Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum
Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Guacamole
  3. SSH connection with private key fails

SSH connection with private key fails

Scheduled Pinned Locked Moved Solved Guacamole
sshkeyserrorbug
5 Posts 2 Posters 6.6k Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • RubenFixitR Offline
    RubenFixitR Offline
    RubenFixit
    wrote on last edited by RubenFixit
    #1

    I've been trying to get a connection to work using SSH and private key for authentication. No matter what kind of ssh private key I use (with or without passphrase or different encryption method) I always get the same errors:

    Feb 24 13:13:18 guacd[318]: DEBUG: Attempting private key import (WITHOUT passphrase)
Feb 24 13:13:18 guacd[318]: DEBUG: Initial import failed: (null)
Feb 24 13:13:18 guacd[318]: DEBUG: Re-attempting private key import (WITH passphrase)
Feb 24 13:13:53 guacd[318]: ERROR: Auth key import failed: (null)

    I believe the issue is related to this: https://issues.apache.org/jira/browse/GUACAMOLE-1540

    The suggested solution is to update the guacamole-server docker build to use libssh2 1.9.0-3.

    Currently it is using libssh2 1.8.0-2

    Can you please update the dockerfile to use the newer version of libssh2?

    girishG 2 Replies Last reply
    0
    • girishG Offline
      girishG Offline
      girish Staff
      wrote on last edited by
      #4

      It seems support for the newer keys was just merged in Jan - https://github.com/apache/guacamole-server/commit/23612720ce3738e2fc579f57acd9d19eedf198fc . So, we have to wait for a new guacamole release. Until then, just use -m PEM to generate old style keys.

      1 Reply Last reply
      1
      • girishG Offline
        girishG Offline
        girish Staff
        replied to RubenFixit on last edited by
        #2

        @RubenFixit Will look into this. Since Cloudron's docker images are based on ubuntu 20.04, we have to see if the library is available readily.

        RubenFixitR 1 Reply Last reply
        1
        • girishG Offline
          girishG Offline
          girish Staff
          replied to RubenFixit on last edited by
          #3

          @RubenFixit Got the time to look into this now. I can confirm guac is not able to connect with the latest SSH key format. You can identify the "latest" key format by looking into the private key file. The header will say -----BEGIN OPENSSH PRIVATE KEY----- . The old keys have the format -----BEGIN RSA PRIVATE KEY-----.

          To generate an old key use ssh-keygen -m PEM. With that, I can confirm it works:

          304e74c6-a628-44ee-9884-5f5b03fd5455-image.png

          It then connects:

          ec1f4dd4-83ad-4370-ac38-ff694108704b-image.png

          1 Reply Last reply
          0
          • girishG Offline
            girishG Offline
            girish Staff
            wrote on last edited by
            #4

            It seems support for the newer keys was just merged in Jan - https://github.com/apache/guacamole-server/commit/23612720ce3738e2fc579f57acd9d19eedf198fc . So, we have to wait for a new guacamole release. Until then, just use -m PEM to generate old style keys.

            1 Reply Last reply
            1
            • RubenFixitR Offline
              RubenFixitR Offline
              RubenFixit
              replied to girish on last edited by
              #5

              @girish Thanks for looking into this!

              In the mean time I've also been able to get the connection to work by using the "old key" method.

              1 Reply Last reply
              0
              • girishG girish marked this topic as a question on
              • girishG girish has marked this topic as solved on
              • girishG girish referenced this topic on

              • Login
              • Don't have an account? Register
              • Login or register to search.
              • First post
                Last post
              0
              • Categories
              • Recent
              • Tags
              • Popular
              • Bookmarks
              • Search