Feature request: Support for ssh jump hosts

[pcrow]

Most of my VNC servers are set up to only accept connections from localhost, so I have to use an ssh tunnel to the system. However, I often have to use an intermediary host to connect, so I have to use a jump or proxy host. So my ssh command-line would look something like "ssh -J me@gateway me@vnchost" with the port redirects.

The GUI would need a checkbox for an intermediary ssh jump host, in which case it would open a line to put in the user, host, and port.

[freebrowser1]

Same issue here. From my Mac to VNC on my Raspberry Pi I run ssh -L 6901:localhost:5901 pi@pi and on its VNC client (RealVNC) I can connect to localhost:6901 which shows the Raspberry Pi desktop using the same pi as intermediary host. But AVNC does not support this as the SSH tunnel option does not allow to fill in a virtual localhost port like my '6901'.

[gujjwal00]

@pcrow AVNC uses Connectbot's SSH library for tunneling, which does not support jump hosts. Also, IMHO, if you want more advanced setup, you will be better off using a dedicated SSH app for opening the tunnel, and pointing AVNC towards the tunnel instead of real server. AVNC is not likely to provide many options in this area.

@freebrowser1 I am not completely sure how you want to use port 6901 from AVNC, but if you allow external connections to port 6901, you can just point AVNC to <Address_Of_My_Mac>:6901 and it should connect to pi@pi. Of course, the connection from AVNC to Mac won't be protected by SSH tunnel.

[freebrowser1]

@freebrowser1 I am not completely sure how you want to use port 6901 from AVNC, but if you allow external connections to port 6901, you can just point AVNC to <Address_Of_My_Mac>:6901 and it should connect to pi@pi. Of course, the connection from AVNC to Mac won't be protected by SSH tunnel. That is not what I mean. When I use ssh -L 6901:localhost:5901 from an SSH command, it does protect the SSH connection. The issue is that the internal SSH client of AVNC does not support this -L mode.

[gujjwal00]

That's what AVNC does actually.

When you connect from your MAC, you are using two separate apps: ssh client to create the tunnel, and RealVNC client as VNC viewer. So you need to tell the RealVNC client which local port is forwarded, i.e. 6901.

In case of AVNC, there is only one app. When AVNC creates the ssh tunnel, it picks a random local port for forwarding, and gives that information to "vnc viewer" part of the app. So the equivalent of port 6901 is still there, you just don't have to explicitly specify it.

[freebrowser1]

That's what AVNC does actually.

In case of AVNC, there is only one app. When AVNC creates the ssh tunnel, it picks a random local port for forwarding, and gives that information to "vnc viewer" part of the app. So the equivalent of port 6901 is still there, you just don't have to explicitly specify it.

I tested it once more. Now I set it up in AVNC by vnc to localhost:5901 (the actual VNC port but on localhost, which is my Android device). But the Advanced => SSH I set to the Raspberry PI IP and the credentials (pi / password) and it works as it forwards it via SSH to the Raspberry Pi. So when 'localhost' is specified as 'VNC server address' it indeed connects via SSH and it works ! So ticket can be closed.

[gujjwal00]

Great!

Now, I have seen this confusion couple of times already, so I think it deserves some more attention. I think a helpful tip can be shown below SSH configuration which states the equivalent ssh command. For example, in your case it can say something like: Equivalent ssh command: ssh -L <random_port>:localhost:5901 192.168.0.60:22 We can even create a wiki page explaining it all.

@pcrow I am closing this issue because support for jump hosts will not be implemented for the foreseeable future.

[pcrow]

@pcrow AVNC uses Connectbot's SSH library for tunneling, which does not support jump hosts. Also, IMHO, if you want more advanced setup, you will be better off using a dedicated SSH app for opening the tunnel, and pointing AVNC towards the tunnel instead of real server. AVNC is not likely to provide many options in this area.

That makes sense. So I should open a ticket for Connectbot's SSH library asking for the feature, and if they implement it, then it would become practical to ask for it here. Now if I could find a way to create a shortcut that would open the ssh tunnel, launch AVNC, and close it down when AVNC exits, that would be awesome. If I could launch AVNC from Termux for a specific connection, that would mostly do it, or there might be other approaches. If someone knows of such a trick, it would be a great addition to the wiki.

[gujjwal00]

So I should open a ticket for Connectbot's SSH library asking for the feature

Its already open: https://github.com/connectbot/connectbot/issues/679

If I could launch AVNC from Termux for a specific connection, that would mostly do it, or there might be other approaches

Yes, you can. AVNC supports vnc:// URIs. You can connect to a server saved in AVNC, or you can give an IP address. You can use Android's am command from Termux shell to start AVNC (or any other app):

am start 'vnc://192.168.226.208'               #Connect to an IP address
am start 'vnc://?ConnectionName=Foo'           #Connect to 'Foo' server saved in AVNC