[Support] jasonbean - Apache Guacamole

Taddeusz

By Taddeusz
in Docker Containers

Taddeusz
Message added by Taddeusz,

Before upgrading to 1.5.0 you need to have first upgraded to 1.4.0-3 of the container. I discovered that prior to 1.4.0-3 it was not shutting down MariaDB correctly and causing the database to be left in a dirty state.

 

If after upgrading to 1.5.0 you discover that MariaDB is stopping and the log mentions something about needing to open the database in an older version of MariaDB you should downgrade specifically to 1.4.0-3, start the container and make sure it's running correctly. Then you may upgrade to 1.5.0.

Recommended Posts

hot22shot Apprentice

hot22shot

Posted
Posted (edited)
16 hours ago, Taddeusz said:


If your Guacamole container is connected to a custom network you need to go to Unraid’s Docker settings and enable “Host access to custom networks”.

 

Nope that's not it : I'm using the bridge interface and anyway this option is already set on my server.

And the error message suggest that Guacamole reach the SSH server but can't finish the handshake.

 

I think I may have the root cause, here's the debug logs from guacd when an attempt is made : 

guacd[385]: DEBUG:      Client is using protocol version "VERSION_1_3_0"
guacd[385]: DEBUG:      Successfully connected to host 192.168.1.40, port 22
guacd[385]: ERROR:      SSH handshake failed.

 

The connection is effective but the handshake couldn't go through.

Now here's the logs from unraid : 

Mar 26 08:42:08 <my unraid hostname> sshd[7790]: Unable to negotiate with 172.17.0.22 port 58070: no matching hos
t key type found. Their offer: ssh-rsa,ssh-dss [preauth]

 

So the SSH connection fails because guacd and sshd couldn't find a common ground.

The only way I could make it worked is allowing ssh-rsa again in unraid :

  

To permit using old RSA keys for OpenSSH 8.8+, add the following lines to your sshd_config:

HostKeyAlgorithms=ssh-rsa,[email protected]
PubkeyAcceptedAlgorithms=+ssh-rsa,[email protected]

 

 

Edited by hot22shot
Link to comment
  • Replies 1.1k
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

Taddeusz
Taddeusz

Apache Guacamole is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, SSH, and Telnet. This docker primarily has a MariaDB (MySQL) database built-in for authentication

Taddeusz
Taddeusz

We're getting closer to Guacamole 1.5.0. They've released RC1.

Taddeusz
Taddeusz

Yes, I’ve been working on it when I can.

Posted Images

evakq8r Rookie

evakq8r

Posted
Posted

Have tried setting this up today, and can't get the web UI to load the login prompt without throwing this:

 

image.png.0911eab2325695fb6c03e5f18f9940d2.png

 

There's no errors in the Apache Guacamole docker, nor MariaDB. The user and password work for the database I setup for this container, so I'm at a loss.

 

Have tried both Unraid templates (with and without mariadb), Docker has 'host access to custom networks' enabled, and have also tried different networks (br0 to give the container it's own IP, as well as my reverse proxy network).

 

Probably something simple, but any help would be appreciated. Thanks.

Link to comment
Taddeusz Collaborator

Taddeusz

Posted
  • Author
Posted
27 minutes ago, evakq8r said:

Have tried setting this up today, and can't get the web UI to load the login prompt without throwing this:

 

image.png.0911eab2325695fb6c03e5f18f9940d2.png

 

There's no errors in the Apache Guacamole docker, nor MariaDB. The user and password work for the database I setup for this container, so I'm at a loss.

 

Have tried both Unraid templates (with and without mariadb), Docker has 'host access to custom networks' enabled, and have also tried different networks (br0 to give the container it's own IP, as well as my reverse proxy network).

 

Probably something simple, but any help would be appreciated. Thanks.


You’re using it with an external database? Did you import the database schema using the SQL file?

Link to comment
evakq8r Rookie

evakq8r

Posted
Posted
1 hour ago, Taddeusz said:


You’re using it with an external database? Did you import the database schema using the SQL file?

 

Yes using an external DB and also imported the schema. For whatever reason though, I just reinstalled it from scratch and made no changes to config, and 'it just works'.

 

NFI why, but I'm not questioning it. :)

Link to comment
Taddeusz Collaborator

Taddeusz

Posted
  • Author
Posted
8 minutes ago, joshbgosh10592 said:

I feel like a complete noob, but how do you even edit the guacamole.properties? nano, vim, nor vi seem to work...


I personally use nano. I haven’t had any problems. What kind of problem are you having editing the properties file?

Link to comment
joshbgosh10592 Rookie

joshbgosh10592

Posted
Posted
On 3/30/2022 at 10:55 PM, Taddeusz said:


I personally use nano. I haven’t had any problems. What kind of problem are you having editing the properties file?

I also typically use nano, but when I try to edit it (using the container's CLI), no commands work - not nano, not ping, not even vi. I have a feeling I'm just doing something wrong and it's a simple mistake lol..

Link to comment
alturismo Mentor

alturismo

Posted
Posted
2 minutes ago, joshbgosh10592 said:

when I try to edit it (using the container's CLI), no commands work

cause the programs are not installed inside the docker ...

 

depends now how you can access the mashine, the guacamole.properties is located in /mnt/user/appdata/.....

 

so either use the unraid terminal and use nano or a client and access the share ...

 

image.png.832b1b9bc1be291766023b1320315ad4.png

Link to comment
joshbgosh10592 Rookie

joshbgosh10592

Posted
Posted
49 minutes ago, alturismo said:

cause the programs are not installed inside the docker ...

 

depends now how you can access the mashine, the guacamole.properties is located in /mnt/user/appdata/.....

 

so either use the unraid terminal and use nano or a client and access the share ...

 

image.png.832b1b9bc1be291766023b1320315ad4.png

Yup, sorry, like I said, I felt like a complete noob and was making a stupid, simple mistake. Thank you! I'm very new to dockers and forgot that their data is just a folder inside the appdata share.

Link to comment
JonathanM Grand Master

JonathanM

Posted
Posted
8 hours ago, joshbgosh10592 said:

Thank you! I'm very new to dockers and forgot that their data is just a folder inside the appdata share.

Only the part of the container that has a mapping is elsewhere. Understanding the difference between the container's own filesystem, the host filesystem, and how the two interact with mapping is one of the core principles that you need to get familiar with when working with docker containers.

Link to comment
BMCave Noob

BMCave

Posted
Posted (edited)

TOPIC: TOTP field not showing on hosted site.

I have set up TOTP for ApacheGuacamole and it is working on the local host fine.
I have reversed proxied (Using NginxProxyManager) it to a custom domain and it worked without the TOTP but not with TOTP enabled the page is displayed but

there is no entry to type the one time password.

 


The network response when clicking the Continue:

POST https://vm.domain.com/api/tokens
400 Bad Request

[EDIT] - SOLVED:
One of my Cache Drives was completely filled.
Freeing up space on that drive resolved the issue. 


 

Screenshot_2022-04-03_13-03-58.png

Edited by BMCave
Link to comment
BMCave Noob

BMCave

Posted
Posted
3 hours ago, BMCave said:

TOPIC: TOTP field not showing on hosted site.

I have set up TOTP for ApacheGuacamole and it is working on the local host fine.
I have reversed proxied (Using NginxProxyManager) it to a custom domain and it worked without the TOTP but not with TOTP enabled the page is displayed but

there is no entry to type the one time password.

 


The network response when clicking the Continue:

POST https://vm.domain.com/api/tokens
400 Bad Request


 

Screenshot_2022-04-03_13-03-58.png

I i modify the post request on the first login page and add the one time password in it seems to work. 
 

2022-04-03 18_27_30-Untitled - Paint.png

Link to comment
BMCave Noob

BMCave

Posted
Posted
On 4/4/2022 at 4:36 PM, Taddeusz said:

@BMCave Have you tried clearing your cache?

That was indeed the issue! One of my shares were set up incorrectly and filled one of the cache drives once clearing the drives it was working as expected.

Is there an explanation as to why this would affect something like this?

Link to comment
Taddeusz Collaborator

Taddeusz

Posted
  • Author
Posted
15 hours ago, BMCave said:

That was indeed the issue! One of my shares were set up incorrectly and filled one of the cache drives once clearing the drives it was working as expected.

Is there an explanation as to why this would affect something like this?


I actually meant your browser cache but that would probably cause all sorts of random weirdness. In this case it was probably having issues writing to the database.

Link to comment
hot22shot Apprentice

hot22shot

Posted
Posted
On 3/27/2022 at 7:02 PM, Taddeusz said:

@hot22shot It sounds like you're using a host key. If that's the case you should probably regenerate the host key on your Unraid server to not use the insecure old RSA algorithm rather than bypassing the limitation.

 

I do not use host key for authentification.

I think the core issue is with the algorithms used to exchange keys between guacd and unraid.

Unraid is using a recent version of openSSH, on the other end guacd use libssh2 and your image docker use version 1.8.

 

The error message I got from unraid seems to be resolved with the uprade of libssh2, would you consider bumping to 1.10 ?

 

Link to comment
Taddeusz Collaborator

Taddeusz

Posted
  • Author
Posted (edited)
3 hours ago, hot22shot said:

 

I do not use host key for authentification.

I think the core issue is with the algorithms used to exchange keys between guacd and unraid.

Unraid is using a recent version of openSSH, on the other end guacd use libssh2 and your image docker use version 1.8.

 

The error message I got from unraid seems to be resolved with the uprade of libssh2, would you consider bumping to 1.10 ?

 


Not saying it’s not a problem but I have no problem connecting to my own Unraid SSH. I’m running 6.9.2. Unless something has changed with 6.10? I’m not going to be running 6.10 until it’s final. I just don't have the hardware to test this one container on the next version of Unraid. I don't want to risk my one Unraid server.

Edited by Taddeusz
Link to comment
hot22shot Apprentice

hot22shot

Posted
Posted
8 minutes ago, Taddeusz said:


Not saying it’s not a problem but I have no problem connecting to my own Unraid SSH. I’m running 6.9.2. Unless something has changed with 6.10? I’m not going to be running 6.10 until it’s final. I just don't have the hardware to test this one container on the next version of Unraid. I don't want to risk my one Unraid server.

 

Well i don't have a 6.9.2 environment anymore, but I suppose that openSSH has been bumped since then.

6.10.0-RC4 comes with OpenSSH 8.8+ which disabled RSA by default

  

This release disables RSA signatures using the SHA-1 hash algorithm by default.

 

I can test any new container if you want.

Link to comment
Taddeusz Collaborator

Taddeusz

Posted
  • Author
Posted (edited)

@hot22shot Looking at it further I'd have to switch to building guacd myself rather than using their pre-built guacd container. Their pre-built guacd container uses Debian buster-slim as it's base which has libssh2-1 version 1.8.0-2.1. For their upcoming 1.5.0 version they've switched to using Ubuntu 21.10 which has libssh2-1 version 1.9.0-3. I'm not sure which version of the libssh2-1 library would negotiate correctly with Unraid 6.10?

Edited by Taddeusz
Link to comment
hot22shot Apprentice

hot22shot

Posted
Posted
On 4/15/2022 at 5:32 PM, Taddeusz said:

@hot22shot Looking at it further I'd have to switch to building guacd myself rather than using their pre-built guacd container. Their pre-built guacd container uses Debian buster-slim as it's base which has libssh2-1 version 1.8.0-2.1. For their upcoming 1.5.0 version they've switched to using Ubuntu 21.10 which has libssh2-1 version 1.9.0-3. I'm not sure which version of the libssh2-1 library would negotiate correctly with Unraid 6.10?

 

To be honest I'm not sure. Do you know when the 1.5 is due ?

 

 

Link to comment
Taddeusz Collaborator

Taddeusz

Posted
  • Author
Posted
10 minutes ago, hot22shot said:

 

To be honest I'm not sure. Do you know when the 1.5 is due ?

 

 

They’ve been doing annual major version releases so probably not till January or February next year. I will try and experiment when I can. I can’t really promise a timeline.

Link to comment
  • 2 weeks later...
saatalir Noob

saatalir

Posted
Posted

Hi guys, I just installed the ApacheGuacamole App from Taddeusz repo.

For some reason I get an invalid login message the moment the installation finishes and I go to 

login to the Apache server for the 1st time using the default guacadmin username/password.

Any idea why that would be happening?

Any help is greatly appreciated

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing