You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@guacamole.apache.org by "Mike Jumper (Jira)" <ji...@apache.org> on 2021/11/18 08:00:04 UTC
[jira] [Commented] (GUACAMOLE-1461) Include libssh2 1.9.0 or later in guacd Docker image
[ https://issues.apache.org/jira/browse/GUACAMOLE-1461?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17445717#comment-17445717 ]
Mike Jumper commented on GUACAMOLE-1461:
----------------------------------------
The Jenkins job that rebuilds the guacd image is now set to use Debian stable for the base image, so this should no longer be an issue for the nightly rebuilds. If you pull the latest guacd image from Docker Hub, you should now have libssh2 1.9.0 and elliptic curve KEX support.
> Include libssh2 1.9.0 or later in guacd Docker image
> ----------------------------------------------------
>
> Key: GUACAMOLE-1461
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-1461
> Project: Guacamole
> Issue Type: Improvement
> Components: guacd-docker
> Reporter: Patrick Young
> Priority: Major
> Attachments: image-2021-11-18-14-26-03-940.png, image-2021-11-18-14-27-02-502.png, ssh-debug.pcap
>
>
> libssh2 has recently grown support for elliptic curve cryptography, including support for elliptic curve KEX algorithms. The current guacd Docker image doesn't inherit this support, however, because it uses Debian Buster as its base image. To have access to a newer libssh2, the guacd image will need to use at least Debian Bullseye.
> It may be worth updating the image to simply point at Debian stable, assuming there is no longer any issue with the FreeRDP version included by that version of Debian. Meanwhile, the Jenkins build that performs nightly rebuilds of the established Docker images for the previous release can simply be updated to point to Debian Bullseye with its build args and thus magically become up-to-date.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)