[jira] [Commented] (GUACAMOLE-745) Add support for OpenSSH private key format

Tue, 29 Dec 2020 13:17:07 -0800 


    [ 
https://issues.apache.org/jira/browse/GUACAMOLE-745?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17256169#comment-17256169
 ] 

Nick Couchman commented on GUACAMOLE-745:
-----------------------------------------

{{quote}}
Perhaps this format is documented and our code just needs to do a bit more for 
OpenSSH keys?
{{quote}}

Yeah, i was also looking at some of the OpenSSL functions for this, and there 
seems to be a more generic `PEM_read_bio_PrivateKey()` function that reads more 
generically and perhaps can be combined with other functions to determine the 
type of the key on-the-fly?

{{quote}}
I wonder if perhaps libssh would magically support this without us having to 
manually parse provided keys.
{{quote}}

That would be lovely - it does seem like something that would be implemented in 
a client library, though apparently libssh2 doesn't do it. Or maybe it does, 
but the documentation on public key authentication for libssh2 is missing :-(.

I was also looking at possible ways to use the Passphrase Callback prompt the 
user for a private key passphrase rather than requiring it be specified in the 
configuration, particularly now that we have parameter prompting included. This 
would pave the way for user-specific private keys as mentioned in a different 
JIRA issue.

> Add support for OpenSSH private key format
> ------------------------------------------
>
>                 Key: GUACAMOLE-745
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-745
>             Project: Guacamole
>          Issue Type: Improvement
>          Components: guacd, SSH
>         Environment: Docker official images 1.0.0
>            Reporter: Julien Nicoulaud
>            Priority: Minor
>
> Since OpenSSH 7.8, {{ssh-keygen}} does not generate keys in PEM format by 
> default anymore: [https://www.openssh.com/txt/release-7.8]
> Attempting to use keys in the new format in Guacamole does not work, and does 
> not print any helpful error message even in debug mode:
> {code:java}
> guacd_1      | guacd[296]: DEBUG:        Attempting private key import 
> (WITHOUT passphrase)
> guacd_1      | guacd[296]: DEBUG:        Initial import failed: (null)
> guacd_1      | guacd[296]: DEBUG:        Re-attempting private key import 
> (WITH passphrase)
> guacd_1      | guacd[296]: ERROR:        Auth key import failed: (null){code}
> It would be nice if keys in OpenSSH new format were supported. At least a 
> more helpful error message should be printed (like "unrecognized key format").



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to