[jira] [Commented] (GUACAMOLE-350) Can't handle ssh key bigger than 4096 lengh

Mon, 08 Jan 2018 11:41:05 -0800 

    [ 
https://issues.apache.org/jira/browse/GUACAMOLE-350?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16316866#comment-16316866
 ] 

Michael Jumper commented on GUACAMOLE-350:
------------------------------------------

{quote}
So, looks like this is the only issue blocking the release of 0.9.14.
{quote}

Yep. In that regard, I would suggest one of the following:

# Removing this issue from release scope so 0.9.14 can move forward or ...
# ... narrowing the scope of this issue to the database schema, with the 
knowledge that more work is necessary before connecting with large SSH keys is 
possible (or any other large connection parameter, really)

{quote}
Regarding your comment above on the overhead and max instruction length, is 
that just a cautionary item (that if you actually use 8192 characters you will 
cause a disconnect, or do we need to adjust either the instruction max length 
or the maximum SSH key size here?
{quote}

It's not cautionary so much as a statement that more work will be required 
before the issue as originally stated can be 100% addressed. Regardless of the 
support for storing larger SSH keys within the database, protocol level changes 
and/or stopgap changes to guacd will need to be made for large connection 
parameters like these SSH keys to not result in the connection closing during 
handshake with a protocol error.

> Can't handle ssh key bigger than 4096 lengh
> -------------------------------------------
>
>                 Key: GUACAMOLE-350
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-350
>             Project: Guacamole
>          Issue Type: Bug
>          Components: guacamole-auth-jdbc
>    Affects Versions: 0.9.12-incubating
>            Reporter: Alexandre GALTIER
>            Priority: Minor
>             Fix For: 0.9.14
>
>
> Because of guacamole_connection_parameter/parameter_value site set to 4096, 
> keys bigger than 1024 bits can't be used.
> Update to 8192 could be enough (keys bigger than 10240 bits).
> Needs :
> . Database creation : change parameter_value from 4096 to 8192 
> (incubator-guacamole-client/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/001-create-schema.sql)
>  + 
> (incubator-guacamole-client/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/001-create-schema.sql)
> . Mysql Database upgrade : ALTER TABLE guacamole_connection_parameter MODIFY 
> parameter_value VARCHAR(8192);
> . don't know for postgresql
> Regards,



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to