guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrews, Keith" <Keith_Andr...@alliedtelesis.com>
Subject RE: SSH & Private Key
Date Tue, 11 Apr 2017 16:55:30 GMT
Hello,

I have another question concerning this topic.  In the event that the key has blank lines
such as the key I just generated below:

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,79888B9244B7C218CC7BEFB6F7B834F6

D22ZyHcQJi0HVyTwRnHSrBIqzSJnFg2mUy/6YJ5q7MCcdEGgc2h5IKvUWraBRjRI
PbjeoHPi4RUYpDHJ0bLmNT2R4Un8CAnSX5MzsELNbXZ0mVFfk+k2txUiYUGFodma
4P50Ca26DZ7EkzGVLp9eCp0Iaw++hdwshCZjisTpqM6h/UxpPg2XxiHrivpt+TQy
RVuGNCeKV9nVLmHoymhxN7Y3h6wNTwWBc1i7YKHZuvXjfZGpzj6LdcBxNJ207Fyb
fOcd/mQRt3g28JTzCwp9WiuBiY2FPtNXOcV5abjcPbGqc4oUTPyurjJzk8v3SoWq
23xE8GZgqiABwdnD5g9Jl6Gh1jdf2xGu6vuiXxrGkktP089Yz1wBu/rogpuaT9M2
ZRuPoEQTXdh4/zOnr8I4/++rsyb1QvYzRXOmCTgyf9Kdc1sifXZkacdtYvP9oNZM
t9IHrhjIWHYdpPoDusVHZXOqIXASESzrwG4EkaFu/FGJdOjSIMDQtPKyHm1xc1xb
hmIzSJbZi8IlQkO7OrsiAKgPugNXjKCJ6vvU1ojqPsBeqx75L3nimBLeWfJcNceX
Vab6zcNH1pN9JvXhSnWUpD/3xspIR7pgWXyQ9NZaAdZ7btuCmNAJCGXNkDKFqU1d
taxUcnMIOYCcv9rIJBH2xI77N/GtY1rdgEuV3U6lCbly6lz7rY82EGBrmVhC02nH
/+D81H1gst8yVe6rupGSwVMsUojPDTsI+/rzqJUipzbedwPx9YiUqsQiLOnLn/WX
db3Z/Henko2zWtRHAIGw5bteTPmB4Neo1TZwohyCjuf0adtc6xLF5fOCgBhyfEUc
yEyU+yFuBfdmouJ+UHFuaE10Xt8WNdUDB2XZAd4w5AXrF0md4iOqt1U40sNAzLvm
Dmz+EFnVbkpkPoB3kTP0XD0Xs1YVf2aTvOrih4Me5/azmUyLIOUYiI8FYNIQVhUP
SQjkopZAXfG9kPXVbvpzvzElYn71LJo7WCrK2SQzwH8O2RegurrjN87UYw1Fy8pQ
cjf0Cwt1NXz015QZjLSkmEEXnMvSvWkLEWPbd04vhxFbPx3jWGhth1ZTFl8m3UL+
2beDLoiBUfsOLMvKcT8oRnLFFnF58HEhgiyTx40V8k94f3skqdkbRcYPPWzlyD/x
aE/O8d/8iOnhjRPPibhNeXP4Xm+SD1RKJJt/jdcmA/oEqOWNFMvrvrorQ1+x2Bf0
xR2Z5+LkcsRjh/7n08wsyCScTS8wERf3LggG+f96+sv482cUImDnU8/IzQuJKwKE
EHrvfCWRI70ki7JZsVW2s8aiWB1I237/smIEUuUZSKWkzCugA68L5DUDZeGcY951
3UNHBiuun7RtaalWmUucIjapxRTZ+raXZFHEpNMXmRAJP6vlgIZczsSGsJekgmy8
lOK5hxRNn4zQBaF5OwhIgqt7ehqfLHlSPUo6UV9vAHQ9IpQd8hAJAtKNqizdutsT
QTr+jhNK9PNwwBb5fgFzEYdT8sVEFVyTmt5ZKe2HNukAIBl6e3ynB/ZriUi38MQW
UTcJOS8utR6DdUC1atKnmOEbgBmUOzmC97Ei686cDFYai20QKqhn2XeZJkYb8HvN
-----END RSA PRIVATE KEY-----

Would we use the &#xA; entity in the empty line?  This is currently a problem for us.
 When there are no blank lines it works, but when there is it doesn’t.

Any help you can provide on this is greatly appreciated.

Thanks,
Keith
From: Mike Jumper [mailto:mike.jumper@guac-dev.org]
Sent: Sunday, April 02, 2017 1:41 PM
To: user@guacamole.incubator.apache.org
Subject: Re: SSH & Private Key

On Sat, Apr 1, 2017 at 4:57 PM, Andrews, Keith <Keith_Andrews@alliedtelesis.com<mailto:Keith_Andrews@alliedtelesis.com>>
wrote:
Hello,

I am wondering if anyone out there can help me figure out what is wrong with my noauth-config
configuration for SSH using a private key without a passphrase.  Here is the config in noauth-config.xml:

    <config name="AWS" protocol="ssh">
        <param name="hostname" value="192.168.1.100" />
        <param name="port" value="22" />
        <param name="username" value="ubuntu" />
        <param name="private-key" value="-----BEGIN RSA PRIVATE KEY----- Verylongprivatekey..................................................................................
-----END RSA PRIVATE KEY-----" />
    </config>

Upon connection I am prompted for a passphrase even though this key does not have one.  I
even tried putting the param name="passphrase" value="" and it still doesn't work.  Any help,
tips, etc is very much appreciated.

The key is failing to load because the XML parser is transforming the newlines within the
key to spaces. Because the key fails to load initially, Guacamole assumes the key likely requires
a passphrase, and prompts for that. Of course, the key itself is still invalid, so that fails
as well.

To force the XML parser to include verbatim newlines, you will need to specify them using
the &#xA; entity. For example:

<param name="private-key" value="-----BEGIN RSA PRIVATE KEY-----&#xA;This is the first
line&#xA;This is the second line&#xA;this is the third line&#xA;etc.&#xA;-----END
RSA PRIVATE KEY-----"/>

Specifying the key as above should work as expected.

I recommend switching away from NoAuth when you can. It's the only authentication extension
which would suffer from this, as all others are either not driven by XML or use element bodies
for parameter values, and it has recently been deprecated:

https://issues.apache.org/jira/browse/GUACAMOLE-256

Though the extension itself will still be present in upcoming releases to ease migration,
it's use is no longer recommended, and it will eventually be removed.

- Mike


________________________________
This e-mail message is for the sole use of the intended recipient(s) and may contain confidential
and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited.
If you are not the intended recipient, please contact the sender by reply e-mail and destroy
all copies of the original message. If you are the intended recipient, please be advised that
the content of this message is subject to access, review and disclosure by the sender's e-mail
System Administrator.
Mime
View raw message