On Sun, Mar 25, 2018 at 1:26 PM, Nick Couchman <[email protected]> wrote:
> I was looking at some possible ways to implement changes needed for > GUACAMOLE-527, dealing with SSH known hosts, and one of the possible routes > would be to add a parameter to the guacd configuration file to specify the > path to a known_hosts file that could then be pulled in for the SSH > protocol. The issue I'm running into is that it seems like the parsing and > availability of configuration items in the guacd configuration file only > exists in the src/guacd code and isn't necessarily (easily) available to > each of the protocols. Am I missing something here, or would other work > need to be done to allow for configuration parameters in the guacd config > file to be used by the protocol-specific code? > > There's no central configuration API for protocols like there is for extensions to the webapp, but regardless, I'm not sure this would be the best approach. Pulling connection-specific values from a configuration file on the server running guacd doesn't jibe well with the careful separation of concerns between the webapp (which needs to be aware of the nature of the connections) and guacd (which blindly serves the whims of the webapp). I could also see this potentially backfiring for larger deployments with a cluster of guacd nodes behind a balancer. What about passing the key fingerprint as a connection parameter? - Mike
