guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From NTMMFTS <jay.x.le...@gmail.com>
Subject Re: ssh handshake failed latest libssh2
Date Sun, 29 Oct 2017 04:02:39 GMT
Hi,

Same issue trying to SSH to pfSense.  Here are the latest specs from the
pfSense Wiki at doc.pfsense.org for their SSH implementation since version
2.3.2 (current is 2.4.1-RELEASE) which guacamole doesn't seem to support
with libssh2 in 0.9.13-incubating:

-------------------------
NOTE: The ssh host keys were made more secure, and if a client remembers an
older, weaker key, the ssh client may refuse to connect. Remove the older
key and then make the ssh client learn the new key.
Changed sshd to use stronger Key Exchange algorithms and disabled some
older, weaker algorithms. Clients may need to be updated to handle the new
Key Exchange methods.
Currently allowed Key Exchange Algorithms:
curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
Removed the ECDSA host key from the sshd configuration
Added ED25519 host key to the sshd configuration
Changed the list of available ciphers.
Current allowed ciphers:
chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
Changed the list of available Message Authentication Code methods,
Current MAC list:
hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com
-------------------------

And here is a failure from the pfSense log:

-------------------------
fatal: Unable to negotiate with x.x.x.x port xxxxx: no matching key exchange
method found. Their offer:
diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
[preauth]-------------------------

Thanks for any insight on when this might be resolved.

~Jay L.




--
Sent from: http://apache-guacamole-incubating-users.2363388.n4.nabble.com/

Mime
View raw message