You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by cchance <cc...@gmail.com> on 2018/06/15 15:48:18 UTC
9.14: SSH Handshake failed (extremeswitches)
To log in to these switches normally we have to do +ssh-dsa and
+diffie-hellman-group-sha1 in my ssh config for a pc to be able to cleanly
ssh to one of these switches so not sure if that is whats causing issues
when it comes time to connect with Guacamole...
But every time I try to connect I get an SSH Handshake failed after entering
a password, same when using a private key... Always just SSH Handshake
failed...
Any idea what I can do to fix the problem?
guacd[902]: DEBUG: Parameter "font-name" omitted. Using default value of
"monospace".
guacd[902]: DEBUG: Parameter "font-size" omitted. Using default value of 12.
guacd[902]: DEBUG: Parameter "color-scheme" omitted. Using default value of
"".
guacd[902]: DEBUG: Parameter "enable-sftp" omitted. Using default value of
0.
guacd[902]: DEBUG: Parameter "sftp-root-directory" omitted. Using default
value of "/".
guacd[902]: DEBUG: Parameter "port" omitted. Using default value of "22".
guacd[902]: DEBUG: Parameter "read-only" omitted. Using default value of 0.
guacd[902]: DEBUG: Parameter "typescript-name" omitted. Using default value
of "typescript".
guacd[902]: DEBUG: Parameter "create-typescript-path" omitted. Using default
value of 0.
guacd[902]: DEBUG: Parameter "recording-name" omitted. Using default value
of "recording".
guacd[902]: DEBUG: Parameter "create-recording-path" omitted. Using default
value of 0.
guacd[902]: DEBUG: Parameter "server-alive-interval" omitted. Using default
value of 0.
guacd[902]: INFO: User "@5d2e6ec5-c5d6-42bb-a260-7f3ffc837e5e" joined
connection "$35b81227-7e70-4672-bdf1-538af83eed45" (1 users now present)
guacd[902]: DEBUG: Attempting private key import (WITHOUT passphrase)
guacd[902]: INFO: Auth key successfully imported.
guacd[902]: DEBUG: Successfully connected to host 192.168.0.1, port 22
guacd[902]: ERROR: SSH handshake failed.
--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
Re: 9.14: SSH Handshake failed (extremeswitches)
Posted by Nick Couchman <vn...@apache.org>.
On Fri, Jun 15, 2018 at 12:49 PM cchance <cc...@gmail.com> wrote:
> docker image
> (https://github.com/oznu/docker-guacamole/blob/master/Dockerfile) so
> appears
> to be libssh2-1-dev
>
>
Two things:
1) That doesn't tell me the version of the library.
2) That is not the official Guacamole docker image, nor a fork of that
image. It looks like it is based on the official tomcat Docker image,
which also appears to be Debian-based, but it's hard to know what versions
of packages are being loaded there.
Also, while libssh2 appears to support diffie-hellman-group1-sha1, it does
appear to support ssh-dsa host keys - the web site lists ssh-rsa and
ssh-dss.
-Nick
Re: 9.14: SSH Handshake failed (extremeswitches)
Posted by cchance <cc...@gmail.com>.
docker image
(https://github.com/oznu/docker-guacamole/blob/master/Dockerfile) so appears
to be libssh2-1-dev
--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
Re: 9.14: SSH Handshake failed (extremeswitches)
Posted by Nick Couchman <vn...@apache.org>.
On Thu, Jul 5, 2018 at 3:34 PM Nick Couchman <vn...@apache.org> wrote:
>
>
> On Thu, Jul 5, 2018 at 15:30 cchance <cc...@gmail.com> wrote:
>
>> Well no such lock, i decided to do a fork on the github guacamole-server
>> and
>> use that instead, but to no avail, still can't connect to the devices with
>> the older version of openssh running. So the new libssh2 library from the
>> debian release didn't fix it
>>
>>
> What version of libssh2??
>
> -Nick
>
FWIW - I was able to find a device that requires the same
-oKexAlgorithms=+diffie-hellman-group1-sha1 key option that the Extreme
switches you're managing require, and I'm able to connect without any
issue. I'm using the latest Guacamole Client/Server code from github, and
have it installed on CentOS 7, and the libssh2 version is 1.4.3 (included
with CentOS). The only difference is that the devices I'm connecting to do
not require the ssh-dsa option that you mentioned.
-Nick
Re: 9.14: SSH Handshake failed (extremeswitches)
Posted by Nick Couchman <vn...@apache.org>.
On Thu, Jul 5, 2018 at 15:30 cchance <cc...@gmail.com> wrote:
> Well no such lock, i decided to do a fork on the github guacamole-server
> and
> use that instead, but to no avail, still can't connect to the devices with
> the older version of openssh running. So the new libssh2 library from the
> debian release didn't fix it
>
>
What version of libssh2??
-Nick
Re: 9.14: SSH Handshake failed (extremeswitches)
Posted by cchance <cc...@gmail.com>.
Well no such lock, i decided to do a fork on the github guacamole-server and
use that instead, but to no avail, still can't connect to the devices with
the older version of openssh running. So the new libssh2 library from the
debian release didn't fix it
--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
Re: 9.14: SSH Handshake failed (extremeswitches)
Posted by Nick Couchman <vn...@apache.org>.
On Fri, Jun 22, 2018 at 11:53 PM cchance <cc...@gmail.com> wrote:
> i switched to the guacamole/guacd docker container and still have the same
> issue, it seems the issue is DSA, some of my switches have a different
> version that supports RSA and that logs in right away but DSA doesn't seem
> to work when the switch has a DSA key on the server side, it doesn't appear
> to work and gives a handshake failed.
>
>
>
The Docker image currently published (0.9.14) still uses an older version
of libssh2 from CentOS7. Version 1.0.0, when it is released, switches to
Debian stable as its base, and will have an updated libssh2. You can build
the Docker image from the current git repo and get this Debian-based image,
but you'll have to build manually.
From my earlier response I speculated about DSS vs. DSA - I'm not an expert
on SSH or Cryptography, but some further reading indicates that DSA is an
implementation of DSS, so the later versions of libssh2 *probably* will
support your Extreme switches. However, again, you need to make sure
you're actually using that later version, and the 0.9.14 Docker image
available in Docker hub will not have that.
-Nick
Re: 9.14: SSH Handshake failed (extremeswitches)
Posted by cchance <cc...@gmail.com>.
i switched to the guacamole/guacd docker container and still have the same
issue, it seems the issue is DSA, some of my switches have a different
version that supports RSA and that logs in right away but DSA doesn't seem
to work when the switch has a DSA key on the server side, it doesn't appear
to work and gives a handshake failed.
--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
Re: 9.14: SSH Handshake failed (extremeswitches)
Posted by Nick Couchman <vn...@apache.org>.
On Fri, Jun 15, 2018 at 11:48 AM cchance <cc...@gmail.com> wrote:
> To log in to these switches normally we have to do +ssh-dsa and
> +diffie-hellman-group-sha1 in my ssh config for a pc to be able to cleanly
> ssh to one of these switches so not sure if that is whats causing issues
> when it comes time to connect with Guacamole...
>
> But every time I try to connect I get an SSH Handshake failed after
> entering
> a password, same when using a private key... Always just SSH Handshake
> failed...
>
> Any idea what I can do to fix the problem?
>
>
What type of system are you running guacd on? What version of libssh2 is
installed?
-Nick