SUMMARY When connecting to a VNC server via SSH tunnel, KRDC always asks for password authentication (PW auth is already discouraged and disabled by default in most distros) even though I'm using public key authentication. STEPS TO REPRODUCE 1. Create connection to an SSH server that has a running VNC server by enabling SSH tunneling 2. Connect OBSERVED RESULT * A password popup appears * Pressing okay with any password throws: "Error authenticating with password: Access denied for 'password'. Authentication that can continue: publickey" * Pressing cancel cancels the connection EXPECTED RESULT It should not ask for a password and continue if my publickey is authorized to connect. SOFTWARE/OS VERSIONS Operating System: Arch Linux KDE Plasma Version: 5.21.4 KDE Frameworks Version: 5.81.0 Qt Version: 5.15.2 Kernel Version: 5.11.15-zen1-2-zen OS Type: 64-bit Graphics Platform: X11 Processors: 8 × Intel® Core™ i7-8565U CPU @ 1.80GHz Memory: 15.4 GiB of RAM Graphics Processor: Mesa Intel® UHD Graphics 620 ADDITIONAL INFORMATION Same result even if I check/uncheck options like "Don't copy passwords from supported password managers" and "Remember password (KWallet)"
Could you describe your setup a bit better? I just tried this and it works just fine. My setup: * rdc host has .ssh/authorized_keys with my public key on it * krdc from guest connects, no password asked
Created attachment 137801 [details] Video showing that I can SSH using public key but krdc won't Hi, I have the same setup. My local ~/.ssh/id_rsa.pub is in the authorized_keys of the remote server so I'm currently able to do passwordless SSH. I've attached a video showing that I can do passwordless SSH using the SSH command while KRDC still asks for a password when connecting to the same server. Note that I added vpnserver.test.com in my /etc/hosts so that I don't have to disclose the server IP but connecting via IP and the correct hostname shows the same error. I'm also able to do local tunneling via ssh -R 5901:127.0.0.1:5901 and successfully connect to localhost:5901 using KRDC so I can confirm that there isn't an issue with the tunneling.
Can verify that this issue also occurs on the latest Manjaro package with version 22.04.0.
I can also confirm this bug. Is there maybe something we miss that makes KRDC not use the user's ssh key (located in .ssh/id_rsa.pub)?
This still seems to be an issue on Arch with version 24.12.2, I am unable to connect to VNC via a public key alone.
This seems to affect Arch And Manjaro users. Do you have ssh-agent running and configured?
(In reply to Fabio from comment #6) > This seems to affect Arch And Manjaro users. > Do you have ssh-agent running and configured? I did not have ssh-agent running. I ran it and added my key to the cache with ssh-add (as described https://wiki.archlinux.org/title/SSH_keys#SSH_agents). Now it's asking for the ssh password (where there isn't one for that key) with the following error: ''' Error authenticating with password: Access denied for 'password'. Authentication that can continue: publickey '''
If I run krdc from the terminal I see this error: KRDC: "Error authenticating with password: Access denied for 'password'. Authentication that can continue: publickey"
If you see the "Error authenticating with password: Access denied for 'password'." error it means that pubkey authentication failed or was not attempted at all. ssh-agent should run from xprofile, profile.d or similar to set the necessary env variables. You can check if they are set correctly, eg. like this: --- # env | grep SSH SSH_AGENT_PID=3125 SSH_AUTH_SOCK=/tmp/ssh-XXXXXXhHgNxc/agent.3124 --- If they are missing, it won't work unless you run krdc "inside" ssh-agent: "ssh-agent krdc"
(In reply to Fabio from comment #9) > If you see the "Error authenticating with password: Access denied for > 'password'." error it means that pubkey authentication failed or was not > attempted at all. > ssh-agent should run from xprofile, profile.d or similar to set the > necessary env variables. You can check if they are set correctly, eg. like > this: > --- > # env | grep SSH > SSH_AGENT_PID=3125 > SSH_AUTH_SOCK=/tmp/ssh-XXXXXXhHgNxc/agent.3124 > --- > If they are missing, it won't work unless you run krdc "inside" ssh-agent: > "ssh-agent krdc" checking the env the variables are not set, as expected since I need to set it up properly, which will try next. However when I try ssh-agent krdc I still get the same error. At this point I will assume I still dont have it set up correct and will try that route first.
ok so the issue is that I was not running ssh-agent correctly, once I set it up correctly krdc works as expected! Thank you
Thanks for letting us know it's working now.