I hadn’t looked at ssh-dss before so I Googled it a bit and from what I read it’s considered weak because it can be compromised by bad random generator implementations. OpenSSH deprecated it in 2015 with version 7.0. It might be better to look for a different solution. After reading https://issues.apache.org/jira/browse/GUACAMOLE-1504 I guess it would be better to upgrade libssh2 on your Guacamole server? (or use a newer container image?) Other options I’ve found are adding “HostKeyAlgorithms +ssh-rsa” to the end of /etc/ssh/sshd_config on the Ubuntu machine and restart sshd (https://www.reddit.com/r/linuxquestions/comments/ued2vq/comment/i736why/?utm_source=share&utm_medium=web2x&context=3) or change the way you generate the keys (https://www.reddit.com/r/selfhosted/comments/os4d52/guacamole_ssh_keys_help/)
Best regards, Willem van de Mheen From: Don Eugene Paul Viado <[email protected]> Sent: Thursday, 18 August 2022 03:16 To: [email protected] Subject: Re: Guacamole 1.4.0 support for Ubuntu 22.04 SSH Thanks Mike for the valuable information. On Saturday, 13 August 2022 at 10:51:32 am SGT, Michael Jumper <[email protected]<mailto:[email protected]>> wrote: On Fri, Aug 12, 2022 at 7:40 PM Don Eugene Paul Viado <[email protected]<mailto:[email protected]>> wrote: > > Hi, > > I noticed after upgrade to Ubuntu 22.04, Guacamole 1.4.0 could no longer > access it via SSH. > Found out that the guacamole only supports ssh-dss? > Workaround by adding below on sshd_config: > > HostKeyAlgorithms ssh-rsa,ssh-dss > PubkeyAcceptedKeyTypes ssh-rsa,ssh-dss > > May we know when guacamole will support higher KeyTypes/Algo? > This is actually not a matter of Guacamole adding this support, but the underlying SSH library adding this support (libssh2). With respect to "ssh-rsa" and compatibility with newer versions of the OpenSSH server, they did this recently: https://github.com/libssh2/libssh2/pull/626 See: https://github.com/libssh2/libssh2/issues/634 - Mike --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected]<mailto:[email protected]> For additional commands, e-mail: [email protected]<mailto:[email protected]>
