You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@guacamole.apache.org by Immo Wetzel <im...@adtran.com> on 2020/04/21 19:02:18 UTC

ssh to a target with google 2fa auth enabled

HI,

I´m quite new with guacamole. We like to provide some ssh access via the html5 interface but stuck at the point were the target hosts need a two factor auth via google auth.
The client shows first the username request and then the password request but the afterwards and sometimes before the password the google auth verification code is needed.
It looks like from the default installation this isn't possible. DUO seems not the right one cos its for the guacamole itself. Right ?

So please advise me how to bring the target host with 2fa via guacamole to the user.

With kind regards,
Immo Wetzel


[cid:image001.jpg@01D6181F.23E52180]
ADTRAN GmbH, Siemensallee 1, 17489 Greifswald, GERMANY

Email: immo.wetzel@adtran.com<ma...@adtran.com>

Sitz der Gesellschaft: Berlin / Registered office: Berlin
Registergericht: Berlin / Commercial registry: Amtsgericht Charlottenburg, HRB 135656 B
Geschäftsführung / Managing Directors: James D. Wilson, Jr., Dr. Eduard Scheiterer
This message has been classified General Business by Immo Wetzel on Tuesday, April 21, 2020 at 9:00:47 PM.

Re: ssh to a target with google 2fa auth enabled

Posted by Nick Couchman <vn...@apache.org>.

On Tue, Apr 21, 2020 at 3:02 PM Immo Wetzel <im...@adtran.com> wrote:

> HI,
>
>
>
> I´m quite new with guacamole. We like to provide some ssh access via the
> html5 interface but stuck at the point were the target hosts need a two
> factor auth via google auth.
>
> The client shows first the username request and then the password request
> but the afterwards and sometimes before the password the google auth
> verification code is needed.
>
> It looks like from the default installation this isn’t possible. DUO seems
> not the right one cos its for the guacamole itself. Right ?
>
>
>
> So please advise me how to bring the target host with 2fa via guacamole to
> the user.
>
>
>

Unfortunately I think you are probably hitting this issue:

https://issues.apache.org/jira/browse/GUACAMOLE-141

Right now this is still unresolved, so Guacamole may not support situations
where the SSH server requires a second factor.

This might be fixed with 221 when we implement prompting - there's been
discussion of rolling that into that implementation, anyway:
https://issues.apache.org/jira/browse/GUACAMOLE-221

-Nick

>