On Tue, Oct 13, 2020 at 2:28 PM Devine, Harry (FAA) <[email protected]> wrote:
> I apologize that this has taken me so long to answer. Let me try and give > an update. > > > > Our Guacamole is installed on RHEL 7.8 and is the current 1.2.0 version. > If we set up an SSH connection to another RHEL 7 box, it works. We have an > SSH connection set up to go to a RHEL 8 box, and it does NOT work. The > guacamole log shows “SSH handshake failed”. > > > > On the RHEL 8 target box, we see the following: > > > > [root@tower1 ~]#tail -f /var/log/secure > > Oct 13 14:19:09 tower1 sshd[3583210]: FIPS mode initialized > > Oct 13 14:19:09 tower1 sshd[3583210]: Unable to negotiate with > xxx.xxx.xxx.xxx port 34598: no matching host key type found. Their offer: > ssh-rsa,ssh-dss [preauth] > > > > If we SSH from our guacamole server to that box directly (OS to OS), it > works without incident. So what could be going on in the Guacamole SSH > library that could be causing this? > > > Guacmaole uses libssh2, which does not have quite as broad support for all of the various key exchange algorithms and host keys that some of the larger libraries support. This message indicates that the Guacamole client is attempting to get either a RSA or DSS host key from the RHEL8 server, but it appears that RHEL8 is using a different host key type? I've not played much with EL8, so I'm not entirely sure what RHEL8 is using that isn't supported, but it is a mis-match in host key support between libssh2 and OpenSSH on EL8. -Nick >
