You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@guacamole.apache.org by "Charles LeConte Cathey (Jira)" <ji...@apache.org> on 2019/08/30 20:13:00 UTC
[jira] [Commented] (GUACAMOLE-745) Add support for OpenSSH private
key format
[ https://issues.apache.org/jira/browse/GUACAMOLE-745?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16919861#comment-16919861 ]
Charles LeConte Cathey commented on GUACAMOLE-745:
--------------------------------------------------
Like [~nicoulaj], I agree that the modifications to the format headers are necessary. I notice that this is listed as a Minor improvement but it prohibits the use of FIPS=1 enabled hosts to generate -----BEGIN RSA PRIVATE KEY----- keys (PKCS#1 vs PKCS#8 keys). This is presently blocking some of our progress using 1.0.0. I see the ticket is unassigned. Has anyone already worked this? If not we may take it on.
> Add support for OpenSSH private key format
> ------------------------------------------
>
> Key: GUACAMOLE-745
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-745
> Project: Guacamole
> Issue Type: Improvement
> Components: guacd, SSH
> Environment: Docker official images 1.0.0
> Reporter: Julien Nicoulaud
> Priority: Minor
>
> Since OpenSSH 7.8, {{ssh-keygen}} does not generate keys in PEM format by default anymore: [https://www.openssh.com/txt/release-7.8]
> Attempting to use keys in the new format in Guacamole does not work, and does not print any helpful error message even in debug mode:
> {code:java}
> guacd_1 | guacd[296]: DEBUG: Attempting private key import (WITHOUT passphrase)
> guacd_1 | guacd[296]: DEBUG: Initial import failed: (null)
> guacd_1 | guacd[296]: DEBUG: Re-attempting private key import (WITH passphrase)
> guacd_1 | guacd[296]: ERROR: Auth key import failed: (null){code}
> It would be nice if keys in OpenSSH new format were supported. At least a more helpful error message should be printed (like "unrecognized key format").
--
This message was sent by Atlassian Jira
(v8.3.2#803003)