xpra icon
Bug tracker and wiki

Opened 10 months ago

Last modified 20 hours ago

#1646 assigned defect

ssh integration

Reported by: Antoine Martin Owned by: Antoine Martin
Priority: major Milestone: 2.4
Component: client Version: trunk
Keywords: Cc:

Description (last modified by Antoine Martin)

Rather than calling putty plink or ssh, we could rely on paramiko which would give us tighter integration with the ssh authentication, allowing us to do things like:

  • prompt for passphrase or password (see #1645)
  • prompt for host keys
  • give better error messages

etc

This may help with #1421: Xpra-Launcher closes silently after clicking connect - missing feedback until application shows up

Change History (5)

comment:1 Changed 4 months ago by Antoine Martin

Description: modified (diff)
Status: newassigned

comment:2 Changed 2 months ago by Antoine Martin

Milestone: 3.02.4

see also ssh plink fix: r19411

Last edited 8 weeks ago by Antoine Martin (previous) (diff)

comment:3 Changed 4 days ago by Antoine Martin

Initial support for paramiko ssh added in r19933. It works pretty well and allows us to see meaningful debug messages with -d ssh.
It doesn't ask for password or key passphrases yet and it isn't the default (requires --ssh=paramiko), but individual authentication mechanisms can be turned off for testing, ie:

XPRA_SSH_AGENT_AUTH=0 xpra attach ssh://username:password@127.0.0.1/ -d ssh --ssh=ssh

Still TODO:

  • we need to either poll + wait for the "run-xpra" command to see if it runs (and risk running it multiple times if it fails) or duplicate the ugly if+else code used by plain ssh, yuk
  • read from stderr and do something with it - maybe just log it
  • socket info assumes we have a real socket (we do, but it's hidden), override the info method for ssh transport
  • GUI for passphrase / password, accepting new / changed host keys (hard because this code runs before the main loop - we may need to exec a utility)
  • disable those prompts when running embedded without a display (ie: proxy backend connections)
  • make it the default, show the alternative in the config file
  • add to macos jhbuild, msys2 installation - deal with py2app and cx_freeze bundling
  • add deb and rpm dependencies
Last edited 2 days ago by Antoine Martin (previous) (diff)

comment:4 Changed 3 days ago by Antoine Martin

See ticket:1892#comment:13 : we should aim to support more login shells than the current ssh / plink solution.

Last edited 20 hours ago by Antoine Martin (previous) (diff)

comment:5 Changed 2 days ago by Antoine Martin

r19937:

  • checks each remote-xpra option
  • reads stderr
  • fixes socket info
Note: See TracTickets for help on using tickets.