[SOLVED] SSH handshake error with Apache Guacamole

Started by Dncl31, July 16, 2023, 10:18:35 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 16, 2023, 10:18:35 PM Last Edit: July 17, 2023, 06:19:33 PM by Dncl31
Hello !

SSH connection between Apache Guacamole and OpnSense fails with this message : "The remote desktop server encountered an error and has closed the connection. Please try again or contact your system administrator.".

In Guacamole, the error displayed in "/var/log/syslog" is :
Code Select
Jul 16 21:47:43 guacamole guacd[1256]: SSH handshake failed.

In OpnSense, the error in "var/log/audit/audit_20230716.log" is :
Code Select
2023-07-16T21:42:15+02:00 XXX.XXX sshd 91432 - [meta sequenceId="1"] Unable to negotiate with 172.16.10.8 port 58772: no matching host key type found. Their offer: ssh-rsa,ssh-dss [preauth]

I use Guacamole v1.5.2, OpenSSH/OpenSSL versions are OpenSSH_8.4p1 Debian-5+deb11u1, OpenSSL 1.1.1n  15 Mar 2022.
And I use OpnSense v23.1.11-amd64, OpenSSH/OpenSSL versions are OpenSSH_9.3p1, OpenSSL 1.1.1u  30 May 2023

Is the error due to incompatibility between those versions ?
July 17, 2023, 12:31:40 AM #1
Hi,

ssh-rsa is a deprecated algorythm: https://marc.info/?l=openbsd-tech&m=163028217802671&w=2

It is possible to allow connecting from hosts running older openssh by adding ssh-rsa in:
System > Settings > Administration
*Click* on Show cryptographic overrides

Host key algorithms
Public key signature algorithms


Regards
Print
Go Up Pages1
User actions