You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by "Andrews, Keith" <Ke...@alliedtelesis.com> on 2017/04/01 23:57:58 UTC
SSH & Private Key
Hello,
I am wondering if anyone out there can help me figure out what is wrong with my noauth-config configuration for SSH using a private key without a passphrase. Here is the config in noauth-config.xml:
<config name="AWS" protocol="ssh">
<param name="hostname" value="192.168.1.100" />
<param name="port" value="22" />
<param name="username" value="ubuntu" />
<param name="private-key" value="-----BEGIN RSA PRIVATE KEY----- Verylongprivatekey..................................................................................
-----END RSA PRIVATE KEY-----" />
</config>
Upon connection I am prompted for a passphrase even though this key does not have one. I even tried putting the param name="passphrase" value="" and it still doesn't work. Any help, tips, etc is very much appreciated.
Thank you,
Keith
This e-mail message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. If you are the intended recipient, please be advised that the content of this message is subject to access, review and disclosure by the sender's e-mail System Administrator.
RE: SSH & Private Key
Posted by "Andrews, Keith" <Ke...@alliedtelesis.com>.
Disregard this email… It was a typo on my end that was causing the failure.
Thanks,
Keith
From: Andrews, Keith [mailto:Keith_Andrews@alliedtelesis.com]
Sent: Tuesday, April 11, 2017 9:56 AM
To: user@guacamole.incubator.apache.org
Subject: RE: SSH & Private Key
Hello,
I have another question concerning this topic. In the event that the key has blank lines such as the key I just generated below:
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,79888B9244B7C218CC7BEFB6F7B834F6
D22ZyHcQJi0HVyTwRnHSrBIqzSJnFg2mUy/6YJ5q7MCcdEGgc2h5IKvUWraBRjRI
PbjeoHPi4RUYpDHJ0bLmNT2R4Un8CAnSX5MzsELNbXZ0mVFfk+k2txUiYUGFodma
4P50Ca26DZ7EkzGVLp9eCp0Iaw++hdwshCZjisTpqM6h/UxpPg2XxiHrivpt+TQy
RVuGNCeKV9nVLmHoymhxN7Y3h6wNTwWBc1i7YKHZuvXjfZGpzj6LdcBxNJ207Fyb
fOcd/mQRt3g28JTzCwp9WiuBiY2FPtNXOcV5abjcPbGqc4oUTPyurjJzk8v3SoWq
23xE8GZgqiABwdnD5g9Jl6Gh1jdf2xGu6vuiXxrGkktP089Yz1wBu/rogpuaT9M2
ZRuPoEQTXdh4/zOnr8I4/++rsyb1QvYzRXOmCTgyf9Kdc1sifXZkacdtYvP9oNZM
t9IHrhjIWHYdpPoDusVHZXOqIXASESzrwG4EkaFu/FGJdOjSIMDQtPKyHm1xc1xb
hmIzSJbZi8IlQkO7OrsiAKgPugNXjKCJ6vvU1ojqPsBeqx75L3nimBLeWfJcNceX
Vab6zcNH1pN9JvXhSnWUpD/3xspIR7pgWXyQ9NZaAdZ7btuCmNAJCGXNkDKFqU1d
taxUcnMIOYCcv9rIJBH2xI77N/GtY1rdgEuV3U6lCbly6lz7rY82EGBrmVhC02nH
/+D81H1gst8yVe6rupGSwVMsUojPDTsI+/rzqJUipzbedwPx9YiUqsQiLOnLn/WX
db3Z/Henko2zWtRHAIGw5bteTPmB4Neo1TZwohyCjuf0adtc6xLF5fOCgBhyfEUc
yEyU+yFuBfdmouJ+UHFuaE10Xt8WNdUDB2XZAd4w5AXrF0md4iOqt1U40sNAzLvm
Dmz+EFnVbkpkPoB3kTP0XD0Xs1YVf2aTvOrih4Me5/azmUyLIOUYiI8FYNIQVhUP
SQjkopZAXfG9kPXVbvpzvzElYn71LJo7WCrK2SQzwH8O2RegurrjN87UYw1Fy8pQ
cjf0Cwt1NXz015QZjLSkmEEXnMvSvWkLEWPbd04vhxFbPx3jWGhth1ZTFl8m3UL+
2beDLoiBUfsOLMvKcT8oRnLFFnF58HEhgiyTx40V8k94f3skqdkbRcYPPWzlyD/x
aE/O8d/8iOnhjRPPibhNeXP4Xm+SD1RKJJt/jdcmA/oEqOWNFMvrvrorQ1+x2Bf0
xR2Z5+LkcsRjh/7n08wsyCScTS8wERf3LggG+f96+sv482cUImDnU8/IzQuJKwKE
EHrvfCWRI70ki7JZsVW2s8aiWB1I237/smIEUuUZSKWkzCugA68L5DUDZeGcY951
3UNHBiuun7RtaalWmUucIjapxRTZ+raXZFHEpNMXmRAJP6vlgIZczsSGsJekgmy8
lOK5hxRNn4zQBaF5OwhIgqt7ehqfLHlSPUo6UV9vAHQ9IpQd8hAJAtKNqizdutsT
QTr+jhNK9PNwwBb5fgFzEYdT8sVEFVyTmt5ZKe2HNukAIBl6e3ynB/ZriUi38MQW
UTcJOS8utR6DdUC1atKnmOEbgBmUOzmC97Ei686cDFYai20QKqhn2XeZJkYb8HvN
-----END RSA PRIVATE KEY-----
Would we use the 
 entity in the empty line? This is currently a problem for us. When there are no blank lines it works, but when there is it doesn’t.
Any help you can provide on this is greatly appreciated.
Thanks,
Keith
From: Mike Jumper [mailto:mike.jumper@guac-dev.org]
Sent: Sunday, April 02, 2017 1:41 PM
To: user@guacamole.incubator.apache.org<ma...@guacamole.incubator.apache.org>
Subject: Re: SSH & Private Key
On Sat, Apr 1, 2017 at 4:57 PM, Andrews, Keith <Ke...@alliedtelesis.com>> wrote:
Hello,
I am wondering if anyone out there can help me figure out what is wrong with my noauth-config configuration for SSH using a private key without a passphrase. Here is the config in noauth-config.xml:
<config name="AWS" protocol="ssh">
<param name="hostname" value="192.168.1.100" />
<param name="port" value="22" />
<param name="username" value="ubuntu" />
<param name="private-key" value="-----BEGIN RSA PRIVATE KEY----- Verylongprivatekey..................................................................................
-----END RSA PRIVATE KEY-----" />
</config>
Upon connection I am prompted for a passphrase even though this key does not have one. I even tried putting the param name="passphrase" value="" and it still doesn't work. Any help, tips, etc is very much appreciated.
The key is failing to load because the XML parser is transforming the newlines within the key to spaces. Because the key fails to load initially, Guacamole assumes the key likely requires a passphrase, and prompts for that. Of course, the key itself is still invalid, so that fails as well.
To force the XML parser to include verbatim newlines, you will need to specify them using the 
 entity. For example:
<param name="private-key" value="-----BEGIN RSA PRIVATE KEY-----
This is the first line
This is the second line
this is the third line
etc.
-----END RSA PRIVATE KEY-----"/>
Specifying the key as above should work as expected.
I recommend switching away from NoAuth when you can. It's the only authentication extension which would suffer from this, as all others are either not driven by XML or use element bodies for parameter values, and it has recently been deprecated:
https://issues.apache.org/jira/browse/GUACAMOLE-256
Though the extension itself will still be present in upcoming releases to ease migration, it's use is no longer recommended, and it will eventually be removed.
- Mike
________________________________
This e-mail message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. If you are the intended recipient, please be advised that the content of this message is subject to access, review and disclosure by the sender's e-mail System Administrator.
________________________________
This e-mail message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. If you are the intended recipient, please be advised that the content of this message is subject to access, review and disclosure by the sender's e-mail System Administrator.
RE: SSH & Private Key
Posted by "Andrews, Keith" <Ke...@alliedtelesis.com>.
Hello,
I have another question concerning this topic. In the event that the key has blank lines such as the key I just generated below:
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,79888B9244B7C218CC7BEFB6F7B834F6
D22ZyHcQJi0HVyTwRnHSrBIqzSJnFg2mUy/6YJ5q7MCcdEGgc2h5IKvUWraBRjRI
PbjeoHPi4RUYpDHJ0bLmNT2R4Un8CAnSX5MzsELNbXZ0mVFfk+k2txUiYUGFodma
4P50Ca26DZ7EkzGVLp9eCp0Iaw++hdwshCZjisTpqM6h/UxpPg2XxiHrivpt+TQy
RVuGNCeKV9nVLmHoymhxN7Y3h6wNTwWBc1i7YKHZuvXjfZGpzj6LdcBxNJ207Fyb
fOcd/mQRt3g28JTzCwp9WiuBiY2FPtNXOcV5abjcPbGqc4oUTPyurjJzk8v3SoWq
23xE8GZgqiABwdnD5g9Jl6Gh1jdf2xGu6vuiXxrGkktP089Yz1wBu/rogpuaT9M2
ZRuPoEQTXdh4/zOnr8I4/++rsyb1QvYzRXOmCTgyf9Kdc1sifXZkacdtYvP9oNZM
t9IHrhjIWHYdpPoDusVHZXOqIXASESzrwG4EkaFu/FGJdOjSIMDQtPKyHm1xc1xb
hmIzSJbZi8IlQkO7OrsiAKgPugNXjKCJ6vvU1ojqPsBeqx75L3nimBLeWfJcNceX
Vab6zcNH1pN9JvXhSnWUpD/3xspIR7pgWXyQ9NZaAdZ7btuCmNAJCGXNkDKFqU1d
taxUcnMIOYCcv9rIJBH2xI77N/GtY1rdgEuV3U6lCbly6lz7rY82EGBrmVhC02nH
/+D81H1gst8yVe6rupGSwVMsUojPDTsI+/rzqJUipzbedwPx9YiUqsQiLOnLn/WX
db3Z/Henko2zWtRHAIGw5bteTPmB4Neo1TZwohyCjuf0adtc6xLF5fOCgBhyfEUc
yEyU+yFuBfdmouJ+UHFuaE10Xt8WNdUDB2XZAd4w5AXrF0md4iOqt1U40sNAzLvm
Dmz+EFnVbkpkPoB3kTP0XD0Xs1YVf2aTvOrih4Me5/azmUyLIOUYiI8FYNIQVhUP
SQjkopZAXfG9kPXVbvpzvzElYn71LJo7WCrK2SQzwH8O2RegurrjN87UYw1Fy8pQ
cjf0Cwt1NXz015QZjLSkmEEXnMvSvWkLEWPbd04vhxFbPx3jWGhth1ZTFl8m3UL+
2beDLoiBUfsOLMvKcT8oRnLFFnF58HEhgiyTx40V8k94f3skqdkbRcYPPWzlyD/x
aE/O8d/8iOnhjRPPibhNeXP4Xm+SD1RKJJt/jdcmA/oEqOWNFMvrvrorQ1+x2Bf0
xR2Z5+LkcsRjh/7n08wsyCScTS8wERf3LggG+f96+sv482cUImDnU8/IzQuJKwKE
EHrvfCWRI70ki7JZsVW2s8aiWB1I237/smIEUuUZSKWkzCugA68L5DUDZeGcY951
3UNHBiuun7RtaalWmUucIjapxRTZ+raXZFHEpNMXmRAJP6vlgIZczsSGsJekgmy8
lOK5hxRNn4zQBaF5OwhIgqt7ehqfLHlSPUo6UV9vAHQ9IpQd8hAJAtKNqizdutsT
QTr+jhNK9PNwwBb5fgFzEYdT8sVEFVyTmt5ZKe2HNukAIBl6e3ynB/ZriUi38MQW
UTcJOS8utR6DdUC1atKnmOEbgBmUOzmC97Ei686cDFYai20QKqhn2XeZJkYb8HvN
-----END RSA PRIVATE KEY-----
Would we use the 
 entity in the empty line? This is currently a problem for us. When there are no blank lines it works, but when there is it doesn’t.
Any help you can provide on this is greatly appreciated.
Thanks,
Keith
From: Mike Jumper [mailto:mike.jumper@guac-dev.org]
Sent: Sunday, April 02, 2017 1:41 PM
To: user@guacamole.incubator.apache.org
Subject: Re: SSH & Private Key
On Sat, Apr 1, 2017 at 4:57 PM, Andrews, Keith <Ke...@alliedtelesis.com>> wrote:
Hello,
I am wondering if anyone out there can help me figure out what is wrong with my noauth-config configuration for SSH using a private key without a passphrase. Here is the config in noauth-config.xml:
<config name="AWS" protocol="ssh">
<param name="hostname" value="192.168.1.100" />
<param name="port" value="22" />
<param name="username" value="ubuntu" />
<param name="private-key" value="-----BEGIN RSA PRIVATE KEY----- Verylongprivatekey..................................................................................
-----END RSA PRIVATE KEY-----" />
</config>
Upon connection I am prompted for a passphrase even though this key does not have one. I even tried putting the param name="passphrase" value="" and it still doesn't work. Any help, tips, etc is very much appreciated.
The key is failing to load because the XML parser is transforming the newlines within the key to spaces. Because the key fails to load initially, Guacamole assumes the key likely requires a passphrase, and prompts for that. Of course, the key itself is still invalid, so that fails as well.
To force the XML parser to include verbatim newlines, you will need to specify them using the 
 entity. For example:
<param name="private-key" value="-----BEGIN RSA PRIVATE KEY-----
This is the first line
This is the second line
this is the third line
etc.
-----END RSA PRIVATE KEY-----"/>
Specifying the key as above should work as expected.
I recommend switching away from NoAuth when you can. It's the only authentication extension which would suffer from this, as all others are either not driven by XML or use element bodies for parameter values, and it has recently been deprecated:
https://issues.apache.org/jira/browse/GUACAMOLE-256
Though the extension itself will still be present in upcoming releases to ease migration, it's use is no longer recommended, and it will eventually be removed.
- Mike
________________________________
This e-mail message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. If you are the intended recipient, please be advised that the content of this message is subject to access, review and disclosure by the sender's e-mail System Administrator.
RE: SSH & Private Key
Posted by "Andrews, Keith" <Ke...@alliedtelesis.com>.
Thanks Mike! That worked and noted on moving away from noauth.
From: Mike Jumper [mailto:mike.jumper@guac-dev.org]
Sent: Sunday, April 02, 2017 1:41 PM
To: user@guacamole.incubator.apache.org
Subject: Re: SSH & Private Key
On Sat, Apr 1, 2017 at 4:57 PM, Andrews, Keith <Ke...@alliedtelesis.com>> wrote:
Hello,
I am wondering if anyone out there can help me figure out what is wrong with my noauth-config configuration for SSH using a private key without a passphrase. Here is the config in noauth-config.xml:
<config name="AWS" protocol="ssh">
<param name="hostname" value="192.168.1.100" />
<param name="port" value="22" />
<param name="username" value="ubuntu" />
<param name="private-key" value="-----BEGIN RSA PRIVATE KEY----- Verylongprivatekey..................................................................................
-----END RSA PRIVATE KEY-----" />
</config>
Upon connection I am prompted for a passphrase even though this key does not have one. I even tried putting the param name="passphrase" value="" and it still doesn't work. Any help, tips, etc is very much appreciated.
The key is failing to load because the XML parser is transforming the newlines within the key to spaces. Because the key fails to load initially, Guacamole assumes the key likely requires a passphrase, and prompts for that. Of course, the key itself is still invalid, so that fails as well.
To force the XML parser to include verbatim newlines, you will need to specify them using the 
 entity. For example:
<param name="private-key" value="-----BEGIN RSA PRIVATE KEY-----
This is the first line
This is the second line
this is the third line
etc.
-----END RSA PRIVATE KEY-----"/>
Specifying the key as above should work as expected.
I recommend switching away from NoAuth when you can. It's the only authentication extension which would suffer from this, as all others are either not driven by XML or use element bodies for parameter values, and it has recently been deprecated:
https://issues.apache.org/jira/browse/GUACAMOLE-256
Though the extension itself will still be present in upcoming releases to ease migration, it's use is no longer recommended, and it will eventually be removed.
- Mike
________________________________
This e-mail message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. If you are the intended recipient, please be advised that the content of this message is subject to access, review and disclosure by the sender's e-mail System Administrator.
Re: SSH & Private Key
Posted by Mike Jumper <mi...@guac-dev.org>.
On Sat, Apr 1, 2017 at 4:57 PM, Andrews, Keith <
Keith_Andrews@alliedtelesis.com> wrote:
> Hello,
>
> I am wondering if anyone out there can help me figure out what is wrong
> with my noauth-config configuration for SSH using a private key without a
> passphrase. Here is the config in noauth-config.xml:
>
> <config name="AWS" protocol="ssh">
> <param name="hostname" value="192.168.1.100" />
> <param name="port" value="22" />
> <param name="username" value="ubuntu" />
> <param name="private-key" value="-----BEGIN RSA PRIVATE KEY-----
> Verylongprivatekey..........................................
> ........................................
> -----END RSA PRIVATE KEY-----" />
> </config>
>
> Upon connection I am prompted for a passphrase even though this key does
> not have one. I even tried putting the param name="passphrase" value=""
> and it still doesn't work. Any help, tips, etc is very much appreciated.
>
The key is failing to load because the XML parser is transforming the
newlines within the key to spaces. Because the key fails to load initially,
Guacamole assumes the key likely requires a passphrase, and prompts for
that. Of course, the key itself is still invalid, so that fails as well.
To force the XML parser to include verbatim newlines, you will need to
specify them using the 
 entity. For example:
<param name="private-key" value="-----BEGIN RSA PRIVATE KEY-----
This
is the first line
This is the second line
this is the third
line
etc.
-----END RSA PRIVATE KEY-----"/>
Specifying the key as above should work as expected.
I recommend switching away from NoAuth when you can. It's the only
authentication extension which would suffer from this, as all others are
either not driven by XML or use element bodies for parameter values, and it
has recently been deprecated:
https://issues.apache.org/jira/browse/GUACAMOLE-256
Though the extension itself will still be present in upcoming releases to
ease migration, it's use is no longer recommended, and it will eventually
be removed.
- Mike