SSH Certificates support

[Passerini Marco <ma...@cscs.ch>]

Hi,


I have a use case for which I would need to use Guacamole to SSH  into servers using SSH certificates ( https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/sec-using_openssh_certificate_authentication ). In practice we have a Certification Authority which signs SSH public keys with a limited life timespan and other restrictions. When using the SSH command line, one needs to include this signed public key in order to SSH into systems.


From what I saw, Guacamole allows only to enter the private key into the Connection form. Would it be possible to add the support for the public key as well? Is it on the roadmap?


Regards,

Marco Passerini

Re: SSH Certificates support

[Mike Jumper <mj...@apache.org>]

Sure. It's not specifically on the roadmap, but it should be doable unless
the libssh2 library lacks support. Please feel free to open a feature
request:

https://issues.apache.org/jira/browse/GUACAMOLE

- Mike


On Tue, Feb 9, 2021 at 2:52 AM Passerini Marco <ma...@cscs.ch>
wrote:

> Hi,
>
>
> I have a use case for which I would need to use Guacamole to SSH  into
> servers using SSH certificates (
> https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/sec-using_openssh_certificate_authentication
> ). In practice we have a Certification Authority which signs SSH public
> keys with a limited life timespan and other restrictions. When using the
> SSH command line, one needs to include this signed public key in order to
> SSH into systems.
>
>
> From what I saw, Guacamole allows only to enter the private key into the
> Connection form. Would it be possible to add the support for the public key
> as well? Is it on the roadmap?
>
>
> Regards,
>
> Marco Passerini
>