[ https://issues.apache.org/jira/browse/GUACAMOLE-547?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16881903#comment-16881903 ]
Federico Giuba commented on GUACAMOLE-547: ------------------------------------------ Debugging the code you can see that in [guac_common_ssh_authenticate|https://github.com/apache/guacamole-server/blob/e149fd4f7041f7c1f1d89931aea85577fcbb5d84/src/common-ssh/ssh.c#L362] the user's password is NULL even if specified as connection parameters. This results in Guacamole prompting for the password. Before the changes made in GUACAMOLE-547 the password was imported in [guac_ssh_get_user|[https://github.com/apache/guacamole-server/blob/0ffda8aaf0d4cd94f452a242f8a509e4bc86fea0/src/protocols/ssh/ssh.c#L133],] but that piece of code has been dropped and in the new code I can't see where the password should be loaded. That's what I tried to fix in the PR. > Add support for the "none" SSH authentication method > ---------------------------------------------------- > > Key: GUACAMOLE-547 > URL: https://issues.apache.org/jira/browse/GUACAMOLE-547 > Project: Guacamole > Issue Type: New Feature > Components: Documentation, SSH > Environment: Linux 4.13.0-1012-azure #15-Ubuntu SMP Thu Mar 8 > 10:47:27 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux > Reporter: David Hauk > Assignee: Michael Jumper > Priority: Minor > Fix For: 1.1.0 > > Attachments: guacd-1.0.0.log, guacd-master.log, guacd_debug_fail.txt, > openssh_verbose_successful connection.txt, sshd_config > > > When connecting to embedded devices that implicitly allow SSH access guacd > fails when the authentication method is (none). The devices permit any SSH > user with no password access to the console, and then provide authentication > internally via their interactive shell. > Test cases: > # no username and no password configured: Guacamole requests both, then > fails to connect. > # username but no password: Guacamole requests password, and then fails to > connect. > # username and password: Guacamole asks for no input, and then fails to > connect. > I've attached guacd debug logs from the failed connection attempts, plus > OpenSSH (-vv) logs from a successful connection. (Files have been suitably > redacted). The bit they share in common is they both state "Authentication > (none)" but OpenSSH proceeds with the connection, while guacd terminates the > connection: > Guacd: > {code:java} > guacd[100079]: DEBUG: Successfully connected to host 192.168.233.20, port 22 > guacd[100079]: DEBUG: Supported authentication methods: (null) > guacd[100066]: INFO: Connection "$abc52848-a11c-4397-a657-7c2d4bfdb5e9" > removed.{code} > OpenSSH: > {code:java} > debug1: SSH2_MSG_SERVICE_ACCEPT received > debug1: Authentication succeeded (none). > Authenticated to 192.168.233.20 ([192.168.233.20]:22). > debug1: channel 0: new [client-session] > debug2: channel 0: send open > {code} -- This message was sent by Atlassian JIRA (v7.6.3#76005)