[Support] jasonbean - Apache Guacamole

[ikkuranus]

I get the following error when trying to connect to any ssh server which requires a keypair

uacd[529]: ERROR: Auth key import failed: (null)

 

I have exported it from puttygen using the openssh (force new file format) option

 

-----BEGIN OPENSSH PRIVATE KEY-----

key here on several lines

-----END OPENSSH PRIVATE KEY-----
 

also entered the passphrase for said key

 

I am able to use said key in the built-in windows command line openssh client just fine.

[SpaceInvaderOne]

Here is a guide that i have made showing howto setup Guacamole. Hope its useful.

 

[Thorsten]

Hello,

 

I have problems with ssh and guacamole to logon to Unraid. Guacamole says that the server is not available. Per Putty with the same IP and port it works but or also to a VM it works. What could be the reason ?

 

Config Guacamole:

 

Not working:  IP 192.168.178.23 Port 22 Protokoll SSH

 

With Putty it works :

 

Here with command ping from the guacamole container:

root@efb9544f9e3b:/# ping 192.168.178.23
PING 192.168.178.23 (192.168.178.23) 56(84) bytes of data.
From 192.168.178.24 icmp_seq=1 Destination Host Unreachable
From 192.168.178.24 icmp_seq=2 Destination Host Unreachable
From 192.168.178.24 icmp_seq=3 Destination Host Unreachable
From 192.168.178.24 icmp_seq=4 Destination Host Unreachable
From 192.168.178.24 icmp_seq=5 Destination Host Unreachable
From 192.168.178.24 icmp_seq=6 Destination Host Unreachable
From 192.168.178.24 icmp_seq=7 Destination Host Unreachable
From 192.168.178.24 icmp_seq=8 Destination Host Unreachable
From 192.168.178.24 icmp_seq=11 Destination Host Unreachable
From 192.168.178.24 icmp_seq=12 Destination Host Unreachable
^C
--- 192.168.178.23 ping statistics ---
13 packets transmitted, 0 received, +10 errors, 100% packet loss, time 324ms
pipe 4
root@efb9544f9e3b:/# ping 192.168.178.15
PING 192.168.178.15 (192.168.178.15) 56(84) bytes of data.
64 bytes from 192.168.178.15: icmp_seq=1 ttl=128 time=0.263 ms
64 bytes from 192.168.178.15: icmp_seq=2 ttl=128 time=0.214 ms
64 bytes from 192.168.178.15: icmp_seq=3 ttl=128 time=0.195 ms
64 bytes from 192.168.178.15: icmp_seq=4 ttl=128 time=0.366 ms
64 bytes from 192.168.178.15: icmp_seq=5 ttl=128 time=0.264 ms
64 bytes from 192.168.178.15: icmp_seq=6 ttl=128 time=0.191 ms
^C
--- 192.168.178.15 ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 135ms
rtt min/avg/max/mdev = 0.191/0.248/0.366/0.063 ms
root@efb9544f9e3b:/# ping 192.168.178.31
PING 192.168.178.31 (192.168.178.31) 56(84) bytes of data.
64 bytes from 192.168.178.31: icmp_seq=1 ttl=128 time=2.79 ms
64 bytes from 192.168.178.31: icmp_seq=2 ttl=128 time=0.311 ms
64 bytes from 192.168.178.31: icmp_seq=3 ttl=128 time=0.223 ms
64 bytes from 192.168.178.31: icmp_seq=4 ttl=128 time=0.138 ms
64 bytes from 192.168.178.31: icmp_seq=5 ttl=128 time=0.321 ms
64 bytes from 192.168.178.31: icmp_seq=6 ttl=128 time=0.209 ms
^C
--- 192.168.178.31 ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 112ms
rtt min/avg/max/mdev = 0.138/0.664/2.787/0.951 ms
root@efb9544f9e3b:/#

 

Why can't I reach the Unraid server from the Guacamole container? Any idea?

Edited January 24, 2021 by Thorsten

[enigma27]

great docker i never knew about.

 

quick question.

 

I have successfully set-up access to two computers using RDP using IP addresses but is there anyway to get the connections to work connecting to the hostnames of the computers rather than IP as the two computers currently dont have static ip addresses?

[Taddeusz]

@Thorsten Is your Guacamole container set to be on a custom network? If so this would be the reason you cannot connect to Unraid’s SSH server. This is by design. For this to work your container network  must be set as Bridged.

[Thorsten]

2 minutes ago, Taddeusz said:

@Thorsten Is your Guacamole container set to be on a custom network? If so this would be the reason you cannot connect to Unraid’s SSH server. This is by design. For this to work your container network  must be set as Bridged.

Yes it is set to Custom: br0 with static ip. This is the same like SpaceInvader One Video. He do the same. With him it does not work for me.

 

Guacamole Container with ip 192.168.178.24

Unraid Server with IP 192.168.178.23

[Taddeusz]

9 minutes ago, enigma27 said:

great docker i never knew about.

 

quick question.

 

I have successfully set-up access to two computers using RDP using IP addresses but is there anyway to get the connections to work connecting to the hostnames of the computers rather than IP as the two computers currently dont have static ip addresses?

This probably depends on how your router provides DNS. I have an ASUS AC1900 using ASUS-WRT Merlin. It provides its own DNS and I have my network’s domain set to “bean.local”. I have no problems accessing other computers using their host names or fully qualified xxxx.bean.local.

[Taddeusz]

1 minute ago, Thorsten said:

Yes it is set to Custom: br0 with static ip. This is the same like SpaceInvader One Video. He do the same. With him it does not work for me.

 

Guacamole Container with ip 192.168.178.24

Unraid Server with IP 192.168.178.23

This would be the reason connecting to Unraid itself doesn’t work. The network must be set to Bridged. I have mine set that way for this very reason. For my reverse proxy to work I have to specify my unraid IP address and the port for Guacamole.

[Thorsten]

41 minutes ago, Taddeusz said:

This would be the reason connecting to Unraid itself doesn’t work. The network must be set to Bridged. I have mine set that way for this very reason. For my reverse proxy to work I have to specify my unraid IP address and the port for Guacamole.

 

Okay with Network Mode Briged I can use Guacamole to establish an SSH connection to the Unraid server.

Now I would only be interested why it works by SpaceInvaderOne with Custom:br0 and not with me.

 

@SpaceInvaderOne

If the Guacamole container is set to custom:br0 with a static IP address like 192.168.178.24. I can not establish an SSH connection to the Unraid server via Guacamole. But what seems to have worked for you in the video.

Why does this not work for me have I forgotten something?

[enigma27]

50 minutes ago, Taddeusz said:

This probably depends on how your router provides DNS. I have an ASUS AC1900 using ASUS-WRT Merlin. It provides its own DNS and I have my network’s domain set to “bean.local”. I have no problems accessing other computers using their host names or fully qualified xxxx.bean.local.

 

In windows using RDP I have no problems simply using the host name connecting to them.

 

So I will try and use XXXhostname.localdomain which is what they show up as in my Pi-Hole interface as see if that works.

[david279]

How does guacamole work thru mobile devices? I use chrome remote desktop thru my android phone and it works well for windows but can be glitchy with my mac os VM.

Edited January 24, 2021 by david279

[Taddeusz]

Just now, david279 said:

How does guacamole work thru mobile devices? I use chrome remote desktop thru my android phone and it works well for windows but can be glitchy with my mac os VM.

It works ok in a pinch. It's not the most elegant on mobile. I prefer using a VPN into my network and using SSH, VNC, or RDP apps directly.

[enigma27]

ok tried everything I can think of this evening and still cannot connect to any windows 10 machine using the hostname like i can with the RDP client in windows. I can only successfully connect with an IP address.

 

any other solutions I could try?

[GoldenEye22]

I am been using Apache Guacamole for a few years now a reverse-proxy to access my unraid server from anywhere. Recently within the past month since that was the last time I can confirm it worked, I am now getting nginx error in log. I replaced "mydomain", "myip", "myguacamole" below for privacy from nginx error.log. I have been messing with this for a couple hours originally I had the guacamole.subdomian.conf set up slightly different, but no variations have helped. Note: my nextcloud and boinc reverse-proxy are working fine with nginx, boinc even uses guacamole.

 

2021/01/25 03:21:27 [error] 471#471: *2 connect() failed (111: Connection refused) while connecting to upstream, client: myip, server: mydomainguacamole.*, request: "GET / HTTP/2.0", upstream: "http://guacamoleip:8080/", host: "mydomainguacamole.duckdns.org"
2021/01/25 03:21:28 [error] 471#471: *2 connect() failed (111: Connection refused) while connecting to upstream, client: myip, server: mydomainguacamole.*, request: "GET /favicon.ico HTTP/2.0", upstream: "http://guacamoleip:8080/favicon.ico", host: "mydomainguacamole.duckdns.org", referrer: "https://mydomainguacamole.duckdns.org/"

 

Originally I used this and got similar errors in log:

 

2021/01/25 03:03:04 [error] 481#481: *1 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: myip, server: mydomainguacamole.*, request: "GET / HTTP/2.0", upstream: "http://unraidserverip:8089/", host: "mydomainguacamole.duckdns.org"
2021/01/25 03:03:04 [error] 481#481: *1 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: myip, server: mydomainguacamole.*, request: "GET /favicon.ico HTTP/2.0", upstream: "http://unraidserverip:8089/favicon.ico", host: "mydomainguacamole.duckdns.org", referrer: "https://mydomainguacamole.duckdns.org/"

 

Anyone else seeing this recently, did security parameters change for ApacheGuacamole recently that I missed?

 

EDIT: SOLVED

By blowing away the ApacheGuacamole AppData and reinstalling the application this issue was resolved.

Edited January 25, 2021 by GoldenEye22

[Mr_Jay84]

On 1/24/2021 at 4:51 PM, Thorsten said:

Yes it is set to Custom: br0 with static ip. This is the same like SpaceInvader One Video. He do the same. With him it does not work for me.

 

Guacamole Container with ip 192.168.178.24

Unraid Server with IP 192.168.178.23

I have the same issue. I have set it up exactly as per SpaceInvaders video. 

 

If I set it to use the custom network with Docker DNS resolution it works via the subdomain. Setting the guacamole docker with its own IP times out via the reverse proxy but is available internally via the static IP.

 

EDIT: SOLVED

 

Go into settings - Docker - click on advanced view in top right hand corner - enable Host access to custom networks.

 

You'll have to turn off the docker service to change this.

 

Works perfectly as per Spaceinvaders video now.

Edited January 25, 2021 by Mr_Jay84
Solved

[ikkuranus]

Is this compiled with private/public key support for ssh?

[Taddeusz]

54 minutes ago, ikkuranus said:

Is this compiled with private/public key support for ssh?

I honestly don’t know. For guacd I use the prebuilt Docker container from Apache.

[Taddeusz]

21 hours ago, ikkuranus said:

Is this compiled with private/public key support for ssh?

I just checked out the guacd Dockerfile and it looks like, according to the docs, it has all the "optional" dependencies for SSH support. I assume that should include private/public key support since one of the SSH dependencies is OpenSSL.

[Taddeusz]

Looks like the only optional dependency that is not included in the official guacd container is Ogg Vorbis audio compression. Meaning any audio, if supported, will be sent as uncompressed WAV format.

 

If this is something that is desired I would consider including a custom build of guacd. However, this is would be the ONLY difference between the two.

[SiggiSpak]

Hey! First of all, thanks for your container.

 

I set it up like shown in SpaceInvaderOne's video and it worked like a charm. Today I tried to connect to my windows machine (RDP) again, but unfortunately it didn't work. It times out in the browser saying that the guacamole server is not reachable. In the log it says:

"guacd[497]: INFO: RDP server closed/refused connection: Connection failed (server unreachable?)"

 

It used to work fine yesterday and I didn't change any setting. Do you have any idea to fix this? Any help is appreciated. 

 

Greetings from Germany.

 

EDIT: It was a quick fix after all: Remotedesktop was blocked by Windows Firewall. I don't know why. Thanks anyways!

Edited January 29, 2021 by SiggiSpak

[Taddeusz]

@SiggiSpak If this is a physical computer you're sure the computer is still on and didn't go to sleep?

[SiggiSpak]

12 hours ago, Taddeusz said:

@SiggiSpak If this is a physical computer you're sure the computer is still on and didn't go to sleep?

Yes I fixed it. It was a firewall issue. I also configured WOL, so I can wake it up from sleep without problems. 

[randalotto]

So I set this up with remote access via reverse proxy. In order to achieve a reasonable level of security, I've also enabled 2FA using TOTP. Is there a way to remember devices so that I don't have to enter a code every time I log in from a device on my local network?

[joshallen2k]

I’ve installed guacamole and got it working with a win10 VM over rdp. Where I am stuck is connecting to a Mac VM. I watched spaceinvader one’s video where he shows setting it up for different VM’s but he doesn’t cover off Mac (although claims to in the intro). 
 

I have turned on the screen sharing in the Mac VM, but not sure what needs to be set for guacd proxy parameters, and for the network parameters (host and port). Can someone help? Thanks so much 

Edited January 31, 2021 by joshallen2k
Typo

[Taddeusz]

50 minutes ago, randalotto said:

So I set this up with remote access via reverse proxy. In order to achieve a reasonable level of security, I've also enabled 2FA using TOTP. Is there a way to remember devices so that I don't have to enter a code every time I log in from a device on my local network?

No, Apache Guacamole doesn’t have that feature. Their TOTP support is fairly limited. They also don’t have a way to disable TOTP without directly modifying the database. Nor do they have a backup code facility.