You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@guacamole.apache.org by Richard Lancaster <ri...@osirium.com> on 2019/05/20 10:42:59 UTC
Support for SSH Servers that allow 'none' authentication method
Hi there, I've been working working on integrating guacamole on top of a ssh proxy that we provide. The point of this proxy is to abstract users from their SSH credentials and provide an SSH entry point local to the users machine that doesn't require authentication (authentication will be done between the proxy and the remote SSH server).
As such, our SSH proxy authenticates the user when the client attempts to get the list of supported authentication methods (the 'none' method), as described in RFC 4252 section 5.2.
Guacamole doesn't handle this behaviour and goes onto complain about a lack of supported authentication methods.
Here's the change I had to make to support this behaviour:
https://github.com/Osirium/guacamole-server/commit/c72b1b9d266662cd3abff590ac575c4bfc52cb0d
If the project wants to support this behaviour (which I would expect as it is apart of RFC4252), I'm happy to go through the formal processes if you could point me to where they're documented.
Many thanks,
Richard
Re: Support for SSH Servers that allow 'none' authentication method
Posted by Richard Lancaster <ri...@osirium.com>.
Brilliant! Thanks for the prompt feedback.
Richard
________________________________
From: Nick Couchman <vn...@apache.org>
Sent: 20 May 2019 12:22
To: dev@guacamole.apache.org
Subject: Re: Support for SSH Servers that allow 'none' authentication method
On Mon, May 20, 2019 at 06:49 Richard Lancaster <
richard.lancaster@osirium.com> wrote:
> Hi there, I've been working working on integrating guacamole on top of a
> ssh proxy that we provide. The point of this proxy is to abstract users
> from their SSH credentials and provide an SSH entry point local to the
> users machine that doesn't require authentication (authentication will be
> done between the proxy and the remote SSH server).
>
> As such, our SSH proxy authenticates the user when the client attempts to
> get the list of supported authentication methods (the 'none' method), as
> described in RFC 4252 section 5.2.
>
> Guacamole doesn't handle this behaviour and goes onto complain about a
> lack of supported authentication methods.
>
> Here's the change I had to make to support this behaviour:
>
> https://github.com/Osirium/guacamole-server/commit/c72b1b9d266662cd3abff590ac575c4bfc52cb0d
>
>
There's already a pull request in the works for this support:
https://github.com/apache/guacamole-server/pull/201
Hopefully it'll make it into the next release.
-Nick
Re: Support for SSH Servers that allow 'none' authentication method
Posted by Nick Couchman <vn...@apache.org>.
On Mon, May 20, 2019 at 06:49 Richard Lancaster <
richard.lancaster@osirium.com> wrote:
> Hi there, I've been working working on integrating guacamole on top of a
> ssh proxy that we provide. The point of this proxy is to abstract users
> from their SSH credentials and provide an SSH entry point local to the
> users machine that doesn't require authentication (authentication will be
> done between the proxy and the remote SSH server).
>
> As such, our SSH proxy authenticates the user when the client attempts to
> get the list of supported authentication methods (the 'none' method), as
> described in RFC 4252 section 5.2.
>
> Guacamole doesn't handle this behaviour and goes onto complain about a
> lack of supported authentication methods.
>
> Here's the change I had to make to support this behaviour:
>
> https://github.com/Osirium/guacamole-server/commit/c72b1b9d266662cd3abff590ac575c4bfc52cb0d
>
>
There's already a pull request in the works for this support:
https://github.com/apache/guacamole-server/pull/201
Hopefully it'll make it into the next release.
-Nick