jwetzell / docker-guacamole

A self-contained guacamole docker container for x64 and ARM. Remotely connect over SSH, RDP or VNC using HTML5.
https://hub.docker.com/r/oznu/guacamole/
GNU General Public License v3.0
108 stars 18 forks source link

Missing Secure SSH Protocols #4

Closed BlwAvg closed 10 months ago

BlwAvg commented 2 years ago

Describe Your Problem: This version of Guac only supports DSS and RSA protocols for SSH connectivity. This should be fixed in later versions of the guac 1.4.0 github. https://issues.apache.org/jira/browse/GUACAMOLE-1655

When trying to connect to a modern OS, like Ubuntu 2204 (Jammy), you are not able to connect via SSH.

Logs:

guacd[371]: ERROR: SSH handshake failed.

Screenshots: N/A

Environment:

yauyauwind commented 2 years ago

Hello All,

Yes, I found that the ECDSA is not supported, when connect SSH via ECDSA or ED25519, it's prompt up need input passphrase, however I haven't set passphrase , even I gen a Key need the passphrase and input the passphrase, it's not work

I view the SSH server log, there is no connection, mean the Guac haven't try to connect to the server when I switch to RSA it's work

How can I config the Guac to support ECDSA?

Thanks~~

boin commented 1 year ago

same problem here. can't connect ubuntu 2204.

seems like bullseye's libssh2 is a bit old (1.9.0) can't support more morden cypertypes.

I suggest using a more recent linux base image or upgrade libssh2 version in images.

libssh2

bullseye (libs): 1.9.0-2 bookworm (libs): 1.10.0-3 trixie (libs): 1.11.0-2 sid (libs): 1.11.0-2

and however, an temporary workaround here: https://www.reddit.com/r/linuxquestions/comments/ued2vq/apache_guacamole_cant_ssh_into_ubuntu_2204/

more doc's here: https://lists.apache.org/thread/wht9k7xwk05cjlp8nfokf72mp5mjy14p

cc to @jwetzell

jwetzell commented 1 year ago

@boin Wish I could use a more recent base image easily, I will look into seeing if there is a way to get a newer version of libssh2 in though.

boin commented 1 year ago

Oh that's nice. I am not a java guy, I thounght maybe "from 9.0/jre11/temurin-jammy" ?

Anyway, thank you for the wonderful job to synology users.

Cheers

jwetzell commented 1 year ago

@boin yeah the real problem is the version of Postgres. That can't be updated easily as it would require some sort of "auto migrate" or instructions for users on how to migrate their data folders. Kind of the big downside of trying to keep this image a drop in replacement of the old oznu image

Judman commented 1 year ago

Running into this trying to connect to Unraid 6.12.3 via SSH.

Sep 29 18:54:21 Tower sshd[4245]: Connection from 10.0.10.107 port 45688 on 10.0.20.30 port 22 rdomain ""
Sep 29 18:54:21 Tower sshd[4245]: Unable to negotiate with 10.0.10.107 port 45688: no matching host key type found. Their offer: ssh-rsa,ssh-dss [preauth]