Hi Gabriel, imho, asking for encryption via Guacamole or even end users is a dead-end here. Protect the server itself (full encryption close to hardware is always a good idea), and audit administrative access reasonably. Guacamole cannot do better as it would have to store a key somewhere, and end users are notoriously bad in key management.
How do you solve that issue with other shares? I´d be surprised if there are none or that Guacamole is more critical than anything else. Best Regards, Joachim Von: gabriel sztejnworcel <> Gesendet: Friday, 6 May 2022 21:10 An: [email protected] Betreff: Re: File Encryption for RDP Redirected Folders Hi Joachim, We use Guacamole with some customizations (code changes). The way we implemented it - the redirected folder is a per-session temporary folder, it has a unique name and it's deleted at the end of the session, so other users in RDP sessions (or even the same user from another session) can't see the files from within the session, but if someone gets access to the server with the right permissions they would get access to the files, this what we are trying to mitigate. Thanks, Gabriel On Wed, 4 May 2022 at 17:59, Nick Couchman <[email protected] <mailto:[email protected]> > wrote: On Wed, May 4, 2022 at 10:44 AM Joachim Lindenberg <[email protected] <mailto:[email protected]> > wrote: Hello Nick & Gabriel, before thinking about encryption, what is the user and authorization concept for that share? Can every user see and change all other users files? Or are the paths somehow distinct for all users, disallowing sharing? The doc only states, the guacd process needs to be able to read/write the directory, nothing else. It's important to understand that the access to the redirected folder is done by the user running guacd. So, if you point all users to the same exact folder in the redirection, everyone will have access to all of the files. This can be mitigated in a couple of ways: * Use tokens in Guacamole to point users to their own folders - for example, the path in the redirection could be /files/guacamole/${GUAC_USERNAME}, which means each user logging into Guacamole (not necessarily the remote system) will have their own folder. * Instead of using folder redirection, use SSH on a server with Samba installed, so you can transparently share that folder both with the remote system (via SMB) and with the Guacamole browser (via SSH). In fact I never enabled that drive, because I never understood and thus referred my users to using standard shares that support ACLs (and all the shares are ultimately protected by Bitlocker, as is my Guacamole setup as it runs on Hyper-V). Yes, folder redirection is different than a file share. Thanks for your answer Nick! It's not so clear to me how this can be implemented only on the remote server side since files are uploaded by Guacamole without any involvement of the remote server, unless it somehow monitors the folder and each time a new file is created it encrypts it immediately. I will look into it, thanks! Yeah, you're correct about that - it wouldn't work for the remote access from Guacamole (the browser) to the remote server. So, there'd have to be some additional work (coding) done to make it work for both the remote system (server via RDP) and the web browser. -Nick
