[jira] [Commented] (GUACAMOLE-1930) ssh host verification not working | docker

Thu, 14 Mar 2024 11:58:51 -0700 


    [ 
https://issues.apache.org/jira/browse/GUACAMOLE-1930?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17827211#comment-17827211
 ] 

Tomas commented on GUACAMOLE-1930:
----------------------------------

{quote}To clarify, you tried each of the above lines individually (ie: two 
different test attempts)?
{quote}
Yes, I did. I did even more attempts with more examples, some of them being 
really hopeless :) Then I found in the docs, that known_hosts format should be 
right enough....
{quote}That leading "XXXABCDEFGH" looks off. Are the public key values shown 
above placeholders and not the true values that you used?
{quote}
Yes, I replaced a few chars, sorry for the confusion.
{quote}The relevant container for the issue at hand would be the guacd 
container...
{quote}
Yes, this log variable truly works. Unfortunately, it does not show much useful 
stuff.... /etc/guacamole does not even exist in the guacd container, will it 
work? Anyway, this was just to test, if any kind of the verification works. I 
would rather appreciate working function via the app profile settings.
{code:java}
guacd[8]: DEBUG:    Processing instruction: size
guacd[8]: DEBUG:    Processing instruction: audio
guacd[8]: DEBUG:    Processing instruction: video
guacd[8]: DEBUG:    Processing instruction: image
guacd[8]: DEBUG:    Processing instruction: timezone
guacd[8]: DEBUG:    Processing instruction: name
guacd[8]: DEBUG:    Parameter "scrollback" omitted. Using default value of 1000.
guacd[8]: DEBUG:    Parameter "font-name" omitted. Using default value of 
"monospace".
guacd[8]: DEBUG:    Parameter "font-size" omitted. Using default value of 12.
guacd[8]: DEBUG:    Parameter "color-scheme" omitted. Using default value of "".
guacd[8]: DEBUG:    Parameter "sftp-disable-download" omitted. Using default 
value of 0.
guacd[8]: DEBUG:    Parameter "sftp-disable-upload" omitted. Using default 
value of 0.
guacd[8]: DEBUG:    Parameter "read-only" omitted. Using default value of 0.
guacd[8]: DEBUG:    Parameter "typescript-name" omitted. Using default value of 
"typescript".
guacd[8]: DEBUG:    Parameter "create-typescript-path" omitted. Using default 
value of 0.
guacd[8]: DEBUG:    Parameter "recording-name" omitted. Using default value of 
"recording".
guacd[8]: DEBUG:    Parameter "recording-exclude-output" omitted. Using default 
value of 0.
guacd[8]: DEBUG:    Parameter "recording-exclude-mouse" omitted. Using default 
value of 0.
guacd[8]: DEBUG:    Parameter "recording-include-keys" omitted. Using default 
value of 0.
guacd[8]: DEBUG:    Parameter "create-recording-path" omitted. Using default 
value of 0.
guacd[8]: DEBUG:    Parameter "server-alive-interval" omitted. Using default 
value of 0.
guacd[8]: DEBUG:    Parameter "backspace" omitted. Using default value of 127.
guacd[8]: DEBUG:    Parameter "terminal-type" omitted. Using default value of 
"linux".
guacd[8]: DEBUG:    Parameter "timezone" omitted. Using default value of 
"Europe/Prague".
guacd[8]: DEBUG:    Parameter "disable-copy" omitted. Using default value of 0.
guacd[8]: DEBUG:    Parameter "disable-paste" omitted. Using default value of 0.
guacd[8]: DEBUG:    Parameter "wol-send-packet" omitted. Using default value of 
0.
guacd[8]: INFO:    User "@a5f42d8e-53e5-4d5a-96a8-0e4d1a2cf7a0" joined 
connection "$1a9d84a3-8574-4ce3-b613-99e61a2c91ba" (1 users now present)
guacd[8]: DEBUG:    Client is using protocol version "VERSION_1_5_0"
guacd[8]: DEBUG:    Successfully connected to host 192.168.30.10, port 22
guacd[8]: ERROR:    Host key does not match known hosts entry for 
testpc.test.com
guacd[8]: ERROR:    Host key did not match any provided known host keys. 
guacd[8]: INFO:    User "@a5f42d8e-53e5-4d5a-96a8-0e4d1a2cf7a0" disconnected (0 
users remain)
guacd[8]: INFO:    Last user of connection 
"$1a9d84a3-8574-4ce3-b613-99e61a2c91ba" disconnected
guacd[8]: DEBUG:    Requesting termination of client...
guacd[8]: DEBUG:    Client terminated successfully.
guacd[1]: INFO:    Connection "$1a9d84a3-8574-4ce3-b613-99e61a2c91ba" removed.
guacd[1]: DEBUG:    Unable to request termination of client process: No such 
process 
guacd[1]: DEBUG:    All child processes for connection 
"$1a9d84a3-8574-4ce3-b613-99e61a2c91ba" have been terminated. {code}

> ssh host verification not working | docker
> ------------------------------------------
>
>                 Key: GUACAMOLE-1930
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-1930
>             Project: Guacamole
>          Issue Type: Bug
>          Components: guacamole
>    Affects Versions: 1.5.4
>         Environment: host os: Debian GNU/Linux 12 (bookworm)
> Docker version 25.0.3, build 4debf41
> Containers:
> guacamole/guacd
> guacamole/guacamole
>            Reporter: Tomas
>            Priority: Minor
>
> I've installed guacamole - your docker version, but I've got problems logging 
> into ssh sessions with any kind of host verification.
> docker config:
> {code:java}
> docker run \
>   -d \
>   --net brig \
>   --ip 10.0.0.6 \
>   -p 4822:4822 \
>   --name guacamole-guacd \
>   --restart always \
> guacamole/guacd
> docker run \
>   -d \
>   --net brig \
>   --ip 10.0.0.7 \
>   -p 8001:8080 \
>   --name apache-guacamole \
>   --restart always \
>   -e TZ=Europe/Prague \
>   -e GUACD_HOSTNAME=10.0.0.6 \
>   -e GUACD_PORT=4822 \
>   -e MYSQL_HOSTNAME=10.0.0.5 \
>   -e MYSQL_PORT=3306 \
>   -e MYSQL_DATABASE=aguacamole \
>   -e MYSQL_USER=aguacamole \
>   -e MYSQL_PASSWORD=mypw \
>   -v 
> /media/AppData/volumes/aguacamole_volume/_data/home-guacamole:/home/guacamole 
> \
> guacamole/guacamole
> {code}
> I followed your documentation, how to put a known_hosts record into the 
> connection profile (Public host key (Base64)), tried following:
> {code:java}
> testpc.test.com ssh-ed25519 XXXABCDEFGHNVjaOK+MgqlZSHPoNHHpuptJAOxYW6o
> ssh-ed25519 XXXABCDEFGHNVjaOK+MgqlZSHPoNHHpuptJAOxYW6o{code}
> however the result has been always:
> {code:java}
> guacd[1531]: INFO: User "@03827a1f-b013-4d5c-afdb-6cb08f19e56b" joined 
> connection "$2df823fa-d766-40e8-8f1f-f7dae923dc2d" (1 users now present)
> guacd[1531]: ERROR: Host key not found for testpc.test.com.
> guacd[1531]: ERROR: Host key did not match any provided known host keys. 
> guacd[1531]: INFO: User "@03827a1f-b013-4d5c-afdb-6cb08f19e56b" disconnected 
> (0 users remain)
> guacd[1531]: INFO: Last user of connection 
> "$2df823fa-d766-40e8-8f1f-f7dae923dc2d" disconnected{code}
> I tried to put also "ssh_known_hosts" file into GUACAMOLE_HOME with the same 
> records, however, the file gets ignored... and it's same as if I don't setup 
> any key. They connection establishes, but without any verification.
> {code:java}
> guacd[72]: INFO: User "@ba02fef7-0ba5-4871-a7a9-2cd1964b580d" joined 
> connection "$addd82d3-df83-4485-9baa-8af059817a4d" (1 users now present)
> guacd[72]: WARNING: No known host keys provided, host identity will not be 
> verified.
> guacd[72]: WARNING: Unable to set the timezone: SSH server refused to set 
> "TZ" variable.
> guacd[72]: WARNING: No known host keys provided, host identity will not be 
> verified.
> guacd[72]: INFO: SSH connection successful.{code}
> Is there a way to fix this please? I also tried increasing log verbosity with
> {code:java}
> -e LOGBACK_LEVEL=DEBUG
> {code}
> on guacd container, but it did not make what it was supposed to do. Thank 
> you, any advice apreciated.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to