[Help] Public key authentication failed
Hi All, I've recently set up Guacamole 1.0.0 on Ubuntu Server. I've got RDP working but I'm having trouble connecting to my SSH server (running on the same machine). My user-mapping.xml file looks like this: ... ssh localhost 221 callum -BEGIN RSA PRIVATE KEY- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,F632976EDF6827B4 vCKB/Qlpj8... ...mHDqWBNu9ZH5i7YnCVvjA== -END RSA PRIVATE KEY- ... I can connect, I'm presented with a "Key passphrase:" prompt. When I enter the passphrase I immediately disconnect and the error in syslog says Public key authentication failed: Invalid signature for supplied public key, or bad username/public key combination My key was originally generated by PuTTY and I'm using PuTTY Key Generator to convert the private key to OpenSSH format. I'm not too sure what else to try. Any ideas? Thanks Callum
Re: Sponsoring ongoing Debian packaging ?
Hello, Le 19-01-15 à 17 h 03, Dominik George a écrit : > [...] > Just for the record: The lack of updates to the guacamole package have > nothing to do with a lack of interest, time or other resources. > > They are because Guacamole cannot be built due to upstream not migrating > the RDP module to FreeRDP 2 > (https://issues.apache.org/jira/browse/GUACAMOLE-249) or, depending on > the point of view, because FreeRDP 1 was removed from Debian > prematurely. > > So if you want to help, please help upstream migrate to FreeRDP 2. Thanks for clarifying this. I've updated the Debian bug reports and wiki page on Guacamole and asked on JIRA for the current status of FreeRDP 2 support, last activity there was in September. Thanks to those who replied regarding Debian packaging too, once there is more information on Guacamole JIRA #249 / Debian #900447 it will be easier to decide and go ahead. F. signature.asc Description: OpenPGP digital signature
Re: Guacamole performance improvement
I am also using the token API and Logout API and it always responds. *TO GET TOKEN :-* 1. Request URL: https://hostname/guacamole/api/tokens 2. Request Method: POST 3. Status Code: 200 OK 4. Remote Address: hostname:443 5. Referrer Policy: origin-when-cross-origin *TO DELETE TOKEN :-* 1. Request URL: https://hostname/guacamole/api/tokens/7DAA03E7D8ED357CC24F34515484BDC838B72B19F73D3F90A9E5546DA4465956 2. Request Method: DELETE 3. Status Code: 204 No Content 4. Remote Address: hostname:443 5. Referrer Policy: origin-when-cross-origin My suggestion would be to checkout latest code of *guacamole-client *and *guacamole-server *and then test without doing any changes in the code or without calling any API ( using *user-mapping.xml*). ** ** ** * * *rdp* ** *3389* *reconnect* ** *amarjeet.singh* *xx* ** ** * If issue still exists, then take the *tcpdump *for the delay. *NOTE :* If you haven't done any changes in guacamole-client and guacamole-server code that means the issue is not with the API. As Nick said you can always check the *logs of guacamole-client and guacamole-server*. For memory consumption, please check which process is consuming more memory using *top command. * Check if it is guacd or java . *On Wed, Jan 16, 2019 at 6:12 PM Shilpa Bhandari > wrote:* > One more thing. The memory consumption by Guacamole reached upto 90-100% > when this issue occurred. CPU utilization was also ~70%. I'm working with 5 > Guac users and 5 remoting instances. > > Thanks and regards, > Shilpa Bhandari > > > On Wed, Jan 16, 2019 at 5:34 PM Nick Couchman wrote: > >> On Wed, Jan 16, 2019 at 6:44 AM Shilpa Bhandari < >> shilpa.bhand...@fonantrix.com> wrote: >> >>> In my case I made 3-4 calls to Guac API to delete a token but it didn't >>> give any response for those and after 4-5 minutes it sent response for >>> those calls as 404 Token not found. Meanwhile there were some other calls >>> also to Guac API to fetch new tokens and those calls also got responded >>> with this much delay. >>> >> >> Yes, this is not expected behavior for Guacamole, and indicates either an >> issue with the system running Guacamole Client (Tomcat) or the network >> between the web browser and the server. >> >> -Nick >> >
Re: Guacamole performance improvement
On Wed, Jan 16, 2019, 04:42 Shilpa Bhandari One more thing. The memory consumption by Guacamole reached upto 90-100% > when this issue occurred. CPU utilization was also ~70%. I'm working with 5 > Guac users and 5 remoting instances. > Resource consumption for 5 typical remote desktop users should be minimal. I don't really know what to tell you other than what you're seeing doesn't make sense. I suggest checking whether other factors (overcommitted hypervisor resources? very low memory available on the server on general?) might be exacerbating what is otherwise a very low level of concurrent use. Perhaps you could describe how your server is set up at a low level? Hardware, virtualization in use (if any), and the amount of actual dedicated resources available? Is there anything custom about your deployment? Custom auth of some kind? - Mike
Re: Guacamole performance improvement
One more thing. The memory consumption by Guacamole reached upto 90-100% when this issue occurred. CPU utilization was also ~70%. I'm working with 5 Guac users and 5 remoting instances. Thanks and regards, Shilpa Bhandari On Wed, Jan 16, 2019 at 5:34 PM Nick Couchman wrote: > On Wed, Jan 16, 2019 at 6:44 AM Shilpa Bhandari < > shilpa.bhand...@fonantrix.com> wrote: > >> In my case I made 3-4 calls to Guac API to delete a token but it didn't >> give any response for those and after 4-5 minutes it sent response for >> those calls as 404 Token not found. Meanwhile there were some other calls >> also to Guac API to fetch new tokens and those calls also got responded >> with this much delay. >> > > Yes, this is not expected behavior for Guacamole, and indicates either an > issue with the system running Guacamole Client (Tomcat) or the network > between the web browser and the server. > > -Nick >
Re: How to get key strokes from guacamole?
Hi. Fist of all thanks for your attention!I could implement the FilteredWriter class and it´s working great. I just cannot find where guacamole get the key codes, for example:If I hit the letter 'a' on browser, I get a *GuacamoleInstruction* with an 'key' opcode and *97* as keycode:The KeySym link wich you sent on the previous response is broken, and I cannot find a way to map these key codes to the correspond character. Do you have the correct link or can you give me a tip with this?Thanks! -- Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
Re: Guacamole performance improvement
On Wed, Jan 16, 2019 at 6:44 AM Shilpa Bhandari < shilpa.bhand...@fonantrix.com> wrote: > In my case I made 3-4 calls to Guac API to delete a token but it didn't > give any response for those and after 4-5 minutes it sent response for > those calls as 404 Token not found. Meanwhile there were some other calls > also to Guac API to fetch new tokens and those calls also got responded > with this much delay. > Yes, this is not expected behavior for Guacamole, and indicates either an issue with the system running Guacamole Client (Tomcat) or the network between the web browser and the server. -Nick
Re: SSL
On Wed, Jan 16, 2019 at 4:19 AM sciUser wrote: > I am going to give a complete step-by-step instruction on how to get SSL on > guacamole running on CentOS7 build. I really wish the Guacamole project > would have more instructions like this, it would help so many. > > Thank you for the detailed instructions. We do have instructions for configuring Guacamole behind a proxy, in the Guacamole Manual: http://guacamole.apache.org/doc/gug/proxying-guacamole.html Since configuring SSL in either httpd or Nginx is more of an issue for httpd or Nginx, and there are plenty of sites that describe how to do that, we tried to keep the manual focused on configuration items specific to Guacamole. > Hope this helps some out there. > > Very likely it will. -Nick
Re: Guacamole performance improvement
In my case I made 3-4 calls to Guac API to delete a token but it didn't give any response for those and after 4-5 minutes it sent response for those calls as 404 Token not found. Meanwhile there were some other calls also to Guac API to fetch new tokens and those calls also got responded with this much delay. Thanks and regards, Shilpa Bhandari On Tue, Jan 15, 2019 at 11:23 PM Mike Jumper wrote: > On Tue, Jan 15, 2019, 04:16 Shilpa Bhandari wrote: > >> I'm using Guacamole API to fetch session token and to expire the token >> also. But sometimes the API doesn't respond back but seems that the work >> gets done on Guacamole side. e.g. I made a call to expire the token and for >> 3-4 minutes no response returned from Guac API after sometime when I make >> same call it responds back with Token not found error which indicates that >> the token has already been expired using previous calls. Any thoughts on >> this? >> > > The API always responds, and revoking a token should be instantaneous. If > you are seeing delays and sometimes zero response, it sounds like something > is interfering on the network. > > - Mike > >
Re: SSL
I am going to give a complete step-by-step instruction on how to get SSL on guacamole running on CentOS7 build. I really wish the Guacamole project would have more instructions like this, it would help so many. Steps as followed: 1. Login to your CentOS7 using SSH you will need root access - is you have sudo enabled issue the command *sudo -i* and the users password - if you do not have sudo enabled for users (you should) issue the command *su* then the root password 2. Navigate to */etc/nginx* issue the command* cd /etc/nginx* 3. Create a directory called ssl (lowercase) issue the command mkdir ssl from /etc/nginx directory 4. Navigate in to ssl directory , issue the command *cd ssl* 5. Create another directory called *private*, issue the command *mkdir private* 6. Use the following command to generate your new key csr files , issue the command: *openssl req -new -newkey rsa:2048 -nodes -keyout /etc/nginx/ssl/yourdomain_server.key -out /etc/nginx/ssl/yourdomain.csr* Note1: /Replace yourdomain is YOUR OWN DOMAIN NAME./ Note2: follow the prompts, a description below of the prompts; *Country Name:* Use the two-letter code without punctuation for country, for example: US *State or Province:* Spell out the state completely; do not abbreviate the state or province name, for example: California, not CA *Locality or City: *The Locality field is the city or town name, for example: Eugene. Do not abbreviate. For example: Mountain View, not Mt. View *Company:* If the company or department has an &, @, or any other symbol using the shift key in its name, the symbol must be spelled out or omitted, in order to enroll. Example: XY & Z Corporation would be XYZ Corporation or XY and Z Corporation. *Organizational Unit:* The Organizational Unit (OU) field is the name of the department or organization unit making the request. To skip the OU field, press Enter\Return on the keyboard. *Common Name: *The Common Name is the Host + Domain Name. It looks like "*www.company.com*" or "*company.com*" or Wildcard "**.company.com*" *Support Email:* Enter in the email address of who is responsible for the certificate,normally this is support or hostmas...@company.com 7. Do not enter in a password or additional company name when prompted. ( you will see it, so dont do it) 8. At this point you will need to copy the contents of the *yourdomain.csr* file this is the pem code. Will look like this below, don't worry this is not a valid pem. Then go to your certificate authorities website and enter paste the /yourdomain.csr/ code in to the generator. This will very based on your providers interface. 9. You should get four (4) files from your certificate provider. *- TrustExternalCARoot.crt (root file) - USERTrustRSAAddTrust.crt (intermediate1 file) - RSADomainValidationSecureCA.crt (intermediate2 file) - YourDomain_com.crt (Domain file)* 10. You will need to create the following three files using the four files from the provider and one file from the server. 11. Create your first bundle file using the following crt files, you can use Notepad or vi or nano as your editors to paste these files in, you must do them in order below. Name this file *yourdomain-bundle.crt* and it will be located in the */etc/nginx/ssl* directory. 12. Create your private key with entire Trust chain, like before use notepad, vi or nano as your editor, make sure to save this file as *yourdomain_priv.key* in */etc/nginx/ssl/private/ *directory. 13. Because this is nginx I highly recommend generating a *dhparam.pem* file use the following command: *openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2046* Note: this may take up to 45 minutes to generate depending on your system performance. Mine generated in 120 second or so. 14. Navigate to */etc/nginx/conf.d* 15. vi in to *guacamole_ssl.conf *make the following edits to the file as seen below. 16. Exit and restart nginx using the following command: *systemctl restart nginx* 17. The most important part is to secure all the files, make sure you are* /etc/nginx* then issue the command: *chmod -R 600 ssl/** Hope this helps some out there. Thank You -- Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/