guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <harry.dev...@faa.gov>
Subject RE: Connection failures
Date Wed, 24 Jan 2018 13:38:59 GMT
OK, I see that.  Looks like it has support for it, however, I have libssh2 version 1.4.3 installed.
 I couldn’t find anything that says what 1.4.3 had support for.  Assuming that it DOES support
the FIPS algorithms, what settings for an SSH connection will I need to set to allow this?
 The only setting that looks close is the Encryption setting under “Guacamole Proxy Parameters
(GUACD)”, but I’m not using it.

Thanks,
Harry

From: Nick Couchman [mailto:vnick@apache.org]
Sent: Wednesday, January 24, 2018 8:27 AM
To: user@guacamole.apache.org
Subject: Re: Connection failures

On Mon, Jan 22, 2018 at 9:15 AM, <harry.devine@faa.gov<mailto:harry.devine@faa.gov>>
wrote:
Guacd is running.  I looked at /var/log/messages and encountered the following:

Jan 22 09:09:21 access guacd[1760]: Creating new client for protocol "ssh"
Jan 22 09:09:21 access guacd[1760]: Connection ID is "$e25765a1-e06d-4bd7-959c-2e7878839efe"
Jan 22 09:09:21 access guacd[30054]: User "@8e09fdad-3f86-4e2c-a85a-2c342e200921" joined connection
"$e25765a1-e06d-4bd7-959c-2e7878839efe" (1 users now present)
Jan 22 09:09:21 access server: 09:09:21.596 [http-bio-8080-exec-8] INFO  o.a.g.tunnel.TunnelRequestService
- User "guacadmin" connected to connection "3".
Jan 22 09:09:30 access guacd[30054]: SSH handshake failed.
Jan 22 09:09:30 access guacd[30054]: User "@8e09fdad-3f86-4e2c-a85a-2c342e200921" disconnected
(0 users remain)
Jan 22 09:09:30 access guacd[30054]: Last user of connection "$e25765a1-e06d-4bd7-959c-2e7878839efe"
disconnected
Jan 22 09:09:30 access server: 09:09:30.808 [http-bio-8080-exec-8] INFO  o.a.g.tunnel.TunnelRequestService
- User "guacadmin" disconnected from connection "3". Duration: 9210 milliseconds
Jan 22 09:09:30 access server: Exception in thread "Thread-30" java.lang.IllegalStateException:
Message will not be sent because the WebSocket session has been closed
Jan 22 09:09:30 access server: at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.writeMessagePart(WsRemoteEndpointImplBase.java:387)
Jan 22 09:09:30 access server: at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.startMessage(WsRemoteEndpointImplBase.java:344)
Jan 22 09:09:30 access server: at org.apache.tomcat.websocket.WsRemoteEndpointImplBase$TextMessageSendHandler.write(WsRemoteEndpointImplBase.java:788)
Jan 22 09:09:30 access server: at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendPartialString(WsRemoteEndpointImplBase.java:252)
Jan 22 09:09:30 access server: at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendString(WsRemoteEndpointImplBase.java:195)
Jan 22 09:09:30 access server: at org.apache.tomcat.websocket.WsRemoteEndpointBasic.sendText(WsRemoteEndpointBasic.java:37)
Jan 22 09:09:30 access server: at org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint$2.run(GuacamoleWebSocketTunnelEndpoint.java:167)
Jan 22 09:09:31 access guacd[1760]: Connection "$e25765a1-e06d-4bd7-959c-2e7878839efe" removed.

I will say this: late last week, we made all of our servers FIPS-2 compliant due to an IT
requirement in our organization.  I’m suspecting that, since the server I’m trying to
connect to is now FIPS-2 compliant, that’s why the “SSH handshake failed” error is happening.
 But I don’t see anything in the connection setup to specify what encryption to use for
SSH.


For SSH connections, the algorithms for Cipher and Key Exchange are determined by upstream
support in the libssh2 library.  You can see the current list of supported ciphers, hashes,
key exchanges, etc., on the web site:

https://libssh2.org/

-Nick
Mime
View raw message