>From my point of view (which is relevant because the new TurboVNC Java Viewer and the TigerVNC 1.2 Java Viewer are about to share a very similar code base), the ability to do -via and basic SSH tunneling within the Java viewer will be very useful, but the ability to forward arbitrary ports probably won't be for us.
We've discussed this in the context of the TigerVNC C client in the past, and while it is certainly possible, it would introduce some additional complexity, since the viewer would need to depend on libssh. In order to achieve the same performance that can already be achieved with an external SSH binary (through the -via feature), libssh would need to be built against OpenSSH rather than GnuTLS. It's not impossible, but it just creates yet another security layer, which makes an already difficult-to-build project even moreso. Mainly, the difficulty would be encountered on platforms like Windows, where there is no built-in OpenSSH library. The assumption is that, with most *nix systems, it would be the job of the distro maintainer to stay abreast of security fixes in their distribution-supplied versions of OpenSSH and GnuTLS. As far as one-time password support, that is a server-side feature. The client treats OTPs just like any other VNC password. On 4/2/12 12:28 PM, Robert Goley wrote: > I support the SSH feature. It is a functionality that we have used for a > long time to add printer sharing between the client and server. It makes > the client function more like how RDP works in that regard. The > combination of CUPS on the server and the fact that windows, linux and > mac clients all support LPD makes this feature easy to use with one > simple ssh remote port forward to the client's local LPD server port > (515/tcp). We use a range of ports on the server that correspond > directly to the VNC port number. An example would be VNC port 5922 with > a forwarding port of 7022. It was worked great for us and I would like > to see it as an integrated feature. > > On Apr 2, 2012 1:18 PM, "Brian Hinz" <bph...@users.sourceforge.net > <mailto:bph...@users.sourceforge.net>> wrote: > > I've been working on adding support for the '-via' SSH tunneling > feature that existed in the 1.1 client to the Java client (via > JSch). I have a working version but before I commit anything I > wanted to discuss the possibility of extending the functionality > even further. What I'd like to propose is adding an "SSH" tab pane > to the options dialog that would allow the user to setup forwarding > of arbitrary ports. This could have a number of uses, such as > making local LPD queues available, network audio, etc. My initial > thought is that this tab pane would only be enabled prior to making > the initial RFB connection, and I would try to keep it reasonably > simple, having option fields for basic items such as private keys, > known_hosts files, etc. in addition to the port forwarding fields. > I realize that this is much more difficult to accomplish in the C > client because of the external dependencies, so this would be a > rather large disconnect between the two clients in terms of features... > > The second feature that I'd like to add is the "one time password" > support that has been requested several times. I think that in > general this is a feature that is more applicable to the Java client > (particularly when deployed as an applet), so the discrepancy > doesn't really bother me. I have not done any work to implement > this yet, but seeing as Darrell mentioned that the TurboVNC viewer > already supports it, I would probably pilfer the implementation from > there. > > Comments, thoughts, objections to any of this? > > Thanks, > -brian > > > ------------------------------------------------------------------------------ > This SF email is sponsosred by: > Try Windows Azure free for 90 days Click Here > http://p.sf.net/sfu/sfd2d-msazure > _______________________________________________ > Tigervnc-devel mailing list > Tigervnc-devel@lists.sourceforge.net > <mailto:Tigervnc-devel@lists.sourceforge.net> > https://lists.sourceforge.net/lists/listinfo/tigervnc-devel > > > > ------------------------------------------------------------------------------ > This SF email is sponsosred by: > Try Windows Azure free for 90 days Click Here > http://p.sf.net/sfu/sfd2d-msazure > > > > _______________________________________________ > Tigervnc-devel mailing list > Tigervnc-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/tigervnc-devel ------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure _______________________________________________ Tigervnc-devel mailing list Tigervnc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tigervnc-devel
