[
https://issues.apache.org/jira/browse/GUACAMOLE-745?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16782165#comment-16782165
]
Michael Jumper edited comment on GUACAMOLE-745 at 5/12/19 2:47 AM:
-------------------------------------------------------------------
I believe modifications are required in guacd to support it, [this
code|https://github.com/apache/guacamole-server/blob/master/src/common-ssh/key.c#L53]
requires the key to start with either {{\-\-\-\-\-BEGIN RSA PRIVATE
KEY\-\-\-\-\-}} or {{\-\-\-\-\-BEGIN DSA PRIVATE KEY\-\-\-\-\-}} and rejects
anything else. The new format headers is {{\-\-\-\-\-BEGIN OPENSSH PRIVATE
KEY\-\-\-\-\-}}, I can see RFC4716 mentions another format {{\-\-\-\- BEGIN
SSH2 PUBLIC KEY \-\-\-\-}} (https://tools.ietf.org/html/rfc4716#section-3.2).
So I am not sure how this should be parsed, but it looks like the current
method is too restrictive.
was (Author: nicoulaj):
I believe modifications are required in guacd to support it, [this
code|https://github.com/apache/guacamole-server/blob/master/src/common-ssh/key.c#L53]
requires the key to start with either {{-----BEGIN RSA PRIVATE KEY-----}} or
{{-----BEGIN DSA PRIVATE KEY-----}} and rejects anything else. The new format
headers is {{-----BEGIN OPENSSH PRIVATE KEY-----}}, I can see RFC4716 mentions
another format {{---- BEGIN SSH2 PUBLIC KEY ----}}
(https://tools.ietf.org/html/rfc4716#section-3.2). So I am not sure how this
should be parsed, but it looks like the current method is too restrictive.
> Add support for OpenSSH private key format
> ------------------------------------------
>
> Key: GUACAMOLE-745
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-745
> Project: Guacamole
> Issue Type: Improvement
> Components: guacd, SSH
> Environment: Docker official images 1.0.0
> Reporter: Julien Nicoulaud
> Priority: Minor
>
> Since OpenSSH 7.8, {{ssh-keygen}} does not generate keys in PEM format by
> default anymore: [https://www.openssh.com/txt/release-7.8]
> Attempting to use keys in the new format in Guacamole does not work, and does
> not print any helpful error message even in debug mode:
> {code:java}
> guacd_1 | guacd[296]: DEBUG: Attempting private key import
> (WITHOUT passphrase)
> guacd_1 | guacd[296]: DEBUG: Initial import failed: (null)
> guacd_1 | guacd[296]: DEBUG: Re-attempting private key import
> (WITH passphrase)
> guacd_1 | guacd[296]: ERROR: Auth key import failed: (null){code}
> It would be nice if keys in OpenSSH new format were supported. At least a
> more helpful error message should be printed (like "unrecognized key format").
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
