You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by Adrian Owen <ad...@eesm.com> on 2021/03/10 10:12:32 UTC
SSH to Palo Alto firewall
Hi,
Guacamole SSH fails to connect:
Mar 10 08:08:47 busterguac guacd[438]: Creating new client for protocol "ssh"
Mar 10 08:08:47 busterguac guacd[438]: Connection ID is "$ce36e34a-92e6-424c-86d0-2ad4f9a46078"
Mar 10 08:08:47 busterguac guacd[79116]: Current locale does not use UTF-8. Some characters may not render correctly.
Mar 10 08:08:47 busterguac guacd[79116]: User "@af8aab17-f8b4-435a-8ba6-66cb07242351" joined connection "$ce36e34a-92e6-424c-86d0-2ad4f9a46078" (1 users now present)
Mar 10 08:08:48 busterguac guacd[79116]: No known host keys provided, host identity will not be verified.
Mar 10 08:08:48 busterguac guacd[79116]: Unable to set the timezone: SSH server refused to set "TZ" variable.
Mar 10 08:08:49 busterguac guacd[79116]: No known host keys provided, host identity will not be verified.
Mar 10 08:10:18 busterguac guacd[79116]: User "@af8aab17-f8b4-435a-8ba6-66cb07242351" disconnected (0 users remain)
Mar 10 08:10:18 busterguac guacd[79116]: Last user of connection "$ce36e34a-92e6-424c-86d0-2ad4f9a46078" disconnected
Mar 10 08:10:23 busterguac guacd[79116]: Client did not terminate in a timely manner. Forcibly terminating client and any child processes.
Mar 10 08:10:24 busterguac guacd[438]: Connection "$ce36e34a-92e6-424c-86d0-2ad4f9a46078" removed.
. Putty SSH works fine.
. Plink only works after confirming connection in command line.
. All SSH libraries I tested connect but won't run commands.
Is there connection setting to enable Guacamole SSH connection to Palo Alto?
Thanks, Adrian
Re: SSH to Palo Alto firewall
Posted by Nick Couchman <vn...@apache.org>.
On Wed, Mar 10, 2021 at 8:51 AM Adrian Owen <ad...@eesm.com> wrote:
> Nick,
>
>
>
> It’s resolved!
>
>
>
> ‘enable-sftp’ ‘true’ in connection parameters caused Palo Alto SSH to
> fail.
>
>
Great, glad you figured it out - thank you for posting the solution back
here!
-Nick
>
RE: SSH to Palo Alto firewall
Posted by Adrian Owen <ad...@eesm.com>.
Nick,
It’s resolved!
‘enable-sftp’ ‘true’ in connection parameters caused Palo Alto SSH to fail.
Many thanks, Adrian
From: Nick Couchman [mailto:vnick@apache.org]
Sent: 10 March 2021 13:33
To: user@guacamole.apache.org
Subject: Re: SSH to Palo Alto firewall
On Wed, Mar 10, 2021 at 5:18 AM Adrian Owen <ad...@eesm.com>> wrote:
Hi,
Guacamole SSH fails to connect:
Mar 10 08:08:47 busterguac guacd[438]: Creating new client for protocol "ssh"
Mar 10 08:08:47 busterguac guacd[438]: Connection ID is "$ce36e34a-92e6-424c-86d0-2ad4f9a46078"
Mar 10 08:08:47 busterguac guacd[79116]: Current locale does not use UTF-8. Some characters may not render correctly.
Mar 10 08:08:47 busterguac guacd[79116]: User "@af8aab17-f8b4-435a-8ba6-66cb07242351" joined connection "$ce36e34a-92e6-424c-86d0-2ad4f9a46078" (1 users now present)
Mar 10 08:08:48 busterguac guacd[79116]: No known host keys provided, host identity will not be verified.
Mar 10 08:08:48 busterguac guacd[79116]: Unable to set the timezone: SSH server refused to set "TZ" variable.
Mar 10 08:08:49 busterguac guacd[79116]: No known host keys provided, host identity will not be verified.
Mar 10 08:10:18 busterguac guacd[79116]: User "@af8aab17-f8b4-435a-8ba6-66cb07242351" disconnected (0 users remain)
Mar 10 08:10:18 busterguac guacd[79116]: Last user of connection "$ce36e34a-92e6-424c-86d0-2ad4f9a46078" disconnected
Mar 10 08:10:23 busterguac guacd[79116]: Client did not terminate in a timely manner. Forcibly terminating client and any child processes.
Mar 10 08:10:24 busterguac guacd[438]: Connection "$ce36e34a-92e6-424c-86d0-2ad4f9a46078" removed.
Does Guacamole connect to other SSH hosts without issue? This looks like guacd is expecting something from the client but not getting it, which seems to indicate less of an SSH issue (that is gaucd -> Palo Alto) and more of a Guacamole Client -> guacd issue. Can you put guacd in debug mode and see if there are any more useful messages?
-Nick
Re: SSH to Palo Alto firewall
Posted by Nick Couchman <vn...@apache.org>.
On Wed, Mar 10, 2021 at 5:18 AM Adrian Owen <ad...@eesm.com> wrote:
> Hi,
>
> Guacamole SSH fails to connect:
>
> Mar 10 08:08:47 busterguac guacd[438]: Creating new client for protocol
> "ssh"
> Mar 10 08:08:47 busterguac guacd[438]: Connection ID is
> "$ce36e34a-92e6-424c-86d0-2ad4f9a46078"
> Mar 10 08:08:47 busterguac guacd[79116]: Current locale does not use
> UTF-8. Some characters may not render correctly.
> Mar 10 08:08:47 busterguac guacd[79116]: User
> "@af8aab17-f8b4-435a-8ba6-66cb07242351" joined connection
> "$ce36e34a-92e6-424c-86d0-2ad4f9a46078" (1 users now present)
> Mar 10 08:08:48 busterguac guacd[79116]: No known host keys provided, host
> identity will not be verified.
> Mar 10 08:08:48 busterguac guacd[79116]: Unable to set the timezone: SSH
> server refused to set "TZ" variable.
> Mar 10 08:08:49 busterguac guacd[79116]: No known host keys provided, host
> identity will not be verified.
> Mar 10 08:10:18 busterguac guacd[79116]: User
> "@af8aab17-f8b4-435a-8ba6-66cb07242351" disconnected (0 users remain)
> Mar 10 08:10:18 busterguac guacd[79116]: Last user of connection
> "$ce36e34a-92e6-424c-86d0-2ad4f9a46078" disconnected
> Mar 10 08:10:23 busterguac guacd[79116]: Client did not terminate in a
> timely manner. Forcibly terminating client and any child processes.
> Mar 10 08:10:24 busterguac guacd[438]: Connection
> "$ce36e34a-92e6-424c-86d0-2ad4f9a46078" removed.
>
>
Does Guacamole connect to other SSH hosts without issue? This looks like
guacd is expecting something from the client but not getting it, which
seems to indicate less of an SSH issue (that is gaucd -> Palo Alto) and
more of a Guacamole Client -> guacd issue. Can you put guacd in debug mode
and see if there are any more useful messages?
-Nick