Resolving 'SSH Handshake Failed' Issues in Guacd Remote Console

vsenthilkarasu · October 30, 2024, 8:14am

In instances where Morpheus nodes have undergone security hardening, users may encounter connectivity issues with the remote console, specifically receiving the error message “SSH handshake failed” when debugging the guacd service. To diagnose this issue, please execute the following commands on one of the Morpheus nodes and the target VM:

ssh -Q cipher
ssh -Q mac
ssh -Q kex

For example, on the Morpheus node, you might see:

**ssh -Q cipher**
aes128-cbc
aes192-cbc
aes256-cbc
rijndael-cbc@lysator.liu.se
aes128-ctr
aes192-ctr
aes256-ctr
aes128-gcm@openssh.com
aes256-gcm@openssh.com

**ssh -Q mac**
hmac-sha1
hmac-sha2-256
hmac-sha2-512
hmac-sha1-etm@openssh.com
hmac-sha2-256-etm@openssh.com
hmac-sha2-512-etm@openssh.com

**ssh -Q kex**
diffie-hellman-group14-sha1
diffie-hellman-group14-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512
diffie-hellman-group-exchange-sha1
diffie-hellman-group-exchange-sha256
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521

And on the target VM:

**ssh -Q cipher**
3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
aes128-ctr
aes192-ctr
aes256-ctr
aes128-gcm@openssh.com
aes256-gcm@openssh.com
chacha20-poly1305@openssh.com

**ssh -Q mac**

hmac-sha1
hmac-sha1-96
hmac-sha2-256
hmac-sha2-512
hmac-md5
hmac-md5-96
umac-64@openssh.com
umac-128@openssh.com
hmac-sha1-etm@openssh.com
hmac-sha1-96-etm@openssh.com
hmac-sha2-256-etm@openssh.com
hmac-sha2-512-etm@openssh.com
hmac-md5-etm@openssh.com
hmac-md5-96-etm@openssh.com
umac-64-etm@openssh.com
umac-128-etm@openssh.com

**ssh -Q kex**
diffie-hellman-group1-sha1
diffie-hellman-group14-sha1
diffie-hellman-group14-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512
diffie-hellman-group-exchange-sha1
diffie-hellman-group-exchange-sha256
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
curve25519-sha256
curve25519-sha256@libssh.org
sntrup761x25519-sha512@openssh.com

By comparing the output from the Morpheus node and the target VM, We identified discrepancies in the supported algorithms. Consequently, We updated the “/etc/ssh/sshd_config” file on the target VM with the following configurations:

Ciphers aes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
MACs hmac-sha1,hmac-sha2-256,hmac-sha2-512
KexAlgorithms diffie-hellman-group14-sha1,diffie-hellman-group14-sha256,ecdh-sha2-nistp256

After restarting the SSH service with “systemctl restart sshd” , the remote console functionality was successfully restored for the target VM within Morpheus.

Note: It is essential to implement the same adjustments in the template to ensure that all VMs created from this template do not experience remote console issues in the future.

Thanks
Velan

Topic		Replies	Views
Keyboard mapping problems/unexpected keys when using Hypervisor Console in VMware Administration console , keyboard , hypervisor	2	1067	January 10, 2025
Remote Console For Windows VM is not working Infrastructure instances	3	276	January 24, 2023
VM Console wasn't shown in Morpheus Portal Infrastructure console	9	326	December 16, 2022
Guacamole Console Support in Morpheus Infrastructure console , guacamole	1	323	May 16, 2022
Handshake failed due to invalid Upgrade header Websocket error Administration agent	3	518	May 15, 2024

Resolving 'SSH Handshake Failed' Issues in Guacd Remote Console

Related topics