[
https://issues.apache.org/jira/browse/GUACAMOLE-312?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16753240#comment-16753240
]
Michael Jumper commented on GUACAMOLE-312:
------------------------------------------
No, it needs to be doable without having to have something actually listen on a
new TCP socket on the Guacamole server. Having new ports open would be
potentially dangerous (the VNC server that is intended to be protected behind
SSH would be temporarily exposed each time a connection is established), and
dynamically allocating available ports would probably prove to be brittle.
Dynamically creating a UNIX domain socket in some configurable directory in the
filesystem would be OK, as access to that socket would be restricted by
filesystem permissions and we can lock those down, but taking full control over
the transport within the VNC support and keeping it absolutely 100% internal
would be best.
If someone were to throw this together quickly for their own purposes in an
extension (like discussed recently on the mailing list), dynamically allocating
temporary SSH port forwards could be reasonable, but I don't think it should be
our approach in Guacamole itself.
> VNC over SSH
> ------------
>
> Key: GUACAMOLE-312
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-312
> Project: Guacamole
> Issue Type: New Feature
> Components: VNC
> Reporter: Michael Jumper
> Priority: Minor
>
> {panel:bgColor=#FFFFEE}
> *The description of this issue was copied from
> [GUAC-223|https://glyptodon.org/jira/browse/GUAC-223], an issue in the JIRA
> instance used by the Guacamole project prior to its acceptance into the
> Apache Incubator.*
> Comments, attachments, related issues, and history from prior to acceptance
> *have not been copied* and can be found instead at the original issue.
> {panel}
> It would be useful to provide access to VNC over SSH as an option.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
