On Tue, Jun 28, 2022 at 9:10 AM Chetan Rao <[email protected]> wrote:
> Hello, > > I am a Senior Software Engineer working for Logicmonitor India. We use > guacamole to support remote ssh, RDP and telnet functionalities. > > One of the limitations that we have come across is that guacamole only > supports ssh through libssh2 library. We are currently looking for ways to > implement other libraries like SSHJ/JSch in guacamole. It will allow us to > support updated Key-Exchange algorithms and Cipher suites that are > unavailable in libssh2. > > I am going through the guacamole code repo but I want clarity from you > guys on whether it is feasible or even possible to implement SSHJ or any > other third part ssh library in guacamole. The reason is that libssh2 is > quite old and doesn’t support most of the latest Ciphers. > > A couple of thoughts for you on this: * There have been discussions about using different SSH libraries for Guacamole, but no efforts yet to actually add other libraries. The most common one that is asked about is libssh (vs. libssh2). * SSHJ and Jsch won't work, because those are Java libraries, not C libraries. The code that actually translates the Guacamole protocol to/from SSH is written in C, so you'll need a C (or possibly C++) SSH library. * Saying "libssh2 is quite old" is not quite accurate. libssh2 gets pretty routine updates, and supports a lot of newer cipher algorithms (latest official release is August 2021). The version of libssh2 that is bundled and included with many Linux distributions - especially ones that focus on stability and minimize changes (e.g. RHEL/CentOS/Rocky) - may be older or out-of-date. That said, it's reasonably easy to download and compile the latest libssh2, and then build Guacamole against that version, to make sure you get the latest cipher and key exchange support. -Nick
