ssh-debug.pcap
All previous versions are affected.
Before I create this issue, I just searched the whole Jira here. Just found some related issues like GUACAMOLE-703, GUACAMOLE-435, GUACAMOLE-1315, GUACAMOLE-1052.
Everything you've done before is just ignored all of your users.
Security should be considered as a lifeline of such a widely-used remote connection software. Every user will finally follow the libssh upgrade since the distributions on their Linux machine did so.
The problem is that the `libssh2` library you've previously used only have 2 legacy and deprecated SSH host key algorithm support. However, since it's 2021 now, OpenSSH 8.8 on my Arch Linux, just dropped support of those algorithms which already should be considered as unsafe.
It's so obvious that:
guacd supports:
!image-2021-11-18-14-26-03-940.png!
What OpenSSH server offers:
!image-2021-11-18-14-27-02-502.png!
The captured packaet is attached, check it please. (In this capture, SSH server port is 22201)
--
This message was sent by Atlassian Jira
(v8.20.1#820001)