RE: SSH Connections --- VMWare Hosts

[Brad Turnbough]

All,

It appears I've been able to make it work (albeit a bit less secure...)

Doing a bit of digging on the ESXi side....
2023-06-07T14:43:03.793Z sshd[2124552]: FIPS mode initialized
2023-06-07T14:43:03.793Z sshd[2124552]: Connection from X.Y.Z.A port 52678
2023-06-07T14:43:03.796Z sshd[2124552]: Unable to negotiate with X.Y.Z.A port 
52678: no matching host key type found. Their offer: ssh-rsa,ssh-dss [preauth]


On ESXi 7 hosts, you may need to edit /etc/ssh/sshd_config

In my case, I needed to add ssh-rsa to HostKeyAlgorithms.

I then restarted the SSH service:
/etc/init.d/SSH restart


Notes:  By default (to my knowledge).... the settings of ESXi7 hosts are:

HostKeyAlgorithms 
ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-256,rsa-sha2-512


Are there any plans to support more secure HostKeyAlgorithms?




Thank you,

Brad Turnbough
Senior Technology Analyst

P: 309.272.2739 F: 309.272.2839

www.betterbanks.com
www.glasfordbank.com



NOTICE: The information contained in this email and any document attached 
hereto is intended only for the named recipient(s). If you are not the intended 
recipient, nor the employee or agent responsible for delivering this message in 
confidence to the intended recipient(s), you are hereby notified that you have 
received this transmittal in error, and any review, dissemination, distribution 
or copying of this transmittal or its attachments is strictly prohibited. If 
you have received this transmittal and/or attachments in error, please notify 
me immediately by reply e-mail and then delete this message, including any 
attachments.

www.statestreetbank.com-----Original Message-----
From: Brad Turnbough <bturnbo...@backlundinvestment.com>
Sent: Wednesday, June 7, 2023 8:22 AM
To: user@guacamole.apache.org
Subject: RE: SSH Connections --- VMWare Hosts

Here is my versioning information.  (Ubuntu 20.04 fully patched):

dpkg -l | grep libssh2
ii  libssh2-1:amd64                       1.8.0-2.1build1                   
amd64        SSH2 client-side library
ii  libssh2-1-dev:amd64                   1.8.0-2.1build1                   
amd64        SSH2 client-side library (development headers)

Looks like they don’t have an updated package for it.  UGH.  I either have to 
roll my own or I have to upgrade OS versions.

The next version of libssh2 they have is 1.10.  Do you think that'll suffice?




Thank you,

Brad Turnbough
Senior Technology Analyst

P: 309.272.2739 F: 309.272.2839

www.betterbanks.com
www.glasfordbank.com



NOTICE: The information contained in this email and any document attached 
hereto is intended only for the named recipient(s). If you are not the intended 
recipient, nor the employee or agent responsible for delivering this message in 
confidence to the intended recipient(s), you are hereby notified that you have 
received this transmittal in error, and any review, dissemination, distribution 
or copying of this transmittal or its attachments is strictly prohibited. If 
you have received this transmittal and/or attachments in error, please notify 
me immediately by reply e-mail and then delete this message, including any 
attachments.

www.statestreetbank.com-----Original Message-----
From: Nick Couchman <vn...@apache.org>
Sent: Tuesday, June 6, 2023 8:44 PM
To: user@guacamole.apache.org
Subject: Re: SSH Connections --- VMWare Hosts

On Tue, Jun 6, 2023 at 9:34 PM Nick Couchman <vn...@apache.org> wrote:
>
> On Tue, Jun 6, 2023 at 1:56 PM Brad Turnbough
> <bturnbo...@backlundinvestment.com> wrote:
> >
> > Hi Nick,
> >
> >
> >
> > Thanks for looking into this.  Is there any more information you need from 
> > me in order to look into this?
> >
>
> Can you confirm what platform you're running guacd on, and,
> specifically what your libssh2 version is? I can reproduce the issue
> consistently on my CentOS 7-based system, but I'm not seeing it on my
> CentOS 8 Stream system. I suspect it has to do with the capabilities
> of the libssh2 library and how the VMware SSH server is configured.
>

I updated the libssh2 library on my CentOS7 system from 1.8.0 (the package 
included with the system) to 1.11.0 (the latest release on the website), and 
then recompiled guacd against that new version of libssh2, and it seems to be 
working okay for me, now.

-NIck

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org
For additional commands, e-mail: user-h...@guacamole.apache.org

B�KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKCB��[��X��ܚX�KK[XZ[
�\�\�][��X��ܚX�P�XX�[[�K�\X�K�ܙ�B��܈Y][ۘ[��[X[��K[XZ[
�\�\�Z[�XX�[[�K�\X�K�ܙ�B