You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@guacamole.apache.org by Nick Couchman <vn...@apache.org> on 2019/03/01 17:17:11 UTC

Re: Can't get SSH key to work

On Tue, Feb 26, 2019 at 2:57 PM Julien Nicoulaud <ju...@gmail.com>
wrote:

> No useful info in debug mode (see my first message, it has a log with
> guacd debug logging)
>

Hmmm...not really sure what's going on, here.  I'm able to successfully use
it with the following steps:
- Guacamole from git master, with JDBC module
- On the destination system, under the account I want to log in under
(testuser), do "ssh-keygen -t rsa -b 1024" and don't set a passphrase
- Add the public key to the authorized_keys file (actually, there were no
other authorized_keys entries, so just copied .ssh/id_rsa.pub to
.ssh/authorized_keys
- Configure Guacamole SSH connection to the host, with a fixed username,
and pasting in the private key with header and footer
- Start the connection

It connects fine - no issues, here.

-Nick

>

Re: Can't get SSH key to work

Posted by Nick Couchman <vn...@apache.org>.

On Fri, Mar 1, 2019 at 4:18 PM Julien Nicoulaud <ju...@gmail.com>
wrote:

> I did some more digging and I found that:
>
>    - RSA keys are only supported in PEM format. But since OpenSSH 7.8
>    (2018), ssh-keygen changed its default format. I opened
>    https://issues.apache.org/jira/browse/GUACAMOLE-745
>    - ED25519 keys are definitely not supported, the key loading code
>    explicitly looks for hardcoded RSA or DSA headers here:
>    https://github.com/apache/guacamole-server/blob/master/src/common-ssh/key.c#L40
>    I opened a feature request:
>    https://issues.apache.org/jira/browse/GUACAMOLE-746
>
> But both need to wait for a new libssh2 release including this commit:
> https://github.com/libssh2/libssh2/commit/03092292597ac601c3f9f0c267ecb145dda75e4e
>


Thanks for the research, Julien!

-Nick

>

Re: Can't get SSH key to work

Posted by Julien Nicoulaud <ju...@gmail.com>.

I did some more digging and I found that:

   - RSA keys are only supported in PEM format. But since OpenSSH 7.8
   (2018), ssh-keygen changed its default format. I opened
   https://issues.apache.org/jira/browse/GUACAMOLE-745
   - ED25519 keys are definitely not supported, the key loading code
   explicitly looks for hardcoded RSA or DSA headers here:
   https://github.com/apache/guacamole-server/blob/master/src/common-ssh/key.c#L40
   I opened a feature request:
   https://issues.apache.org/jira/browse/GUACAMOLE-746

But both need to wait for a new libssh2 release including this commit:
https://github.com/libssh2/libssh2/commit/03092292597ac601c3f9f0c267ecb145dda75e4e

I guess error messages could be improved in the meanwhile though, as I will
probably not be the last one to hit these issues...

Le ven. 1 mars 2019 à 17:17, Nick Couchman <vn...@apache.org> a écrit :

> On Tue, Feb 26, 2019 at 2:57 PM Julien Nicoulaud <
> julien.nicoulaud@gmail.com> wrote:
>
>> No useful info in debug mode (see my first message, it has a log with
>> guacd debug logging)
>>
>
> Hmmm...not really sure what's going on, here.  I'm able to successfully
> use it with the following steps:
> - Guacamole from git master, with JDBC module
> - On the destination system, under the account I want to log in under
> (testuser), do "ssh-keygen -t rsa -b 1024" and don't set a passphrase
> - Add the public key to the authorized_keys file (actually, there were no
> other authorized_keys entries, so just copied .ssh/id_rsa.pub to
> .ssh/authorized_keys
> - Configure Guacamole SSH connection to the host, with a fixed username,
> and pasting in the private key with header and footer
> - Start the connection
>
> It connects fine - no issues, here.
>
> -Nick
>
>>