Hey Mike, > IIRC, the support for SSH has to manually parse these keys, and has not yet been updated to support the newer OpenSSH format (as of OpenSSH 7.8):
So I was also onto this and found out that libssh added support for ed25519 keys a few years back. When you say I have to manually parse these keys, does that mean I have to log in once first with plain text authentication? And then add key, restrict to key only after the first log in being password authenticated? I just don't know how to make this work, it would be nice if you can elaborate on "manually parse these keys" > No, not at present: https://issues.apache.org/jira/browse/GUACAMOLE-1219 Seems like the dev held off on updating the pull request, sadly I don't know of the programming language guacamole is coded in therefore can't make a meaningful contribution to that pull request. On Wed, Aug 11, 2021 at 3:24 AM Mike Jumper <[email protected]> wrote: > On Tue, Aug 10, 2021 at 7:46 PM Asmodean Thor <[email protected]> > wrote: > >> Hello, thanks for looking into this, here are my two questions: >> >> 1. SSHing into a remote server with key authentication only. Provided >> unencrypted ed_25519 `cat` output of the private key content. Upon singing >> in ... >> > > Laaaaa... ♫ > > ... it asks for a passphrase even though there is none. Any idea for a fix? >> > > IIRC, the support for SSH has to manually parse these keys, and has not > yet been updated to support the newer OpenSSH format (as of OpenSSH 7.8): > > https://issues.apache.org/jira/browse/GUACAMOLE-746 (Support for Ed25519) > https://issues.apache.org/jira/browse/GUACAMOLE-745 (Support for the new > OpenSSH key format) > > It was historically the case that the underlying libssh2 library did not > support Ed25519, but it does support this now. > > 2. Can I have a user that does not have admin privs to not have to use two >> step auth? In other words exclude a user from needing two step auth. >> > > No, not at present: https://issues.apache.org/jira/browse/GUACAMOLE-1219 > > There is some work contributed on the above, with feedback suggesting a > different approach: https://github.com/apache/guacamole-client/pull/577 > > - Mike > >
