Thanks, Nick! Cheers,
Daniel Storey From: Nick Couchman <vn...@apache.org> Reply-To: "user@guacamole.apache.org" <user@guacamole.apache.org> Date: Thursday, 15 November 2018 at 10:41 pm To: "user@guacamole.apache.org" <user@guacamole.apache.org> Subject: Re: Using Public/Private key based authenication with LDAP On Thu, Nov 15, 2018 at 5:33 AM Daniel Storey <daniel.sto...@rededucation.com<mailto:daniel.sto...@rededucation.com>> wrote: Hi Guys, I'm wondering if I can set up ssh key authentication by storing the private keys in LDAP for guacamole? With a parameter type of guacConfigParameter, what keyword would I use to describe it? Yes, you can do this, though I'd caution you to be very careful and make sure that the permissions on the objects in your LDAP directory that have the private keys are very locked down. Basically only the users who are going to run the connection should have any access to that Guacamole connection object. Here's an excerpt from the LDIF file I'm using to create the object inside the LDAP directory: guacConfigParameter: hostname=172.30.7.117 guacConfigParameter: port=22 guacConfigParameter: username=admin guacConfigProtocol: ssh See: http://guacamole.apache.org/doc/gug/configuring-guacamole.html#ssh Basically, any of the parameters on that page can be put into the configuration, so you can use the "private-key" parameter as well as the "passphrase" parameter (if required). -Nick
