Hi Nick, Can you please help with one query related to upgrading libssh2 library in guacamole:
if you're having trouble connecting with one of the above algorithms, then you should upgrade libssh2 to the latest release and try, again. --> We are using official docker image "guacamole/guacd:1.0.0". How can we upgrade libssh2 to the latest version(v1.9.0) ? Do we need to follow this link <https://guacamole.apache.org/doc/gug/installing-guacamole.html> to build guacamole from source code with upgraded libssh2. Regards, Abhijeet Jha On Wed, Jul 15, 2020 at 4:57 PM Abhijeet Jha <[email protected]> wrote: > Hi Nick, > > If you're having trouble connecting to any SSH connection, you need to > make sure that guacd was built with SSH support. > --> The issue is with only certain Cisco devices for couple of customers, > SSH connections are working for other customers. So our guacamole does have > SSH support. > > > if you're having trouble connecting with one of the above algorithms, then > you should upgrade libssh2 to the latest release and try, again. > --> We are using official docker image "guacamole/guacd:1.0.0". How can > we upgrade libssh2 to the latest version(v1.9.0) ? > Do we need to follow this link > <https://guacamole.apache.org/doc/gug/installing-guacamole.html> to build > guacamole from source code with upgraded libssh2. > > Regards, > Abhijeet Jha > > > On Tue, Jul 14, 2020 at 5:38 PM Nick Couchman <[email protected]> wrote: > >> On Tue, Jul 14, 2020 at 6:43 AM Abhijeet Jha < >> [email protected]> wrote: >> >>> Hi Nick, >>> >>> Sorry for providing incorrect information, the customer device is >>> configured to use the following Kex algorithm and not "KexAlgorithms >>> diffie-hellman-group16-sha512". >>> >>> - diffie-hellman-group-exchange-sha1 >>> - diffie-hellman-group14-sha1 >>> - diffie-hellman-group1-sha1 >>> >>> Ciphers*: *aes256-cbc >>> MAC: hmac-sha1 >>> >>> I have sorted out attached debug logs from the production server and >>> will be easy for you to look at. >>> >>> We performed some testing with a customer device by using ssh client >>> JSCH.4.0.0 which worked fine but the ssh connection did not work with >>> guacamole 1.0.0. >>> >>> >> The support for SSH and algorithms has nothing to do with Java or any >> ability for a Java-based SSH client to connect. The functionality is >> provided by guacd, which leverages the libssh2 library for SSH support. >> Thus, the key algorithms must be supported by libssh2. If you look at >> their web page (libssh2.org), you'll see the list of key exchange >> algorithms supported by the current version of the library: >> >> * Key Exchange Methods: diffie-hellman-group1-sha1, >> diffie-hellman-group14-sha1, diffie-hellman-group-exchange-sha1, >> diffie-hellman-group-exchange-sha256 >> >> Please note that this is what is supported in the *current* version - if >> you're having trouble connecting with one of the above algorithms, then you >> should upgrade libssh2 to the latest release and try, again. Note that >> this may well be the case for the Ciphers and MAC, as well - it's possible >> that one or more of those has been added in a recent version of libssh2, >> and if you're using something older you may not have that support. >> >> If you're having trouble connecting to any SSH connection, you need to >> make sure that guacd was built with SSH support. >> >>> >>> - >>> We upgraded guacamole from 0.9.3 to 1.0.0 in May 2019 and customer >>> reported that ssh to their Cisco devices stopped working which was >>> working till the time they reported the problem to us. >>> >>> >>> I'm not familiar with version history going back that far, but it's >> quite possible that 0.9.3 was prior to the move from libssh to libssh2, and >> that libssh had supported those algorithms and libssh2 did not. It's also >> possible that the build does not include SSH support because one or more of >> the dependencies is missing when guacd was built. >> >> So, start by verifying that guacd does include SSH support (you can >> connect to at least one SSH server successfully), then move on to >> attempting to upgrade libssh2 to the latest, and rebuild guacd against that. >> >> -Nick >> >
