guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Jumper <>
Subject Re: SSH & Private Key
Date Sun, 02 Apr 2017 20:41:14 GMT
On Sat, Apr 1, 2017 at 4:57 PM, Andrews, Keith <> wrote:

> Hello,
> I am wondering if anyone out there can help me figure out what is wrong
> with my noauth-config configuration for SSH using a private key without a
> passphrase.  Here is the config in noauth-config.xml:
>     <config name="AWS" protocol="ssh">
>         <param name="hostname" value="" />
>         <param name="port" value="22" />
>         <param name="username" value="ubuntu" />
>         <param name="private-key" value="-----BEGIN RSA PRIVATE KEY-----
> Verylongprivatekey..........................................
> ........................................
> -----END RSA PRIVATE KEY-----" />
>     </config>
> Upon connection I am prompted for a passphrase even though this key does
> not have one.  I even tried putting the param name="passphrase" value=""
> and it still doesn't work.  Any help, tips, etc is very much appreciated.

The key is failing to load because the XML parser is transforming the
newlines within the key to spaces. Because the key fails to load initially,
Guacamole assumes the key likely requires a passphrase, and prompts for
that. Of course, the key itself is still invalid, so that fails as well.

To force the XML parser to include verbatim newlines, you will need to
specify them using the &#xA; entity. For example:

<param name="private-key" value="-----BEGIN RSA PRIVATE KEY-----&#xA;This
is the first line&#xA;This is the second line&#xA;this is the third
line&#xA;etc.&#xA;-----END RSA PRIVATE KEY-----"/>

Specifying the key as above should work as expected.

I recommend switching away from NoAuth when you can. It's the only
authentication extension which would suffer from this, as all others are
either not driven by XML or use element bodies for parameter values, and it
has recently been deprecated:

Though the extension itself will still be present in upcoming releases to
ease migration, it's use is no longer recommended, and it will eventually
be removed.

- Mike

View raw message