search

TurboVNC / turbovnc

Main TurboVNC repository
https://TurboVNC.org
GNU General Public License v2.0
746 stars 136 forks source link

Support for ProxyJump in ~/.ssh/config #372

Closed bluecmd closed 11 months ago

bluecmd commented 11 months ago

Hello,

I am trying to use TurboVNC to connect to a host that requires a SSH ProxyJump step. This is the config:

Host localvm
  Hostname 192.168.100.2
  User myuser
  ForwardX11Trusted yes
  ForwardX11 yes
  IdentityFile /home/bluecmd/.ssh/id_ed25519
  ProxyJump hypervisor

I am trying to use:

/opt/TurboVNC/bin/vncviewer -tunnel localvm:5901 -loglevel 110

The log output is:

libjawt.so path: /opt/TurboVNC/java/jre/lib
Log setting: 110
main: start called
Tunnel: Opening SSH tunnel through gateway localvm
Tunnel: SSH private keys offered by agent:
Tunnel:   bluecmd@blackbox
Tunnel:     Fingerprint: xxxx
Tunnel:   bluecmd@fedora
Tunnel:     Fingerprint: xxxx
Tunnel: Read OpenSSH config file /home/bluecmd/.ssh/config
JSch: Adding private key /home/bluecmd/.ssh/id_ed25519 without passphrase
JSch:   Fingerprint: xxxx
Tunnel: Attempting to use the following SSH private keys:
Tunnel:   bluecmd@blackbox
Tunnel:     Fingerprint: xxxx
Tunnel:   bluecmd@fedora
Tunnel:     Fingerprint: xxxx
JSch: Connecting to 192.168.100.2 port 22

Here I would have expected the client to first connect to hypervisor and set up a port forward. This is what ssh localvm does when I run it locally.

dcommander commented 11 months ago

Try adding -extssh to the command line. The viewer's built-in SSH client doesn't support ProxyJump.

bluecmd commented 11 months ago

Thanks! That will probably work. FWIW, I tried but at least on NixOS ssh is not in /usr/bin/ so I cannot use this option straight away:

Cannot run program "/usr/bin/ssh": error=2, No such file or directory

I need to figure out how to set VNC_TUNNEL_CMD or something.

If I may, it would probably be better to use /usr/bin/env ssh [1] as that is quite cross-platform.

Either way, I will close this particular issue as this will most likely work when I get the SSH part correct :-)

EDIT:

I went with:

$ VNC_TUNNEL_CMD='/usr/bin/env ssh -f -L %L:localhost:%R %H -n -N' vncviewer -fsaltenter -fullscreen -extssh -tunnel the-machine.local:1
dcommander commented 11 months ago

That's a good idea (using /usr/bin/env ssh.) I will look into it.