guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrews, Keith" <Keith_Andr...@alliedtelesis.com>
Subject RE: SSH & Private Key
Date Mon, 03 Apr 2017 02:53:13 GMT
Thanks Mike! That worked and noted on moving away from noauth.


From: Mike Jumper [mailto:mike.jumper@guac-dev.org]
Sent: Sunday, April 02, 2017 1:41 PM
To: user@guacamole.incubator.apache.org
Subject: Re: SSH & Private Key

On Sat, Apr 1, 2017 at 4:57 PM, Andrews, Keith <Keith_Andrews@alliedtelesis.com<mailto:Keith_Andrews@alliedtelesis.com>>
wrote:
Hello,

I am wondering if anyone out there can help me figure out what is wrong with my noauth-config
configuration for SSH using a private key without a passphrase.  Here is the config in noauth-config.xml:

    <config name="AWS" protocol="ssh">
        <param name="hostname" value="192.168.1.100" />
        <param name="port" value="22" />
        <param name="username" value="ubuntu" />
        <param name="private-key" value="-----BEGIN RSA PRIVATE KEY----- Verylongprivatekey..................................................................................
-----END RSA PRIVATE KEY-----" />
    </config>

Upon connection I am prompted for a passphrase even though this key does not have one.  I
even tried putting the param name="passphrase" value="" and it still doesn't work.  Any help,
tips, etc is very much appreciated.

The key is failing to load because the XML parser is transforming the newlines within the
key to spaces. Because the key fails to load initially, Guacamole assumes the key likely requires
a passphrase, and prompts for that. Of course, the key itself is still invalid, so that fails
as well.

To force the XML parser to include verbatim newlines, you will need to specify them using
the &#xA; entity. For example:

<param name="private-key" value="-----BEGIN RSA PRIVATE KEY-----&#xA;This is the first
line&#xA;This is the second line&#xA;this is the third line&#xA;etc.&#xA;-----END
RSA PRIVATE KEY-----"/>

Specifying the key as above should work as expected.

I recommend switching away from NoAuth when you can. It's the only authentication extension
which would suffer from this, as all others are either not driven by XML or use element bodies
for parameter values, and it has recently been deprecated:

https://issues.apache.org/jira/browse/GUACAMOLE-256

Though the extension itself will still be present in upcoming releases to ease migration,
it's use is no longer recommended, and it will eventually be removed.

- Mike


________________________________
This e-mail message is for the sole use of the intended recipient(s) and may contain confidential
and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited.
If you are not the intended recipient, please contact the sender by reply e-mail and destroy
all copies of the original message. If you are the intended recipient, please be advised that
the content of this message is subject to access, review and disclosure by the sender's e-mail
System Administrator.
Mime
View raw message