Hi


I generated a key that seemingly works with „ssh-keygen -m PEM -t rsa -b 4096” 


Aug 31 14:35:48 ramoth guacd[11266]: Client is using protocol version 
"VERSION_1_3_0"

Aug 31 14:35:48 ramoth guacd[11266]: Attempting private key import (WITHOUT 
passphrase)

Aug 31 14:35:48 ramoth guacd[11266]: Initial import failed: bad decrypt

Aug 31 14:35:48 ramoth guacd[11266]: Re-attempting private key import (WITH 
passphrase)

Aug 31 14:35:48 ramoth guacd[11266]: Auth key successfully imported.

Aug 31 14:35:48 ramoth guacd[11266]: Successfully connected to host 
192.168.1.122, port 22

 

But now i got this.

Aug 31 14:35:48 ramoth guacd[11266]: No known host keys provided, host identity 
will not be verified.

Aug 31 14:35:48 ramoth guacd[11266]: Supported authentication methods: 
publickey,password,keyboard-interactive

Aug 31 14:35:48 ramoth guacd[11266]: Public key authentication failed: 
Username/PublicKey combination invalid

Aug 31 14:35:48 ramoth guacd[11266]: User 
"@d64061c4-5fdb-40ee-8b6b-21febd65e9f6" disconnected (0 users remain)



What is the problem and how can i make it work?

 

-Adam

 

On Tue, Aug 31, 2021 at 3:53 AM Fábián Ádám <[email protected] 
<mailto:[email protected]> > wrote:

Hi

I have Guacamole 1.3 on ubuntu server with mysql auth.
I created SSH connections to other computers with username/password 
combinations but it would be better with keys.

I tried some ways but it does not worked. Whats wrong or what do i not 
understand?
The ssh-keygen is used ont he target pc(Windows 10).

 

Network
                Network:                                             
192.168.1.122

                Port:                                                     22

                Public host key (Base64):             ssh-rsa … …  predr@ADAM

I dont know this is required or what but tried with the public key that 
generated with the private one at ssh-keygen.

 

This field is for the public key of the host you're connecting to - as in, the 
entry you'd see in the .ssh/known_hosts file after logging in from Linux. If 
you fill out this field, Guacamole will verify the identity of the host -and if 
you use the wrong thing (the generated public key for your user account is not 
the correct thing), then connection will fail. If you leave it empty, Guacamole 
will not do any host identity verification.

 

                                                                               

Authentication

                Username:                                        predr

                Password:                                          (login 
password for target pc)

                Private key:                                       The whole 
private key that generated with ssh-keygen. 

I tried with and without the „-----BEGIN OPENSSH PRIVATE KEY----- -----END 
OPENSSH PRIVATE KEY-----„ pair.

 

I believe that you need the header/footer in here. Also, one of the issues 
could be OpenSSH vs. RSA private keys. The documentation says "in OpenSSH 
format", but I'm thinking that it may only support the older RSA key format. So 
you might give that a try.

 

Should i use them?

                Passpharse:                                       The same with 
the one that i use to create ssh-keygen.

 

Response is: Login failed. Please reconnect and try again.

 

This is the log from that time: 

Aug 31 07:30:04 ramoth tomcat9[792]: 07:30:04.067 [http-nio-8080-exec-9] DEBUG 
o.a.g.a.mysql.conf.MySQLEnvironment - Database recognized as MySQL 5.5.5.

Aug 31 07:30:04 ramoth tomcat9[792]: 07:30:04.085 [http-nio-8080-exec-9] DEBUG 
o.a.g.net.InetGuacamoleSocket - Connecting to guacd at localhost:4822.

Aug 31 07:30:04 ramoth guacd[765]: Creating new client for protocol "ssh"

Aug 31 07:30:04 ramoth guacd[765]: Connection ID is 
"$de03dc3b-11d3-44b2-b577-7c8850ca5c9e"

Aug 31 07:30:04 ramoth guacd[1739]: User 
"@173c7d15-5558-470e-81e5-08ea2d70a310" joined connection 
"$de03dc3b-11d3-44b2-b577-7c8850ca5c9e" (1 users now present)

Aug 31 07:30:04 ramoth tomcat9[792]: 07:30:04.104 [http-nio-8080-exec-9] INFO  
o.a.g.tunnel.TunnelRequestService - User "Predrog" connected to connection "9".

Aug 31 07:30:04 ramoth guacd[1739]: Auth key import failed: (null)

 

This indicates that it didn't like the key you provided. The most common 
reasons for this are:

* Invalid format (see note above about OpenSSH vs. RSA, and include the 
headers).

* Key is passphrase protected, but you haven't provided a passphrase, or you've 
provided an incorrect one.

 

You might also try starting guacd in debug logging mode, either with the "-L 
debug" flag, or by setting log_level in guacd.conf:

 

http://guacamole.apache.org/doc/gug/configuring-guacamole.html#guacd.conf

 

This might provide you some more information on why it's failing.

 

-Nick

Reply via email to