On Mon, Jan 22, 2018 at 9:15 AM, <harry.dev...@faa.gov> wrote: > Guacd is running. I looked at /var/log/messages and encountered the > following: > > > > Jan 22 09:09:21 access guacd[1760]: Creating new client for protocol "ssh" > > Jan 22 09:09:21 access guacd[1760]: Connection ID is > "$e25765a1-e06d-4bd7-959c-2e7878839efe" > > Jan 22 09:09:21 access guacd[30054]: User > "@8e09fdad-3f86-4e2c-a85a-2c342e200921" > joined connection "$e25765a1-e06d-4bd7-959c-2e7878839efe" (1 users now > present) > > Jan 22 09:09:21 access server: 09:09:21.596 [http-bio-8080-exec-8] INFO > o.a.g.tunnel.TunnelRequestService - User "guacadmin" connected to > connection "3". > > Jan 22 09:09:30 access guacd[30054]: SSH handshake failed. > > Jan 22 09:09:30 access guacd[30054]: User > "@8e09fdad-3f86-4e2c-a85a-2c342e200921" > disconnected (0 users remain) > > Jan 22 09:09:30 access guacd[30054]: Last user of connection > "$e25765a1-e06d-4bd7-959c-2e7878839efe" disconnected > > Jan 22 09:09:30 access server: 09:09:30.808 [http-bio-8080-exec-8] INFO > o.a.g.tunnel.TunnelRequestService - User "guacadmin" disconnected from > connection "3". Duration: 9210 milliseconds > > Jan 22 09:09:30 access server: Exception in thread "Thread-30" > java.lang.IllegalStateException: > Message will not be sent because the WebSocket session has been closed > > Jan 22 09:09:30 access server: at org.apache.tomcat.websocket. > WsRemoteEndpointImplBase.writeMessagePart(WsRemoteEndpointImplBase.java: > 387) > > Jan 22 09:09:30 access server: at org.apache.tomcat.websocket. > WsRemoteEndpointImplBase.startMessage(WsRemoteEndpointImplBase.java:344) > > Jan 22 09:09:30 access server: at org.apache.tomcat.websocket. > WsRemoteEndpointImplBase$TextMessageSendHandler.write( > WsRemoteEndpointImplBase.java:788) > > Jan 22 09:09:30 access server: at org.apache.tomcat.websocket. > WsRemoteEndpointImplBase.sendPartialString(WsRemoteEndpointImplBase.java: > 252) > > Jan 22 09:09:30 access server: at org.apache.tomcat.websocket. > WsRemoteEndpointImplBase.sendString(WsRemoteEndpointImplBase.java:195) > > Jan 22 09:09:30 access server: at org.apache.tomcat.websocket. > WsRemoteEndpointBasic.sendText(WsRemoteEndpointBasic.java:37) > > Jan 22 09:09:30 access server: at org.apache.guacamole.websocket. > GuacamoleWebSocketTunnelEndpoint$2.run(GuacamoleWebSocketTunnelEndpoi > nt.java:167) > > Jan 22 09:09:31 access guacd[1760]: Connection > "$e25765a1-e06d-4bd7-959c-2e7878839efe" > removed. > > > > I will say this: late last week, we made all of our servers FIPS-2 > compliant due to an IT requirement in our organization. I’m suspecting > that, since the server I’m trying to connect to is now FIPS-2 compliant, > that’s why the “SSH handshake failed” error is happening. But I don’t see > anything in the connection setup to specify what encryption to use for SSH. > > >
For SSH connections, the algorithms for Cipher and Key Exchange are determined by upstream support in the libssh2 library. You can see the current list of supported ciphers, hashes, key exchanges, etc., on the web site: https://libssh2.org/ -Nick
