You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@guacamole.apache.org by "Patrick Young (Jira)" <ji...@apache.org> on 2021/11/18 08:42:00 UTC

[jira] [Comment Edited] (GUACAMOLE-1461) Include libssh2 1.9.0 or later in guacd Docker image

    [ https://issues.apache.org/jira/browse/GUACAMOLE-1461?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17445739#comment-17445739 ] 

Patrick Young edited comment on GUACAMOLE-1461 at 11/18/21, 8:41 AM:
---------------------------------------------------------------------

If I manually copy the origin HostKeyAlgorithms value and add `,ssh-rsa` on server side config (which is `/etc/ssh/sshd_config`), all things worked. So this problem can be confirmed is caused by host key algorithm not enabled in libssh2 side (although it seems already implemented).  [~mjumper] 


was (Author: JIRAUSER280428):
If I manually copy the origin HostKeyAlgorithms value and add `,ssh-rsa` , all things worked. So this problem can be confirmed is caused by host key algorithm not enabled in libssh2 side (although it seems already implemented).  [~mjumper] 

> Include libssh2 1.9.0 or later in guacd Docker image
> ----------------------------------------------------
>
>                 Key: GUACAMOLE-1461
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-1461
>             Project: Guacamole
>          Issue Type: Improvement
>          Components: guacd-docker
>            Reporter: Patrick Young
>            Priority: Major
>         Attachments: CleanShot 2021-11-18 at 16.33.40@2x.png, image-2021-11-18-14-26-03-940.png, image-2021-11-18-14-27-02-502.png, ssh-debug.pcap
>
>
> libssh2 has recently grown support for elliptic curve cryptography, including support for elliptic curve KEX algorithms. The current guacd Docker image doesn't inherit this support, however, because it uses Debian Buster as its base image. To have access to a newer libssh2, the guacd image will need to use at least Debian Bullseye.
> It may be worth updating the image to simply point at Debian stable, assuming there is no longer any issue with the FreeRDP version included by that version of Debian. Meanwhile, the Jenkins build that performs nightly rebuilds of the established Docker images for the previous release can simply be updated to point to Debian Bullseye with its build args and thus magically become up-to-date.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)