Hi Nick, The devices for which we are facing an issue are Cisco Routers.
The libssh version is 1.7.0 I added this line "KexAlgorithms diffie-hellman-group16-sha512" in file " /etc/ssh/sshd_config" on linux machine and then tried ssh session. I got below error message. Attached are the guacamole debug logs only for this problematic ssh session. [image: image.png] If I remove this line "KexAlgorithms diffie-hellman-group16-sha512" then it works perfectly fine. Regards, Abhijeet Jha On Fri, May 15, 2020 at 12:15 AM Abhijeet Jha <[email protected]> wrote: > Hi Nick, > Please find my comments below: > > what version of libssh2 you have installed? > --> We have used the official docker image. and the libssh version (from > packet capture) is 1.7.0. > > Maybe you can narrow down the portion of the log that actually identifies > the issue you're seeing an send that along? > --> Actually this issue is coming into production and it is difficult for > us to differentiate between guacamole debug logs which is specific to > Diffie Hellman Kex. I will try to figure out production logs specific to > this DF kex issue or will send logs from local environment is issue if > reproduced. > > Regards, > Abhijeet Jha > > > > > > > On Fri, May 15, 2020 at 12:04 AM Nick Couchman <[email protected]> wrote: > >> Abhijeet, >> First, regarding the Diffie Hellman algorithm issues, there is no update >> on this. The ticket you referred to is for a very specific set of embedded >> devices, and, as I do not have access to any devices like that, it is very >> hard to reproduce. In general issues in Guacamole with key exchange >> algorithms are usually issues with libssh2 support for those algorithms, as >> guacd delegates the SSH functions to the libssh2 library. Do you know >> exactly what key algorithm that destination SSH device is trying to use, >> and what version of libssh2 you have installed? >> >> Also, you posted a log on the ticket regarding the problem you were >> having, but it's unclear from that log what the actual problem is. I see >> the key exchange error in the top of the log, but I also see RDP connection >> errors related to SSL/TLS failures. Maybe you can narrow down the portion >> of the log that actually identifies the issue you're seeing an send that >> along? It would help to eliminate the other entries that are not relevant >> to your problem. >> >> -Nick >> >> On Thu, May 14, 2020 at 2:18 PM Abhijeet Jha < >> [email protected]> wrote: >> >>> Hi, >>> >>> We are facing issue with Apache guacamole when Diffie Hellman alogrithm >>> is used as KEX algorithm. >>> >>> Kindly refer https://issues.apache.org/jira/browse/GUACAMOLE-895 for >>> detail. >>> >>> Do you have any update on this? >>> >>> Regards, >>> Abhijeet Jha >>> >>
guacamole_debug.logs
Description: Binary data
--------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
