SSH ProxyCommand Functionality

[DBakes <ra...@gmail.com>]

Hello,

Is it possible to specify SSH jump servers in Guacamole? e.g, I'd like to
connect to host X via host Y. I currently have various configurations such
as this by using a ssh .config file to specify the bastions\jump boxes to
traverse by using the ProxyCommand functionality.

I'm using LDAP & Database authentication if that helps.

Thanks

Geraint



--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org

Re: SSH ProxyCommand Functionality

[Sebastian Männling <se...@qubestack.org>]

Regarding the documentation you can configure a custom command... 
so it’s maybe possible to specify another ssh command to your target server...

But you will then not have the file transfer feature available at the target, only on the jump host.

(Never tried this..., but I would expect this to work. ;))



> On 1. Mar 2020, at 22:03, DBakes <ra...@gmail.com> wrote:
> 
> Hello,
> 
> Is it possible to specify SSH jump servers in Guacamole? e.g, I'd like to
> connect to host X via host Y. I currently have various configurations such
> as this by using a ssh .config file to specify the bastions\jump boxes to
> traverse by using the ProxyCommand functionality.
> 
> I'm using LDAP & Database authentication if that helps.
> 
> Thanks
> 
> Geraint
> 
> 
> 
> --
> Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
> For additional commands, e-mail: user-help@guacamole.apache.org
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org

Re: SSH ProxyCommand Functionality

[Nick Couchman <vn...@apache.org>]

On Sun, Mar 1, 2020 at 4:03 PM DBakes <ra...@gmail.com> wrote:

> Hello,
>
> Is it possible to specify SSH jump servers in Guacamole? e.g, I'd like to
> connect to host X via host Y. I currently have various configurations such
> as this by using a ssh .config file to specify the bastions\jump boxes to
> traverse by using the ProxyCommand functionality.
>
> I'm using LDAP & Database authentication if that helps.
>
>
Currently there is no way to directly do this within Guacamole, though it
has been discussed and there is already a JIRA issue out there for it:

https://issues.apache.org/jira/browse/GUACAMOLE-312

No substantial work has been accomplish in this regard, yet, that I know
of, but it is on the radar.

That said, it may also be possible to accomplish what you're trying to do
by using the guacd proxy attributes that are available today within the
connections - that is, you could set up a guacd instance somewhere other
than where the default instance is set up and then point a specific
connection to that instance of guacd.  This may not work in every situation
- like if there's a firewall that only allows SSH traffic - but, if you
have enough control over the network, it might help you out.  Also,
connections between Guacamole Client and guacd can been encrypted, so you
can secure these in a way that allows you to operate them over untrusted
networks (similar to SSH).

-Nick