guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Couchman <vn...@apache.org>
Subject Re: SSH handshake failed: only RSA keys possible?
Date Thu, 23 Nov 2017 00:02:32 GMT
On Wed, Nov 22, 2017 at 6:54 PM, flittermice <flittermice@gmx.at> wrote:

> I'm using version 0.9.13. My goal was to make a SSH connection to a host
> using my existing ed25519 keys. But I permanently got "SSH handshake
> failed"
> in guacd.
>
> So I have spent many hours of searching for the reason. Finally it turned
> out that it is only possible to use RSA keys:
> 1. ECDSA and Ed25519 private keys will not work because Guacamole won't be
> able to recognize the key format.
> 2. I configured my server to send an Ed25519 host key. This was the reason
> for the "SSH handshake failed" errors.
>
> Switching back to RSA keys solved the problem for me.
>
> Should this behaviour be documented? Or should the new key types be
> implemented?
> Or am I missing something?
>

Guacamole server (guacd) uses libssh2 for all of the SSH functionality, so
Guacamole supports whatever libssh2 support for host keys and ciphers.  The
following web page has a list of the host keys and ciphers supported by
libssh2:

https://www.libssh2.org/libssh2-vs-libssh.html

It looks like libssh2 only supports ssh-rsa and ssh-dss, and does not
support the ones you are looking for (ssh-ed* and ecdsa-*).

I'm open to brushing up the documentation with some information that at
least points people to the correct place to determine the supported host
keys and ciphers.

-Nick

Mime
View raw message