[
https://issues.apache.org/jira/browse/GUACAMOLE-745?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17256089#comment-17256089
]
Nick Couchman commented on GUACAMOLE-745:
-----------------------------------------
Digging into this issue and GUACAMOLE-746 a little more, it looks like the
changes are going to be a bit more involved than just allowing another header
format - currently the code uses the header to detect the type of key (RSA,
DSA, etc.); however, it appears that generating an OpenSSH key in either RSA
format or ED25519 format both result in the new header "BEGIN OPENSSH PRIVATE
KEY" - the header is no longer a valid indication of the key format. This means
our code is likely going to have to loop through supported formats and attempt
to load the key, or we're going to have to have an option for the user to
specify the key format.
> Add support for OpenSSH private key format
> ------------------------------------------
>
> Key: GUACAMOLE-745
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-745
> Project: Guacamole
> Issue Type: Improvement
> Components: guacd, SSH
> Environment: Docker official images 1.0.0
> Reporter: Julien Nicoulaud
> Priority: Minor
>
> Since OpenSSH 7.8, {{ssh-keygen}} does not generate keys in PEM format by
> default anymore: [https://www.openssh.com/txt/release-7.8]
> Attempting to use keys in the new format in Guacamole does not work, and does
> not print any helpful error message even in debug mode:
> {code:java}
> guacd_1 | guacd[296]: DEBUG: Attempting private key import
> (WITHOUT passphrase)
> guacd_1 | guacd[296]: DEBUG: Initial import failed: (null)
> guacd_1 | guacd[296]: DEBUG: Re-attempting private key import
> (WITH passphrase)
> guacd_1 | guacd[296]: ERROR: Auth key import failed: (null){code}
> It would be nice if keys in OpenSSH new format were supported. At least a
> more helpful error message should be printed (like "unrecognized key format").
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
