You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@guacamole.apache.org by "Mike Jumper (Jira)" <ji...@apache.org> on 2022/11/01 22:13:00 UTC

[jira] [Commented] (GUACAMOLE-1707) Unable to connect to SSH client using TOTP (Google Authenticator)

    [ https://issues.apache.org/jira/browse/GUACAMOLE-1707?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17627354#comment-17627354 ] 

Mike Jumper commented on GUACAMOLE-1707:
----------------------------------------

There are two issues overall here:

# Something's wrong with your private key that's resulting in it not being accepted by the SSH server. It's unlikely that this is a bug or missing support. If you continue running into this, please post to the user@guacamole.apache.org mailing list to ask for assistance. See: https://guacamole.apache.org/support/#mailing-lists
# If your private key _were_ accepted, you will probably run into trouble with your SSH server's 2FA, as that would require full support for "keyboard interactive", whereas Guacamole implements the SSH "keyboard interactive" mechanism only for passwords. It might work as-is if you use private key auth and supply the verification code when prompted for a password, but correct behavior would require fully implementing keyboard interactive. That much is a duplicate of GUACAMOLE-141.

> Unable to connect to SSH client using TOTP (Google Authenticator)
> -----------------------------------------------------------------
>
>                 Key: GUACAMOLE-1707
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-1707
>             Project: Guacamole
>          Issue Type: Bug
>          Components: guacamole
>    Affects Versions: 1.4.0
>         Environment: Guacamole 1.4.0
> Debian 11
> MariaDB 10.5
> Jetty 9
>            Reporter: Cryptage
>            Priority: Major
>              Labels: 2fa, Linux, authentication, ssh, totp
>
> Hi guys,
> I hope this issue doesn't exist (couldn't find similar).
> I have a problem with Guacamole 1.4.0 and SSH.
> On some Linux hosts I'm using SSH with 2FA (password + Google Authenticator or most frequently publickey + Google Authenticator).
> Guacamole asks for password or passphrase when we connect to SSH then fails with "Log in failed. Please reconnect and try again".
> It never asks for verification code.
> In log files :
> {code:java}
> Public key authentication failed: Invalid signature for supplied public key, or bad username/public key combination
> ERROR:        Public key authentication failed: Invalid signature for supplied public key, or bad username/public key combination {code}
> I've checked in documentation, mailing list and Jira but couldn't find an answer.
> Is there a way to get 2FA working with SSH connections ?
> Thanks for your help and congrats for this amazing tool.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)