Hello Guacamole Community,
I hope this email finds you well. I am currently exploring advanced authentication methods for SSH connections through Guacamole and would like to inquire about the specifics of using SSH certificate-based authentication. I have a few questions regarding this and would be very grateful for any insights or guidance you can provide. My main goal is to understand how to achieve host certificate-based authentication, where the Guacamole client verifies the SSH server's host certificate against a Certificate Authority (CA), rather than just a standard host key. To help clarify, here are my specific questions: 1. *How does certificate-based authentication currently work with SSH in Guacamole?* From what I can see, Guacamole supports standard public key authentication for users (using a private/public key pair) and host key verification (using the host-key parameter). However, it's not clear if there is built-in support for SSH certificates (user or host) as defined by OpenSSH (i.e., keys signed by a CA). 2. *What input parameters are required to achieve SSH certificate-based authentication?* Are there specific connection parameters, beyond private-key, public-key, and host-key, that I would need to provide in my configuration to make Guacamole use and trust an SSH certificate for authentication? 3. *What server-side configuration is needed?* For host certificate authentication, I would typically configure the SSH server (sshd_config) with HostCertificate and TrustedUserCAKeys directives. Is there any special configuration required on the SSH server to make it compatible with Guacamole's implementation? 4. *Is there any detailed documentation on this topic?* If this functionality exists, could you please point me to any documentation, guides, or examples that walk through the setup process for SSH certificate-based authentication with Guacamole? I appreciate you taking the time to read my inquiry. Any help you can offer would be immensely valuable. Thank you and best regards, Dilip -- This communication (including any attachments) is intended for the sole use of the intended recipient and may contain confidential, non-public, and/or privileged material. Use, distribution, or reproduction of this communication by unintended recipients is not authorized. If you received this communication in error, please immediately notify the sender and then delete all copies of this communication from your system.
