[
https://issues.apache.org/jira/browse/GUACAMOLE-312?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16753601#comment-16753601
]
Nick Couchman commented on GUACAMOLE-312:
-----------------------------------------
{quote}
Having new ports open would be potentially dangerous (the VNC server that is
intended to be protected behind SSH would be temporarily exposed each time a
connection is established), and dynamically allocating available ports would
probably prove to be brittle.
{quote}
Yeah, good points, there. I didn't even think about having the port
unprotected on the guacd server.
{quote}
Dynamically creating a UNIX domain socket in some configurable directory in the
filesystem would be OK, as access to that socket would be restricted by
filesystem permissions and we can lock those down, but taking full control over
the transport within the VNC support and keeping it absolutely 100% internal
would be best.
{quote}
UNIX sockets would interesting, but, yes, being able to control it from within
the VNC connection using a socket is probably best.
{quote}
If someone were to throw this together quickly for their own purposes in an
extension (like discussed recently on the mailing list), dynamically allocating
temporary SSH port forwards could be reasonable, but I don't think it should be
our approach in Guacamole itself.
{quote}
An extension would be interesting - might have to see if I can do something
like that, if for no other reason than to just try it out, but, I agree, if we
add something core to the code to do the forwarding it should be based off of
an integration of libssh to libvnc. Any idea if the other libraries for other
protocols would support something similar (FreeRDP, libtelnet, even libssh2 for
ssh-in-ssh)?
> VNC over SSH
> ------------
>
> Key: GUACAMOLE-312
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-312
> Project: Guacamole
> Issue Type: New Feature
> Components: VNC
> Reporter: Michael Jumper
> Priority: Minor
>
> {panel:bgColor=#FFFFEE}
> *The description of this issue was copied from
> [GUAC-223|https://glyptodon.org/jira/browse/GUAC-223], an issue in the JIRA
> instance used by the Guacamole project prior to its acceptance into the
> Apache Incubator.*
> Comments, attachments, related issues, and history from prior to acceptance
> *have not been copied* and can be found instead at the original issue.
> {panel}
> It would be useful to provide access to VNC over SSH as an option.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
