Nick,
It’s resolved! ‘enable-sftp’ ‘true’ in connection parameters caused Palo Alto SSH to fail. Many thanks, Adrian From: Nick Couchman [mailto:[email protected]] Sent: 10 March 2021 13:33 To: [email protected] Subject: Re: SSH to Palo Alto firewall On Wed, Mar 10, 2021 at 5:18 AM Adrian Owen <[email protected]<mailto:[email protected]>> wrote: Hi, Guacamole SSH fails to connect: Mar 10 08:08:47 busterguac guacd[438]: Creating new client for protocol "ssh" Mar 10 08:08:47 busterguac guacd[438]: Connection ID is "$ce36e34a-92e6-424c-86d0-2ad4f9a46078" Mar 10 08:08:47 busterguac guacd[79116]: Current locale does not use UTF-8. Some characters may not render correctly. Mar 10 08:08:47 busterguac guacd[79116]: User "@af8aab17-f8b4-435a-8ba6-66cb07242351" joined connection "$ce36e34a-92e6-424c-86d0-2ad4f9a46078" (1 users now present) Mar 10 08:08:48 busterguac guacd[79116]: No known host keys provided, host identity will not be verified. Mar 10 08:08:48 busterguac guacd[79116]: Unable to set the timezone: SSH server refused to set "TZ" variable. Mar 10 08:08:49 busterguac guacd[79116]: No known host keys provided, host identity will not be verified. Mar 10 08:10:18 busterguac guacd[79116]: User "@af8aab17-f8b4-435a-8ba6-66cb07242351" disconnected (0 users remain) Mar 10 08:10:18 busterguac guacd[79116]: Last user of connection "$ce36e34a-92e6-424c-86d0-2ad4f9a46078" disconnected Mar 10 08:10:23 busterguac guacd[79116]: Client did not terminate in a timely manner. Forcibly terminating client and any child processes. Mar 10 08:10:24 busterguac guacd[438]: Connection "$ce36e34a-92e6-424c-86d0-2ad4f9a46078" removed. Does Guacamole connect to other SSH hosts without issue? This looks like guacd is expecting something from the client but not getting it, which seems to indicate less of an SSH issue (that is gaucd -> Palo Alto) and more of a Guacamole Client -> guacd issue. Can you put guacd in debug mode and see if there are any more useful messages? -Nick
