xpra icon
Bug tracker and wiki

https://xpra.org/icons/connect.png

SSH Connections


This transport is supported by all python clients and Posix servers. (see #1920 for generic SSH server support feature)

See also wiki/Network.


Server Setup

This type of transport does not normally require any specific bind command line option, at least on Posix platforms.

With a default configuration, starting a server will create unix domain sockets. Those sockets can be seen with xpra list.

When connecting over SSH, the client will execute a proxy command to relay to one of these sockets, forwarding it as a pipe over the network back to the client.

Starting with version 2.4, there is now also a bind-ssh option which can be used to make xpra accept SSH connections on the specified address. This allows MS Windows servers to provide access via an SSH transport. Regular TCP sockets can also be upgraded to SSH. For details, see #1920.

Client

Starting with version 2.4, there are now 2 backends which can be used for SSH transport. Older versions only support the openssh mode. In auto mode, paramiko will be used if installed.

The backend can be selected using the --ssh= switch. (ie: --ssh=paramiko)


OpenSSH

This mechanism relies on openssh on Posix systems, optionally using sshpass to supply passwords via the command line or connection files.

On MS Windows, the installer will bundle the tortoisesvn version of putty plink which includes a GUI for host key confirmation and password input.

Since this mechanism relies on executing the ssh client program, you can use the same command line options as you normally would and / or use the openssh configuration files for using tunnels, restricting ciphers, etc. ie: --ssh="ssh -x -c blowfish-cbc"

The --exit-ssh switch controls whether the SSH transport is killed when the client terminates, this can be useful if openssh is setup to use connection sharing. (see #203 or details)



Paramiko

This backend is built into the client connection code and provides better diagnostics (using the --debug=ssh switch), and it provides a GUI for confirming host keys, entering key passphrases or passwords. The downside is that since it does not use openssh at all, it does not have the same flexibility and may require re-confirmation of known hosts.

Last modified 11 months ago Last modified on 08/20/18 11:11:41