[
https://issues.apache.org/jira/browse/GUACAMOLE-745?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17256144#comment-17256144
]
Mike Jumper commented on GUACAMOLE-745:
---------------------------------------
For OpenSSH itself to be able to read these keys, there's likely some way that
it identifies the type beyond simply brute forcing through all supported types.
Decoding generated keys with base64, I see "ssh-ed25519" in the content of the
key for the {{-t ed25519}} one and "ssh-rsa" for the {{-t rsa}} one. Perhaps
this format is documented and our code just needs to do a bit more for OpenSSH
keys?
> Add support for OpenSSH private key format
> ------------------------------------------
>
> Key: GUACAMOLE-745
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-745
> Project: Guacamole
> Issue Type: Improvement
> Components: guacd, SSH
> Environment: Docker official images 1.0.0
> Reporter: Julien Nicoulaud
> Priority: Minor
>
> Since OpenSSH 7.8, {{ssh-keygen}} does not generate keys in PEM format by
> default anymore: [https://www.openssh.com/txt/release-7.8]
> Attempting to use keys in the new format in Guacamole does not work, and does
> not print any helpful error message even in debug mode:
> {code:java}
> guacd_1 | guacd[296]: DEBUG: Attempting private key import
> (WITHOUT passphrase)
> guacd_1 | guacd[296]: DEBUG: Initial import failed: (null)
> guacd_1 | guacd[296]: DEBUG: Re-attempting private key import
> (WITH passphrase)
> guacd_1 | guacd[296]: ERROR: Auth key import failed: (null){code}
> It would be nice if keys in OpenSSH new format were supported. At least a
> more helpful error message should be printed (like "unrecognized key format").
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
