Closed wanlinwang closed 2 years ago
I could you .ssh/config file to specify the port. Thank you!
You can configure a host entry in the OpenSSH config file (~/.ssh/config on Un*x or %USERPROFILE%
/.ssh/config on Windows), such as:
Host my_host
HostName my_actual_host_name
Port 2222
and then enter my_host
rather than my_actual_host_name
in the TurboVNC Viewer.
You can also use the SSHPort
parameter on the TurboVNC Viewer command line. For example:
/opt/TurboVNC/bin/vncviewer my_actual_host_name -sshport 2222
I intend to eventually add the ability to configure the SSH port using the TurboVNC Viewer Options dialog and also the ability to store settings on a per-host basis, but I ran out of time and funding to include those features in TurboVNC 3.0. For now, OpenSSH config file entries are probably the most straightforward solution if you need to connect repeatedly to the same host using a non-standard SSH port.
Got, thank you very much!
I'd like to reopen the issue. Neither solution is working for me:
vncviewer
my_host
, I get Auth fail
. If I SSH, start the server and get the display number, then enter my_host:display_number
, I get Could not resolve hostname: node4: Name or service not known
.vncviewer srv_ip -sshport myport
vncviewer -config myfile.turbovnc
with SSHUser=jonny and SSHPort=1234 also doesn't helpWhat finally is working is vncviewer myip:display_number -sshport 1234
. And only after manually SSHing and starting the server. Otherwise I get Connection refused
. This also only seems to work on LAN. If instead of myip
I enter a domain name, vncviewer
just jumps on 100% CPU usage and nothing happens. With vncviewer mydomain:1 -tunnel -sshport 1234
I get Auth fail
. Not really sure what other options to use to connect via mydomain
other than 1. manually SSHing and starting the server, 2. manually binding the port.
I'd expect the same workflow as e.g. x2go - select auth method e.g. SSH and that's it. A lot of fiddling around and experimenting to get a simple example working.
Not sure if previous options are deprecated but I miss more documentation. Also can you help me understand the point of having a passw login when one is already authenticating with a SSH key?
I'd like to reopen the issue. Neither solution is working for me:
- if I just enter in
vncviewer
my_host
, I getAuth fail
. If I SSH, start the server and get the display number, then entermy_host:display_number
, I getCould not resolve hostname: node4: Name or service not known
.- same behavior when using
vncviewer srv_ip -sshport myport
- using
vncviewer -config myfile.turbovnc
with SSHUser=jonny and SSHPort=1234 also doesn't helpWhat finally is working is
vncviewer myip:display_number -sshport 1234
. And only after manually SSHing and starting the server. Otherwise I getConnection refused
. This also only seems to work on LAN. If instead ofmyip
I enter a domain name,vncviewer
just jumps on 100% CPU usage and nothing happens. Withvncviewer mydomain:1 -tunnel -sshport 1234
I getAuth fail
. Not really sure what other options to use to connect viamydomain
other than 1. manually SSHing and starting the server, 2. manually binding the port.I'd expect the same workflow as e.g. x2go - select auth method e.g. SSH and that's it. A lot of fiddling around and experimenting to get a simple example working.
Not sure if previous options are deprecated but I miss more documentation. Also can you help me understand the point of having a passw login when one is already authenticating with a SSH key?
Let me explain what is supposed to happen. As documented in the TurboVNC User's Guide, if you pass only a hostname or IP address to the TurboVNC Viewer, the TurboVNC Viewer will start the TurboVNC Session Manager, which connects to the specified hostname/IP address using SSH (subject to the values of the SSHUser
and SSHPort
parameters.) Once you successfully authenticate using SSH, the TurboVNC Session Manager will start a new TurboVNC session if one isn't already started under your user account. Otherwise it will show a dialog with all of your running sessions, allowing you to connect to or kill one of them or start a new one. When the TurboVNC Session Manager starts a new session, that session will automatically be configured to tunnel the RFB connection through SSH and to use one-time password (OTP) authentication. When connecting to a TurboVNC session, the TurboVNC Session Manager invokes /opt/TurboVNC/bin/vncpasswd
through SSH in order to generate a new OTP for the session, it reads that OTP through the SSH console output, and it passes the OTP to the TurboVNC session via the SSH-tunneled RFB connection. If the TurboVNC Session Manager is working correctly, then it is effectively single-sign-on. You won't be asked for a VNC password or any other authentication credentials.
However, when you pass a hostname or IP address and a VNC display number to the TurboVNC Viewer, it will try to act like a "normal" VNC viewer, which means that it will:
The core of the issue is that SSH authentication failed for some reason, so the TurboVNC Session Manager didn't start. After that, you tried several things that wouldn't have worked:
- If I SSH, start the server and get the display number, then enter
my_host:display_number
, I getCould not resolve hostname: node4: Name or service not known
.- same behavior when using
vncviewer srv_ip -sshport myport
- using
vncviewer -config myfile.turbovnc
with SSHUser=jonny and SSHPort=1234 also doesn't help
my_host
refers to an entry in the OpenSSH config file, which has no relevance to the TurboVNC Viewer unless SSH tunneling is enabled. Since you passed a display number to the viewer, it operated as a normal VNC viewer, so SSH tunneling wasn't enabled by default. Because SSH tunneling wasn't enabled, the viewer had no idea what my_host
was, and it ignored the SSHPort
and SSHUser
parameters.
Let's focus on the SSH authentication issue, since that is at the core of the problem. Please try /opt/TurboVNC/bin/vncviewer my_host -loglevel 110
and post the output.
JSch: Next authentication method: publickey
JSch: Trying private key: user@user (decrypted)
JSch: rsa-sha2-512 preauth failure
JSch: Trying private key: user@user (decrypted)
JSch: ssh-ed25519 cannot be used as public key type for identity user@user
JSch: Disconnecting from 192.168.1.2 port 1234
Session Manager Error:
Auth fail
From what I can tell it isn't satisfied with the ssh key type for some reason - ed25519. Saw your comment on a workaround. Works. Would be nice if that was a part of the docs. Anyhow, think that's the best support I got in last years. Happy user, thank you again.
I intend to add Ed25519 support in the next major TurboVNC release (#323), and I would like to support external SSH clients with the Session Manager as well (#148.) However, I'll see if there is a logical place to include a blurb about the workaround in the meantime.
My Linux host's sshd listen on non-standard port rather than 22. It could not be used for Turbovnc session manager. Could it support customized port for sshd using by Turbovnc session manager?