[jira] [Commented] (GUACAMOLE-426) Per-user SSH key

Sat, 22 Jun 2019 13:23:45 -0700 


    [ 
https://issues.apache.org/jira/browse/GUACAMOLE-426?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16870354#comment-16870354
 ] 

Michael Jumper commented on GUACAMOLE-426:
------------------------------------------

The token injecting convenience classes from those changes would likely help. 
An injected parameter token is exactly how an extension like the one proposed 
here would dynamically provide the user's SSH key to the extension configuring 
the connection.

The key vault support would actually already provide exactly this, as long as 
it's sufficient for an administrator to be the one maintaining the keys. It 
allows for arbitrary tokens to be mapped to arbitrary credentials stored in a 
vault, including on a per-user basis. The recent support for parameter token 
substitution using LDAP attributes would also provide this if the user's 
private key can be stored within LDAP.

If part of the idea here is that users will specify their own keys, rather than 
an administrator controlling each user's key, then that aspect is probably 
worthy of its own, separate issue. The user preferences interface is not 
currently dynamic in the same way as the user editor presented to an 
administrator.

> Per-user SSH key
> ----------------
>
>                 Key: GUACAMOLE-426
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-426
>             Project: Guacamole
>          Issue Type: New Feature
>          Components: guacamole-auth-jdbc
>            Reporter: Michael Reber
>            Priority: Minor
>         Attachments: Guacamole_new_feature.png
>
>
> Currently guacamole does not allow having each user with his/her private 
> ssh-key and username defined.
> I was thinking about a possible solution. Briefly, it goes like this: 
> There would be an additional entry in the user settings, where each user can 
> define his/her private ssh-key.  
> There should also be an override option for the current user mapped to a 
> specific server. 
> I attached a possible graphical implementation.  
> Technically, I have the idea to check the following upon each new session 
> opening: 
> If the override option is set and the specific user credentials username and 
> specific ssh-key are valid, then I would replace the default username and the 
> ssh-keys string with the values specified by the user settings.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to