[ https://issues.apache.org/jira/browse/GUACAMOLE-745?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16919861#comment-16919861 ]
Charles LeConte Cathey edited comment on GUACAMOLE-745 at 8/30/19 8:18 PM: --------------------------------------------------------------------------- Like [~nicoulaj], I agree that the modifications to the format headers are necessary. I notice that this is listed as a Minor improvement but it prohibits the use of FIPS=1 enabled hosts to generate {{----BEGIN RSA PRIVATE KEY----}} keys (PKCS#5 vs PKCS#8 keys). This is presently blocking some of our progress using 1.0.0. I see the ticket is unassigned. Has anyone already worked this? If not we may take it on. was (Author: catheyc): Like [~nicoulaj], I agree that the modifications to the format headers are necessary. I notice that this is listed as a Minor improvement but it prohibits the use of FIPS=1 enabled hosts to generate {{-----BEGIN RSA PRIVATE KEY-----}} keys (PKCS#5 vs PKCS#8 keys). This is presently blocking some of our progress using 1.0.0. I see the ticket is unassigned. Has anyone already worked this? If not we may take it on. > Add support for OpenSSH private key format > ------------------------------------------ > > Key: GUACAMOLE-745 > URL: https://issues.apache.org/jira/browse/GUACAMOLE-745 > Project: Guacamole > Issue Type: Improvement > Components: guacd, SSH > Environment: Docker official images 1.0.0 > Reporter: Julien Nicoulaud > Priority: Minor > > Since OpenSSH 7.8, {{ssh-keygen}} does not generate keys in PEM format by > default anymore: [https://www.openssh.com/txt/release-7.8] > Attempting to use keys in the new format in Guacamole does not work, and does > not print any helpful error message even in debug mode: > {code:java} > guacd_1 | guacd[296]: DEBUG: Attempting private key import > (WITHOUT passphrase) > guacd_1 | guacd[296]: DEBUG: Initial import failed: (null) > guacd_1 | guacd[296]: DEBUG: Re-attempting private key import > (WITH passphrase) > guacd_1 | guacd[296]: ERROR: Auth key import failed: (null){code} > It would be nice if keys in OpenSSH new format were supported. At least a > more helpful error message should be printed (like "unrecognized key format"). -- This message was sent by Atlassian Jira (v8.3.2#803003)