Hi
I generated a key that seemingly works with „ssh-keygen -m PEM -t rsa -b 4096” Aug 31 14:35:48 ramoth guacd[11266]: Client is using protocol version "VERSION_1_3_0" Aug 31 14:35:48 ramoth guacd[11266]: Attempting private key import (WITHOUT passphrase) Aug 31 14:35:48 ramoth guacd[11266]: Initial import failed: bad decrypt Aug 31 14:35:48 ramoth guacd[11266]: Re-attempting private key import (WITH passphrase) Aug 31 14:35:48 ramoth guacd[11266]: Auth key successfully imported. Aug 31 14:35:48 ramoth guacd[11266]: Successfully connected to host 192.168.1.122, port 22 But now i got this. Aug 31 14:35:48 ramoth guacd[11266]: No known host keys provided, host identity will not be verified. Aug 31 14:35:48 ramoth guacd[11266]: Supported authentication methods: publickey,password,keyboard-interactive Aug 31 14:35:48 ramoth guacd[11266]: Public key authentication failed: Username/PublicKey combination invalid Aug 31 14:35:48 ramoth guacd[11266]: User "@d64061c4-5fdb-40ee-8b6b-21febd65e9f6" disconnected (0 users remain) What is the problem and how can i make it work? -Adam On Tue, Aug 31, 2021 at 3:53 AM Fábián Ádám <[email protected] <mailto:[email protected]> > wrote: Hi I have Guacamole 1.3 on ubuntu server with mysql auth. I created SSH connections to other computers with username/password combinations but it would be better with keys. I tried some ways but it does not worked. Whats wrong or what do i not understand? The ssh-keygen is used ont he target pc(Windows 10). Network Network: 192.168.1.122 Port: 22 Public host key (Base64): ssh-rsa … … predr@ADAM I dont know this is required or what but tried with the public key that generated with the private one at ssh-keygen. This field is for the public key of the host you're connecting to - as in, the entry you'd see in the .ssh/known_hosts file after logging in from Linux. If you fill out this field, Guacamole will verify the identity of the host -and if you use the wrong thing (the generated public key for your user account is not the correct thing), then connection will fail. If you leave it empty, Guacamole will not do any host identity verification. Authentication Username: predr Password: (login password for target pc) Private key: The whole private key that generated with ssh-keygen. I tried with and without the „-----BEGIN OPENSSH PRIVATE KEY----- -----END OPENSSH PRIVATE KEY-----„ pair. I believe that you need the header/footer in here. Also, one of the issues could be OpenSSH vs. RSA private keys. The documentation says "in OpenSSH format", but I'm thinking that it may only support the older RSA key format. So you might give that a try. Should i use them? Passpharse: The same with the one that i use to create ssh-keygen. Response is: Login failed. Please reconnect and try again. This is the log from that time: Aug 31 07:30:04 ramoth tomcat9[792]: 07:30:04.067 [http-nio-8080-exec-9] DEBUG o.a.g.a.mysql.conf.MySQLEnvironment - Database recognized as MySQL 5.5.5. Aug 31 07:30:04 ramoth tomcat9[792]: 07:30:04.085 [http-nio-8080-exec-9] DEBUG o.a.g.net.InetGuacamoleSocket - Connecting to guacd at localhost:4822. Aug 31 07:30:04 ramoth guacd[765]: Creating new client for protocol "ssh" Aug 31 07:30:04 ramoth guacd[765]: Connection ID is "$de03dc3b-11d3-44b2-b577-7c8850ca5c9e" Aug 31 07:30:04 ramoth guacd[1739]: User "@173c7d15-5558-470e-81e5-08ea2d70a310" joined connection "$de03dc3b-11d3-44b2-b577-7c8850ca5c9e" (1 users now present) Aug 31 07:30:04 ramoth tomcat9[792]: 07:30:04.104 [http-nio-8080-exec-9] INFO o.a.g.tunnel.TunnelRequestService - User "Predrog" connected to connection "9". Aug 31 07:30:04 ramoth guacd[1739]: Auth key import failed: (null) This indicates that it didn't like the key you provided. The most common reasons for this are: * Invalid format (see note above about OpenSSH vs. RSA, and include the headers). * Key is passphrase protected, but you haven't provided a passphrase, or you've provided an incorrect one. You might also try starting guacd in debug logging mode, either with the "-L debug" flag, or by setting log_level in guacd.conf: http://guacamole.apache.org/doc/gug/configuring-guacamole.html#guacd.conf This might provide you some more information on why it's failing. -Nick
