Hi,
I'm quite new to Guacamoleand VNC. I've Guacamole 1.3.0 and TigerVNC up
and running on Ubuntu 20.04 - everything is running on the same machine.
Now, I've some trouble getting file transfer working with public keys.
It works using sftp-password, but not using sftp-private-key (neither
with sftp-passphrase nor without).
I get these error-messages:
guacd[4134]: DEBUG:#011Connecting via SSH for SFTP filesystem access.
guacd[4134]: guacd[4134]: DEBUG:#011Authenticating with private key.
guacd[4134]: guacd[4134]: ERROR:#011Private key unreadable.
guacd[4134]: Authenticating with private key.
guacd[4134]: Private key unreadable.
I've created a key pair by ssh-keygen. I've put it in /etc/guacamole and
configured the absolute path:
<connection name="localhost - VNC">
<protocol>vnc</protocol>
<param name="hostname">localhost</param>
<param name="port">5901</param>
<param name="username">volker</param>
<param name="password">...</param>
<param name="enable-audio">false</param>
<param name="enable-sftp">true</param>
<param name="sftp-username">volker</param>
<param name="sftp-private-key">/etc/guacamole/id_volker</param>
<param name="sftp-directory">/home/volker/Downloads</param>
<param name="sftp-root-directory">/home/volker</param>
</connection>
guacd is started by systemd and running as user daemon:
ps -fC guacd
UID PID PPID C STIME TTY TIME CMD
daemon 715 1 0 14:00 ? 00:00:00 /usr/local/sbin/guacd -f
I'm able to login as user daemon:
sudo -u daemon ssh -i /etc/guacamole/id_volker volker@localhost
The private key is owned by the user:
-rw------- 1 daemon daemon 3357 Jan 13 18:15 /etc/guacamole/id_volker
Tomcat is running as user tomcat. I think this doesn't matter because
the error messages are created by guacd. To be one the safe side, I've
tested this, too:
chown tomcat:tomcat /etc/guacamole/id_volker
root@vps42181877460:~# sudo -u tomcat ssh -i /etc/guacamole/id_volker
volker@localhost
guacd prints out the same error:
guacd[3302]: Client is using protocol version "VERSION_1_3_0"
guacd[3302]: VNC server supports protocol version 3.8 (viewer 3.8)
guacd[3302]: We have 1 security types to read
guacd[3302]: 0) Received security type 2
guacd[3302]: Selecting security type 2 (0/1 in the list)
guacd[3302]: Selected Security Scheme 2
guacd[3302]: VNC authentication succeeded
guacd[3302]: Desktop name "...:1 (volker)"
guacd[3302]: Connected to VNC server, using protocol version 3.8
guacd[3302]: VNC server default format:
guacd[3302]: 32 bits per pixel.
guacd[3302]: Least significant byte first in each pixel.
guacd[3302]: TRUE colour: max red 255 green 255 blue 255, shift red 16
green 8 blue 0
guacd[3302]: Connecting via SSH for SFTP filesystem access.
guacd[3302]: guacd[3302]: DEBUG:#011Connecting via SSH for SFTP
filesystem access.
guacd[3302]: Authenticating with private key.
guacd[3302]: guacd[3302]: DEBUG:#011Authenticating with private key.
guacd[3302]: Private key unreadable.
guacd[3302]: guacd[3302]: ERROR:#011Private key unreadable.
guacd[3302]: User "@3b81468c-4606-47e5-a629-574f2ff08490" disconnected
(0 users remain)
guacd[3302]: guacd[3302]: INFO:#011User
"@3b81468c-4606-47e5-a629-574f2ff08490" disconnected guacd[3302]:
guacd[3302]: INFO:#011Last user of connection 4f98c75" disconnected
guacd[3302]: Last user of connection
"$590e796a-3349-4d26-9e81-3585a4f98c75" disconnected
guacd[3302]: Requesting termination of client...
Cheers, Volker
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
