You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@guacamole.apache.org by "Marco Passerini (Jira)" <ji...@apache.org> on 2021/02/17 08:26:00 UTC
[jira] [Commented] (GUACAMOLE-1290) Add support for SSH
certificates
[ https://issues.apache.org/jira/browse/GUACAMOLE-1290?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17285711#comment-17285711 ]
Marco Passerini commented on GUACAMOLE-1290:
--------------------------------------------
From what I saw in the code, it should be enogh to add a public-key form in the guacamole-client, and modify the REST API of guacamole-server to include the public-key on that side as well. Then edit the logic in this section: [https://github.com/apache/guacamole-server/blob/master/src/common-ssh/key.c#L79] Currently the code is generating the public key from the private key. It should instead use the one provided by the user, if available. And do something like "ssh -i privatekey -i publickey hostname".
> Add support for SSH certificates
> --------------------------------
>
> Key: GUACAMOLE-1290
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-1290
> Project: Guacamole
> Issue Type: New Feature
> Components: SSH
> Reporter: Marco Passerini
> Priority: Major
>
> Guacamole does not work with SSH certificates. In order to log in with SSH certificates, one would need to include the public key, signed by the CA, in addition to the private key.
> More documentation on how this works is provided here:
> [https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/sec-using_openssh_certificate_authentication]
> The feature was requested first on the user mailing list: [http://mail-archives.apache.org/mod_mbox/guacamole-user/202102.mbox/%3CCALKeL-OJB7FGxdoyekJW-G12-ppdRVJ%2BWs%3DTP%2BAingWcuZEdig%40mail.gmail.com%3E]
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)