On 2/20/24 20:23, Ray Smith wrote:
Unable to get a native Ubuntu build of guacd to work the same as the
docker build when it comes to OPENSSH private key format. Scripted the
build process to mimic that used by docker (building dependencies),
using Ubuntu 20.04 LTS and Ubuntu 22.04 LTS as the native base. Still
no luck with OPENSSH formatted keys.
https://github.com/RaySmith1/ubuntu-guacd-build/blob/main/build.sh >
I think I understand that the standard of PKCS#1 RSA (and PKCS#8?) are
supported. But I found references that call out any keys that SSH
supports can be stored as OPENSSH key format and those can be
loaded/unloaded without relying on SSL/TLS library. If the goal of
OPENSSH key format was to eliminate the need for external libraries why
specifically does the docker version appears to support the use of
OPENSSH keys while the native Ubuntu version does not. What is
necessary to support OPENSSH keys with the native Ubuntu builds?
Guacamole inherits its support for SSH keys from libssh2. If the version
of libssh2 installed supports a particular key format, then so does
Guacamole if built against that version of libssh2. There is nothing
within Guacamole itself that adds/removes support for any particular
type of key.
I'm not sure what you're referring to regarding eliminating the need for
libraries. Introducing a new format of key doesn't eliminate the need
for libraries to decode that new format of key; it requires that
libraries like libssh2 that already support the older format of key must
now also implement support for the new format.
The version of libssh2 that introduced support for OpenSSH's new key
format was 1.9.0, while the version of Guacamole that introduced support
for using purely libssh2 to read these keys was 1.5.0:
https://guacamole.apache.org/releases/1.5.0/#ecc-keys
If you are certain that what you're building is recent enough, then you
should have the necessary support, and I'm not sure why things would be
failing. Logs might help. The only possibilities that come to mind are:
* There might be a copy of libssh2 present from an Ubuntu package taking
precedence over the version you're manually building.
* There is a known issue with libssh2 that causes reading a key to fail
which has since been fixed ... but that fix has not yet been released by
libssh2: https://github.com/libssh2/libssh2/issues/773. Variation
between the libc used by Alpine (our Docker images) and Ubuntu (your
build) might make that issue less likely to occur in the Alpine case.
- Mike
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
