> On 30-Jun-2022, at 6:20 PM, Chetan Rao <[email protected]> wrote:
>
> Hello Nick,
> Thank you for sharing your thoughts.
>
> One follow-up question :
> 1. I want to compile the latest libssh2 version 1.10.0 with guacamole.
> Currently, I have 1.10.0 installed in /usr/local/lib using the configure and
> make install for libssh2. But I also have libssh2-1.4.0 in /usr/lib64/ (using
> centos to build guacamole server). Now when I run configure and make install
> for guacamole-server, it is getting installed but I am not sure which libssh2
> version it is taking for compiling. I am guessing it is still taking the
> 1.4.0 present in /usr/lib64/. I am unable to uninstall this 1.4.0 version as
> well. So I am not sure how to point guacamole to use libssh2-1.10.0 version
> available and installed in /usr/local/lib.
>
> Please advise.
>
> Thank you in advance
> L S Chetan Rao
>
> On Tue, Jun 28, 2022 at 7:08 PM Nick Couchman <[email protected]
> <mailto:[email protected]>> wrote:
> On Tue, Jun 28, 2022 at 9:10 AM Chetan Rao <[email protected]
> <mailto:[email protected]>> wrote:
>
> > Hello,
> >
> > I am a Senior Software Engineer working for Logicmonitor India. We use
> > guacamole to support remote ssh, RDP and telnet functionalities.
> >
> > One of the limitations that we have come across is that guacamole only
> > supports ssh through libssh2 library. We are currently looking for ways to
> > implement other libraries like SSHJ/JSch in guacamole. It will allow us to
> > support updated Key-Exchange algorithms and Cipher suites that are
> > unavailable in libssh2.
> >
> > I am going through the guacamole code repo but I want clarity from you
> > guys on whether it is feasible or even possible to implement SSHJ or any
> > other third part ssh library in guacamole. The reason is that libssh2 is
> > quite old and doesn’t support most of the latest Ciphers.
> >
> >
> A couple of thoughts for you on this:
> * There have been discussions about using different SSH libraries for
> Guacamole, but no efforts yet to actually add other libraries. The most
> common one that is asked about is libssh (vs. libssh2).
> * SSHJ and Jsch won't work, because those are Java libraries, not C
> libraries. The code that actually translates the Guacamole protocol to/from
> SSH is written in C, so you'll need a C (or possibly C++) SSH library.
> * Saying "libssh2 is quite old" is not quite accurate. libssh2 gets pretty
> routine updates, and supports a lot of newer cipher algorithms (latest
> official release is August 2021). The version of libssh2 that is bundled
> and included with many Linux distributions - especially ones that focus on
> stability and minimize changes (e.g. RHEL/CentOS/Rocky) - may be older or
> out-of-date. That said, it's reasonably easy to download and compile the
> latest libssh2, and then build Guacamole against that version, to make sure
> you get the latest cipher and key exchange support.
>
> -Nick
