guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Couchman <vn...@apache.org>
Subject Re: SSH handshake failed: only RSA keys possible?
Date Sun, 24 Dec 2017 16:59:47 GMT
On Sat, Dec 23, 2017 at 10:41 PM, NTMMFTS <jay.x.lewis@gmail.com> wrote:

> It appears that libssh2 includes the aes256-cbc key exchange method
> supported
> by pfSense, so I modded the ssh.c code and let it compile during
> installation using hanaciamiento's guacamole install script
> (https://sourceforge.net/projects/guacamoleinstallscript/), but guacamole
> won't load at all afterwards.
>
> Here's the code and where I inserted it in ssh.c in the
> guac_common_ssh_create_session function:
>
>     /* Open SSH session */
>         // existing code
>
>         /* added preferred method for key exchange method supported by
> pfSense */
>         int returnval = libssh2_session_method_pref(session,
> LIBSSH2_METHOD_CRYPT_CS, "aes256-cbc");
>     if (returnval != 0) {
>         guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR,
>                 "Setting session preferred key exchange method to
> AES256-CBC
> failed.");
>         free(common_session);
>         close(fd);
>         return NULL;
>     }
>
>     /* Perform handshake */
>         // existing code
>

First, I don't think this should be necessary to get it working if libssh2
supports that crypt method.  I believe it will use any supported method
without having to set it as a preferred method, no?  That said, setting it
as preferred should not impede the connection, either, so this should be
fine.


>
> Anyone want to comment on this approach or try to get it working?
>

With guacd in debug mode (guacd -L debug), what messages do you see during
the SSH connection?  Also, when you say it "won't load at all with it
afterwards," what does this mean?  It segfaults?  Or guacd runs but the
connection doesn't start?  Or sometihng else?

-Nick

Mime
View raw message