xpra icon
Bug tracker and wiki

Opened 5 months ago

Closed 4 months ago

Last modified 4 months ago

#1920 closed task (fixed)

SSH server support

Reported by: Antoine Martin Owned by: J. Max Mena
Priority: major Milestone: 2.4
Component: server Version: trunk
Keywords: Cc:

Description (last modified by Antoine Martin)

Using paramiko (#1646), add a bind-ssh option and automatic upgrades of TCP sockets to wiki/SSH.

Change History (5)

comment:1 Changed 5 months ago by Antoine Martin

Description: modified (diff)
Status: newassigned

comment:2 Changed 5 months ago by Antoine Martin

  • r19950: main code merged
  • r19951: basic support for password authentication (works with sys, reject, allow, sqlite, etc)
  • r19952 public key authentication
  • r19954 support older clients that try to execute a complicated shell command
  • r20014 + r20015 + r20017: win32 server support, load ssh host keys from platform specific locations (ie: support standard locations on win32: C:\ProgramData\ssh and C:\Windows\system32\OpenSSH)

Still TODO:

  • win32: generate host keys if we can't find any during installation?
  • try macos servers (add platform paths for keys?)
  • support more subcommands when ran from the proxy? "_proxy_start" etc?
  • update wiki
Last edited 4 months ago by Antoine Martin (previous) (diff)

comment:3 Changed 5 months ago by Antoine Martin

Description: modified (diff)

comment:4 Changed 4 months ago by Antoine Martin

Owner: changed from Antoine Martin to J. Max Mena
Status: assignednew

Updates:

  • wiki/SSH and wiki/Network have been updated
  • r20134 add system key locations for macos
  • r20049 + r20139: bundle openssh so we can generate a host key during install, not sure why we can't use puttygen to convert putty ppk to openssh format: this is meant to work but pops up the GUI every time I tried (and I've tried with puttygen from upstream and also the one from MSYS2):
    $ puttygen id_dsa.ppk -O private-openssh -o id_dsa
    $ puttygen id_dsa.ppk -O public-openssh -o id_dsa.pub
    

Anyway, with this in place the win32 server will support ssh connections out of the box.
We don't generate host keys for the macos server. (the system has ssh host keys installed in /private/etc, and we do support this path, but those keyfiles aren't readable by a non-root user..)

@maxmylyn: you can now connect to your xpra servers using the SSH transport, on the same port as TCP connections, or to other ports when using bind-ssh=.

Last edited 4 months ago by Antoine Martin (previous) (diff)

comment:5 Changed 4 months ago by J. Max Mena

Resolution: fixed
Status: newclosed

Played around with this for a while today - everything seems to behave nicely.

Noted and closing.

Note: See TracTickets for help on using tickets.