Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Proposed enhancements to the TurboVNC Session Manager #148

Open
dcommander opened this issue Nov 7, 2018 · 3 comments
Open

Proposed enhancements to the TurboVNC Session Manager #148

dcommander opened this issue Nov 7, 2018 · 3 comments
Labels
enhancement funding needed

Comments

@dcommander
Copy link
Member

dcommander commented Nov 7, 2018
edited
Loading

This is another one of those issues that I post in order to try to elicit ideas for funded development.

Proposals for enhancing the TurboVNC Session Manager

Handle separate gateway and VNC host

The TurboVNC Session Manager currently only supports simple deployment scenarios-- scenarios in which the TurboVNC host and SSH gateway are the same machine. It is conceivable that it could be extended to work like the -via option, whereby the viewer connects to the SSH gateway and then uses it to connect to the TurboVNC host. This would, however, require some effort (and funding), and it's the sort of project on which I would want to work closely with an organization that could actively test the feature.

Handle external SSH clients

It is also conceivable that the TurboVNC Session Manager could be extended to support external SSH clients, which might be beneficial for certain organizations (I'm thinking mainly of organizations that use Kerberos or another SSH authentication mechanism that our embedded SSH client doesn't support.)

Support sessions that are listening on Unix domain sockets

This is straightforward but would require extending the TurboVNC Session Manager protocol so that vncserver -sessionstart and vncserver -sessionlist report both the X display of the session as well as its Unix domain socket path. The TurboVNC Session Manager would need both pieces of information in order to successfully generate an OTP for and connect to a session that is listening on a UDS. Since UDS support requires an external SSH client, this item depends on the item above.

Provide additional session information

Referring to #211, it should be possible for the Session Manager to determine information about the TurboVNC sessions (such as uptime and number of viewers connected) that might help distinguish them. The uptime information could be determined by parsing /proc in the vncserver script. Connected session information could be stored by the RFB server using an X atom, which could be read by the vncserver script.

Better noVNC integration

This may not be very important, because if someone is using the TurboVNC Session Manager, they probably aren't using noVNC. However, it would be nice-- for collaboration purposes-- if the Session Manager could parse the output of the vncserver script to determine the noVNC URL, generate a new OTP for the session, append the OTP to the noVNC URL, and provide a dialog box with a hot link to launch the client-side browser and point it to that URL (or copy the URL to the clipboard.) That would allow a TurboVNC user to very easily share their session with a colleague who doesn't normally use TurboVNC.

Admin interface

Conceivably, a set of scripts could be developed that wrap sudo and vncserver in order to make it easy for a SysAdmin to manage all TurboVNC sessions running on the host. These scripts need not necessarily be part of the TurboVNC package itself.
@dcommander dcommander changed the title Extend TurboVNC Session Manager to handle separate gateway and VNC host, external SSH clients Proposed enhancements to the TurboVNC Session Manager Mar 5, 2020
@dcommander dcommander mentioned this issue Mar 5, 2020
Closed
dcommander added a commit that referenced this issue Mar 5, 2020
@dcommander
SessMgr: Make 'vncserver -sessionlist' extensible
86334c2 
This commit modifies the SessionList() function in vncserver so that it
prepends the session list with a session count and field size and
separates fields with tabs instead of spaces.  The field size is
currently 1 but can be increased later, if we decide to add more session
information to the -sessionlist output.  That session information can
now easily contain spaces as well, since we're using tabs as field
separators.  This commit also modifies the Session Manager parser so
that it reads and verifies the session count and field size, as well as
(for future-proofness) ignores any fields other than the ones it needs.

Refer to #148
@dcommander dcommander mentioned this issue Apr 5, 2022
Closed
dcommander added a commit that referenced this issue Apr 5, 2022
@dcommander
Viewer: Fix ExtSSH with TurboVNC Session Manager
becbd40 
Although this is not a supported or documented configuration yet (refer
to #148), there are some workflows for which it is useful.

Caveats:

When using an external SSH client with the TurboVNC Session Manager, the
built-in SSH client will still be used for the Session Manager itself.
The external SSH client will only be used when connecting to a session.
Thus, two separate SSH sessions will remain open (one from the built-in
SSH client and one from the external SSH client) as long as the
connection is active.  Also, if public key authentication is not used,
then it will be necessary to authenticate twice with the SSH server.

Fixes #321
@gdevenyi
Copy link

Following up on #393, a great enhancement to the Session Manager would be to fully support ProxyCommand/ProxyJump in the vncviewer configuration, that is, to ssh into a host behind another ssh host and launch vncserver. Currently I use x2go to do this which has a full proxy configuration:

image

@dcommander dcommander mentioned this issue Dec 20, 2023
Open
@dcommander
Copy link
Member Author

#393 (comment)

@dcommander dcommander mentioned this issue Feb 27, 2024
Closed
@dcommander dcommander mentioned this issue Mar 12, 2024
Closed
@dcommander
Copy link
Member Author

Two basic problems with implementing external SSH client support in the Session Manager:

  1. The need to create a unique control socket for each unique Session Manager connection. The tokens used in the control socket path would effectively only allow for one control socket per client/host pair, not one control socket per connection. It would probably be necessary to create a control socket path based on the TurboVNC Viewer process ID and some sort of connection instance hash (perhaps based on the instance of the CConn class.)
  2. The need to keep the control socket open indefinitely while the user selects a session in the Session Manager dialog. We would need to be careful about explicitly cleaning up the control socket (by issuing {ssh} -o ControlPath={control_socket_path} -O exit {host} if the user closes the dialog without connecting, when the user disconnects the session, or if the viewer aborts for any reason.

Frankly, that system seems more fragile than I would prefer.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement funding needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dcommander @gdevenyi