xpra icon
Bug tracker and wiki

Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#747 closed defect (fixed)

move ssh command and arguments to config file (especially "-agent" for putty)

Reported by: Antoine Martin Owned by: Lukas Haase
Priority: critical Milestone: 0.15
Component: client Version: trunk
Keywords: Cc: lukashaase@…

Description

See http://lists.devloop.org.uk/pipermail/shifter-users/2014-November/001074.html.

We should generate the ssh line for the config file in the same way that we generate the xvfb line.
Then we can have:

  • on win32:
    ssh=plink -ssh -agent
    
  • on Linux:
    ssh=ssh -x
    

(and those options can then go in .xpra sessions files too)

Change History (11)

comment:1 Changed 5 years ago by Antoine Martin

Owner: changed from Antoine Martin to Antoine Martin
Status: newassigned

Thinking about it some more, to be more flexible, I think we may even want to remove most of the logic that creates the ssh command line at runtime and replace it with something like this in the config file:

  • win32:
    ssh=plink -ssh -agent -pw %{PASSWORD} -l %{USERNAME} -p %{SSH_PORT} -T %{HOST}
    
  • posix:
    ssh=ssh -x -p %{SSH_PORT} %{USERNAME}@%{HOST}
    

And if putty doesn't like empty passwords (and even placeholder ones) then we can add a slightly uglier syntax: [-pw %{PASSWORD}] and only include that part of the command if the substitution within has a value.

comment:2 Changed 5 years ago by Lukas Haase

Cc: lukashaase@… added

comment:3 Changed 5 years ago by Antoine Martin

Owner: changed from Antoine Martin to Lukas Haase
Status: assignednew

r8196 does this, but only for -agent for now. I've made a beta win32 build with it. Note: you can create your own xpra.conf file in %APPDATA%\Xpra.

If that works for you, I'll try to get around to doing the rest.

comment:4 Changed 5 years ago by Lukas Haase

Hmm, strange. It still queries the agent ...

If I parse the diff correctly (I don't speak python well), it does only modify the global xpra.conf which says now:

# Client ssh command:
#ssh = /usr/bin/ssh
#ssh = ssh -o ControlMaster=no -o ConnectTimeout=20
#ssh = ssh -x
ssh = plink -ssh -agent

True. However, it seems that this config is not overridden with the value from my application.xpra conf in which says:

username=lukas
encoding=rgb
ssh_port=22
speed=0
min-speed=0
host=192.168.0.3
min-quality=30
mode=ssh
ssh=plink -noagent -i O:\xpra.ppk
opengl=no
password=
quality=0
port=1111
autoconnect=True

Is this supposed to work?

comment:5 Changed 5 years ago by Lukas Haase

Let me quickly add some more observations:

I tried using my own copy of plink, so I have now:

ssh=c:\usr\bin\plink.exe -noagent -i O:\xpra.ppk

Now I get the error Error running ssh program c:usrbinplink.exe.
Now all backslashes need to be escaped (i.e.
should be used).
I am not sure if this is wanted or not. In any case it would be good to emphasize it in the comments for the config/man page etc.

But then, if I change it to

ssh=c:\\usr\\bin\\plink.exe -noagent -i O:\\xpra.ppk

First, the agent is still queried.
Second, a blank DOS box window appears with title "c:\usr\bin\plink.exe".

Is the plink.exe from xpra a different one that does not use a console or is it related to a certain way of calling it?

comment:6 Changed 5 years ago by Antoine Martin

.. all backslashes need to be escaped ..


I didn't think of checking for that. I am really not sure why that is, but it should not be needed. Will fix as soon as I figure out what is happening.


First, the agent is still queried.


Heh!? I've made it print the command line and I was getting the command line that was used, and -noagent was there.


Second, a blank DOS box window appears with title "c:\usr\bin\plink.exe".
Is the plink.exe from xpra a different one that does not use a console or is it related to a certain way of calling it?


Yes, we have to use TortoisePlink to avoid the DOS box. That's the only difference between the two. The former is built as a GUI application, with support for dialogs for confirming keys etc.., whereas the regular plink is just a normal "dos" application which will make MS Windows popup a new shell window for it.

comment:7 Changed 5 years ago by Antoine Martin

Owner: changed from Lukas Haase to Antoine Martin
Status: newassigned

Just realized that you're using a launcher file and not an xpra.conf defaults file, so I need to look into that code.

comment:8 Changed 5 years ago by Antoine Martin

Owner: changed from Antoine Martin to Lukas Haase
Status: assignednew

With regards to backslashes, I've added an explanation to the man page and an example in the config file in r8214 + r8215. The summary is to use this form with quotes around the command pathname:

ssh="C:\Program Files\Xpra\Plink.exe" -ssh -agent

For details of the parsing function, see python shlex.

I have tested it: works fine both in the config files (xpra.conf) and in launch files (*.xpra).

The -agent was inadvertently re-added to the command line because the launcher duplicates a lot of the code from the command line client (which is unfortunate - but I just don't have time to refactor that), r8216 fixes that.

A new beta build is available with those changes.
If that works for you, I may split the rest of this ticket into a new one and schedule this for a later release.

comment:9 Changed 5 years ago by Lukas Haase

Resolution: fixed
Status: newclosed

Thanks so much for implementing it. It works great for me now (it seems it has been deployed to the current 0.14 already anyway ;-) ).
I close the ticket.

comment:10 Changed 5 years ago by Lukas Haase

It seems that this works in 0.15 but has not (completely) been deployed to 0.14

What I mean: Generally supplying the key works in both versions but 0.14 still appends "-agent" so that the agent is queried although a key has been supplied. This does not happen in 0.15.

Is there the chance that this will be backported to 0.14?

comment:11 Changed 5 years ago by Antoine Martin

I'm afraid this feature isn't scheduled to be backported (though this could change), it is just too intrusive and risky for the stable branch.

Note: See TracTickets for help on using tickets.