You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@guacamole.apache.org by Aaron Newsome <aa...@gmail.com> on 2017/11/15 20:32:58 UTC

Create SSH tunnel for RDP or VNC connection

Hello all.

I'd like to create an RDP connection for a remote network but I first need
to create an ssh tunnel to the remote network. I'm able to create the ssh
tunnel manually from the Guacamole server but I'm looking for a way to
automate this. Otherwise I need to ssh to the Guacamole server first,
create the tunnel and then connect via RDP.

Has anyone been able to automate this? Any advice on how to do this?

Thanks, Aaron

Re: Create SSH tunnel for RDP or VNC connection

Posted by Nick Couchman <vn...@apache.org>.

On Wed, Nov 15, 2017 at 3:32 PM, Aaron Newsome <aa...@gmail.com>
wrote:

> Hello all.
>
> I'd like to create an RDP connection for a remote network but I first need
> to create an ssh tunnel to the remote network. I'm able to create the ssh
> tunnel manually from the Guacamole server but I'm looking for a way to
> automate this. Otherwise I need to ssh to the Guacamole server first,
> create the tunnel and then connect via RDP.
>
> Has anyone been able to automate this? Any advice on how to do this?
>
>
As Paulo mentioned, there are probably some ways to accomplish this on the
Guacamole server at a network level, outside of the Guacamole application.

There's also a JIRA issue that deals with this:

https://issues.apache.org/jira/browse/GUACAMOLE-312

So, nothing within Guacamole, today, that would automate this, but perhaps
in the future.

-Nick

Re: Create SSH tunnel for RDP or VNC connection

Posted by Paulo Gonçalves <pa...@ipc.pt>.

 

Yes, it's internal development, but i think i can explain all the
details in terms of communication flow of the implementation (as i
already did in the previous email). 

The system is really simple, just don't know if it is what you need.
In our implementation is the client (where the VNC/RDP server runs) that
makes the connection to the guacamole server, so you must have some
software running there. From your first email seems that you want the
other way around (SSH from the guacamole server to the RDP machine). If
it's like that you need a SSH server running on the RDP machine. Do you
have that? 
---

 		Paulo Alexandre Figueiredo Gonçalves

 		Departamento de Tecnologias de Informação e Comunicação (DTIC)

 		Email: pafgoncalves@ipc.pt / Voip: 301103

 		 Serviços da Presidência

 		Av. Dr. Marnoco e Sousa, nº 30, 3000-271 Coimbra

 		Tel.: +351 239 791 250

 		Site:www.ipc.pt [2] | E-mail:ipc@ipc.pt

Em 2017-11-16 17:49, Aaron Newsome escreveu: 

> This sounds interesting Paulo. Is this extension something that you developed internally or is this an extension that is publicly available? 
> 
> Thanks, Aaron 
> 
> On Thu, Nov 16, 2017 at 6:30 AM, Paulo Gonçalves <pa...@ipc.pt> wrote:
> 
> We have created a helpdesk application that works like this: 
> 
> The client has a Java application that unpacks a VNC server and runs it on the localhost.
> Then connects via SSH to the guacamole server and creates 2 tunnels, one server to client for the VNC connection, and another one from client to server for configuration.
> The server has a guacamole extension that creates connections at runtime. For that it listens on a fixed local port and the client connects through the client->server SSH tunnel. The client then sends the listening port of the server->client SSH tunnel and the VNC password (randomly generated) to the extension, and the extension creates the connection.
> On the guacamole web application you just need to refresh the page and the connection appears.
> If the client closes the application, the guacamole extension detects that the socket is closed and removes the connection. 
> 
> It works very well and the only port publicly exposed by the guacamole server is the SSH port. 
> ---
> 
> Paulo Alexandre Figueiredo Gonçalves
> 
> Departamento de Tecnologias de Informação e Comunicação (DTIC)
> 
> Email: pafgoncalves@ipc.pt / Voip: 301103
> 
> Serviços da Presidência
> 
> Av. Dr. Marnoco e Sousa, nº 30, 3000-271 Coimbra
> 
> Tel.: +351 239 791 250 [1]
> 
> Site:www.ipc.pt [2] | E-mail:ipc@ipc.pt
> 
> Em 2017-11-15 20:32, Aaron Newsome escreveu: 
> Hello all. 
> 
> I'd like to create an RDP connection for a remote network but I first need to create an ssh tunnel to the remote network. I'm able to create the ssh tunnel manually from the Guacamole server but I'm looking for a way to automate this. Otherwise I need to ssh to the Guacamole server first, create the tunnel and then connect via RDP. 
> 
> Has anyone been able to automate this? Any advice on how to do this? 
> 
> Thanks, Aaron
 

Links:
------
[1] tel:+351%20239%20791%20250
[2] http://www.ipc.pt

Re: Create SSH tunnel for RDP or VNC connection

Posted by Aaron Newsome <aa...@gmail.com>.

This sounds interesting Paulo. Is this extension something that you
developed internally or is this an extension that is publicly available?

Thanks, Aaron

On Thu, Nov 16, 2017 at 6:30 AM, Paulo Gonçalves <pa...@ipc.pt>
wrote:

> We have created a helpdesk application that works like this:
>
> The client has a Java application that unpacks a VNC server and runs it on
> the localhost.
> Then connects via SSH to the guacamole server and creates 2 tunnels, one
> server to client for the VNC connection, and another one from client to
> server for configuration.
> The server has a guacamole extension that creates connections at runtime.
> For that it listens on a fixed local port and the client connects through
> the client->server SSH tunnel. The client then sends the listening port of
> the server->client SSH tunnel and the VNC password (randomly generated) to
> the extension, and the extension creates the connection.
> On the guacamole web application you just need to refresh the page and the
> connection appears.
> If the client closes the application, the guacamole extension detects that
> the socket is closed and removes the connection.
>
> It works very well and the only port publicly exposed by the guacamole
> server is the SSH port.
> ---
> Paulo Alexandre Figueiredo Gonçalves
> Departamento de Tecnologias de Informação e Comunicação (DTIC)
>
> Email: pafgoncalves@ipc.pt / Voip: 301103
>
> [image: Logo_IPC]  Serviços da Presidência
> Av. Dr. Marnoco e Sousa, nº 30, 3000-271 Coimbra
> Tel.: +351 239 791 250 <+351%20239%20791%20250>
> Site:www.ipc.pt | E-mail:ipc@ipc.pt
>
> Em 2017-11-15 20:32, Aaron Newsome escreveu:
>
> Hello all.
>
> I'd like to create an RDP connection for a remote network but I first need
> to create an ssh tunnel to the remote network. I'm able to create the ssh
> tunnel manually from the Guacamole server but I'm looking for a way to
> automate this. Otherwise I need to ssh to the Guacamole server first,
> create the tunnel and then connect via RDP.
>
> Has anyone been able to automate this? Any advice on how to do this?
>
> Thanks, Aaron
>
>

Re: Create SSH tunnel for RDP or VNC connection

Posted by Paulo Gonçalves <pa...@ipc.pt>.

 

We have created a helpdesk application that works like this: 

The client has a Java application that unpacks a VNC server and runs it
on the localhost.
Then connects via SSH to the guacamole server and creates 2 tunnels, one
server to client for the VNC connection, and another one from client to
server for configuration.
The server has a guacamole extension that creates connections at
runtime. For that it listens on a fixed local port and the client
connects through the client->server SSH tunnel. The client then sends
the listening port of the server->client SSH tunnel and the VNC password
(randomly generated) to the extension, and the extension creates the
connection.
On the guacamole web application you just need to refresh the page and
the connection appears.
If the client closes the application, the guacamole extension detects
that the socket is closed and removes the connection. 

It works very well and the only port publicly exposed by the guacamole
server is the SSH port. 
---

 		Paulo Alexandre Figueiredo Gonçalves

 		Departamento de Tecnologias de Informação e Comunicação (DTIC)

 		Email: pafgoncalves@ipc.pt / Voip: 301103

 		 Serviços da Presidência

 		Av. Dr. Marnoco e Sousa, nº 30, 3000-271 Coimbra

 		Tel.: +351 239 791 250

 		Site:www.ipc.pt [1] | E-mail:ipc@ipc.pt

Em 2017-11-15 20:32, Aaron Newsome escreveu: 

> Hello all. 
> 
> I'd like to create an RDP connection for a remote network but I first need to create an ssh tunnel to the remote network. I'm able to create the ssh tunnel manually from the Guacamole server but I'm looking for a way to automate this. Otherwise I need to ssh to the Guacamole server first, create the tunnel and then connect via RDP. 
> 
> Has anyone been able to automate this? Any advice on how to do this? 
> 
> Thanks, Aaron
 

Links:
------
[1] http://www.ipc.pt