[jira] [Comment Edited] (GUACAMOLE-745) Add support for OpenSSH private key format

Fri, 30 Aug 2019 13:19:24 -0700 


    [ 
https://issues.apache.org/jira/browse/GUACAMOLE-745?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16919861#comment-16919861
 ] 

Charles LeConte Cathey edited comment on GUACAMOLE-745 at 8/30/19 8:18 PM:
---------------------------------------------------------------------------

Like [~nicoulaj], I agree that the modifications to the format headers are 
necessary.  I notice that this is listed as a Minor improvement but it 
prohibits the use of FIPS=1 enabled hosts to generate {{----BEGIN RSA PRIVATE 
KEY----}} keys (PKCS#5 vs PKCS#8 keys).  This is presently blocking some of our 
progress using 1.0.0.  I see the ticket is unassigned.  Has anyone already 
worked this?  If not we may take it on.


was (Author: catheyc):
Like [~nicoulaj], I agree that the modifications to the format headers are 
necessary.  I notice that this is listed as a Minor improvement but it 
prohibits the use of FIPS=1 enabled hosts to generate {{-----BEGIN RSA PRIVATE 
KEY-----}} keys (PKCS#5 vs PKCS#8 keys).  This is presently blocking some of 
our progress using 1.0.0.  I see the ticket is unassigned.  Has anyone already 
worked this?  If not we may take it on.

> Add support for OpenSSH private key format
> ------------------------------------------
>
>                 Key: GUACAMOLE-745
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-745
>             Project: Guacamole
>          Issue Type: Improvement
>          Components: guacd, SSH
>         Environment: Docker official images 1.0.0
>            Reporter: Julien Nicoulaud
>            Priority: Minor
>
> Since OpenSSH 7.8, {{ssh-keygen}} does not generate keys in PEM format by 
> default anymore: [https://www.openssh.com/txt/release-7.8]
> Attempting to use keys in the new format in Guacamole does not work, and does 
> not print any helpful error message even in debug mode:
> {code:java}
> guacd_1      | guacd[296]: DEBUG:        Attempting private key import 
> (WITHOUT passphrase)
> guacd_1      | guacd[296]: DEBUG:        Initial import failed: (null)
> guacd_1      | guacd[296]: DEBUG:        Re-attempting private key import 
> (WITH passphrase)
> guacd_1      | guacd[296]: ERROR:        Auth key import failed: (null){code}
> It would be nice if keys in OpenSSH new format were supported. At least a 
> more helpful error message should be printed (like "unrecognized key format").



--
This message was sent by Atlassian Jira
(v8.3.2#803003)

Reply via email to