[GUACAMOLE-1669] SSH Connections not working when FIPS mode is enabled on guacd host - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.5.2
Component/s: None
Labels:
None

Description

SSH connections (either password auth, or private key auth) are not working on hosts where FIPS mode is enabled. If FIPS mode is disabled, the connections start working again.

The problem seems to be that libssh2 negotiates to use non-FIPS-compliant key exchange algorithms or ciphers, and then OpenSSL refuses to use them.

The answer is most likely to just specify a list of FIPS-compatible algorithms and ciphers before connecting, if FIPS mode is enabled. It's unclear why libssh2 isn't already doing this.

Attachments

Activity

People

Assignee:: Mike Jumper

Reporter:: James Muehlner

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 23/Aug/22 23:30

Updated:: 17/May/23 23:25

Resolved:: 17/May/23 23:25