You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by Nick Couchman <vn...@apache.org> on 2019/03/01 17:17:11 UTC
Re: Can't get SSH key to work
On Tue, Feb 26, 2019 at 2:57 PM Julien Nicoulaud <ju...@gmail.com>
wrote:
> No useful info in debug mode (see my first message, it has a log with
> guacd debug logging)
>
Hmmm...not really sure what's going on, here. I'm able to successfully use
it with the following steps:
- Guacamole from git master, with JDBC module
- On the destination system, under the account I want to log in under
(testuser), do "ssh-keygen -t rsa -b 1024" and don't set a passphrase
- Add the public key to the authorized_keys file (actually, there were no
other authorized_keys entries, so just copied .ssh/id_rsa.pub to
.ssh/authorized_keys
- Configure Guacamole SSH connection to the host, with a fixed username,
and pasting in the private key with header and footer
- Start the connection
It connects fine - no issues, here.
-Nick
>
Re: Can't get SSH key to work
Posted by Nick Couchman <vn...@apache.org>.
On Fri, Mar 1, 2019 at 4:18 PM Julien Nicoulaud <ju...@gmail.com>
wrote:
> I did some more digging and I found that:
>
> - RSA keys are only supported in PEM format. But since OpenSSH 7.8
> (2018), ssh-keygen changed its default format. I opened
> https://issues.apache.org/jira/browse/GUACAMOLE-745
> - ED25519 keys are definitely not supported, the key loading code
> explicitly looks for hardcoded RSA or DSA headers here:
> https://github.com/apache/guacamole-server/blob/master/src/common-ssh/key.c#L40
> I opened a feature request:
> https://issues.apache.org/jira/browse/GUACAMOLE-746
>
> But both need to wait for a new libssh2 release including this commit:
> https://github.com/libssh2/libssh2/commit/03092292597ac601c3f9f0c267ecb145dda75e4e
>
Thanks for the research, Julien!
-Nick
>
Re: Can't get SSH key to work
Posted by Julien Nicoulaud <ju...@gmail.com>.
I did some more digging and I found that:
- RSA keys are only supported in PEM format. But since OpenSSH 7.8
(2018), ssh-keygen changed its default format. I opened
https://issues.apache.org/jira/browse/GUACAMOLE-745
- ED25519 keys are definitely not supported, the key loading code
explicitly looks for hardcoded RSA or DSA headers here:
https://github.com/apache/guacamole-server/blob/master/src/common-ssh/key.c#L40
I opened a feature request:
https://issues.apache.org/jira/browse/GUACAMOLE-746
But both need to wait for a new libssh2 release including this commit:
https://github.com/libssh2/libssh2/commit/03092292597ac601c3f9f0c267ecb145dda75e4e
I guess error messages could be improved in the meanwhile though, as I will
probably not be the last one to hit these issues...
Le ven. 1 mars 2019 à 17:17, Nick Couchman <vn...@apache.org> a écrit :
> On Tue, Feb 26, 2019 at 2:57 PM Julien Nicoulaud <
> julien.nicoulaud@gmail.com> wrote:
>
>> No useful info in debug mode (see my first message, it has a log with
>> guacd debug logging)
>>
>
> Hmmm...not really sure what's going on, here. I'm able to successfully
> use it with the following steps:
> - Guacamole from git master, with JDBC module
> - On the destination system, under the account I want to log in under
> (testuser), do "ssh-keygen -t rsa -b 1024" and don't set a passphrase
> - Add the public key to the authorized_keys file (actually, there were no
> other authorized_keys entries, so just copied .ssh/id_rsa.pub to
> .ssh/authorized_keys
> - Configure Guacamole SSH connection to the host, with a fixed username,
> and pasting in the private key with header and footer
> - Start the connection
>
> It connects fine - no issues, here.
>
> -Nick
>
>>