[SOLVED] SSH handshake error with Apache Guacamole

[Dncl31]

Hello !

SSH connection between Apache Guacamole and OpnSense fails with this message : "The remote desktop server encountered an error and has closed the connection. Please try again or contact your system administrator.".

In Guacamole, the error displayed in "/var/log/syslog" is :

Code: [Select]

Jul 16 21:47:43 guacamole guacd[1256]: SSH handshake failed.
In OpnSense, the error in "var/log/audit/audit_20230716.log" is :

Code: [Select]

2023-07-16T21:42:15+02:00 XXX.XXX sshd 91432 - [meta sequenceId="1"] Unable to negotiate with 172.16.10.8 port 58772: no matching host key type found. Their offer: ssh-rsa,ssh-dss [preauth]
I use Guacamole v1.5.2, OpenSSH/OpenSSL versions are OpenSSH_8.4p1 Debian-5+deb11u1, OpenSSL 1.1.1n  15 Mar 2022.
And I use OpnSense v23.1.11-amd64, OpenSSH/OpenSSL versions are OpenSSH_9.3p1, OpenSSL 1.1.1u  30 May 2023

Is the error due to incompatibility between those versions ?

[pcaetano]

Hi,

ssh-rsa is a deprecated algorythm: https://marc.info/?l=openbsd-tech&m=163028217802671&w=2

It is possible to allow connecting from hosts running older openssh by adding ssh-rsa in:
System > Settings > Administration
*Click* on Show cryptographic overrides

Host key algorithms
Public key signature algorithms


Regards