On Tue, Nov 22, 2022, 11:53 PM Jorge Lopez <[email protected]> wrote:
> But we want to avoid doing this (down grade ssh) in new servers. If new > servers don’t accept this protocol it’s by security reasons and we have a > lot of new servers that we are unable to connect by this reason. > > Is there an option like this, not in the whole servers but on guacd side: > > “You could add the following lines to your ~/.ssh/config and/or sshd_config > You can install and build the current "staging/1.5.0" branch from Guacamole's git against a newer libssh2. You may need to build libssh2 from source if your distro does not offer a new enough version, and you may need to build from git (see below). This aspect of behavior is actually dictated by the underlying SSH library, not Guacamole itself. The only changes on the Guacamole side with respect to improving key handling were: * Migrate to recent libssh2's built-in support for reading private keys from memory (we previously had to do this manually), which supports OpenSSH's new key format. * Rearchitect the Docker image build to build libssh2 (and all other protocol libraries) from their latest release source, so that users don't need to rely on their distro releasing updated packages. The issue with recent OpenSSH deprecating and disabling ssh-rsa were noted here: https://github.com/libssh2/libssh2/issues/634 I'm not sure whether libssh2 has cut a release with this support. Using an elliptic curve key could work with the latest libssh2 and "staging/1.5.0" guac. Using a build of libssh2 from git with "staging/1.5.0" guac should work with RSA keys and recent OpenSSH, too. As I ask in the previous mail, is expected to fix this in v1.5 guacd > release and when is expected the release? > Everyone's been pretty busy lately. It should be out this year. Beyond that, it's difficult to make a more accurate guess. Please definitely feel free to build the latest from git and give that some solid testing. The more testing the merrier, and it should also happily solve your immediate issue. - Mike
