| | 1 | [[Image(https://xpra.org/icons/connect.png)]] |
| | 2 | = SSH Connections = |
| | 3 | |
| | 4 | [[BR]] |
| | 5 | |
| | 6 | This transport is supported by all python clients and Posix servers. (see #1920 for generic SSH server support feature) |
| | 7 | |
| | 8 | See also [/wiki/Network]. |
| | 9 | |
| | 10 | [[BR]] |
| | 11 | |
| | 12 | {{{#!div class="box" |
| | 13 | == Server Setup == |
| | 14 | This type of transport does not usually require any specific {{{bind}}} command line option. |
| | 15 | |
| | 16 | With a default configuration, starting a server will create unix domain sockets. Those sockets can be seen with {{{xpra list}}}. |
| | 17 | |
| | 18 | When connecting over SSH, the client will execute a proxy command to relay to one of these sockets, forwarding it as a pipe over the network back to the client. |
| | 19 | }}} |
| | 20 | |
| | 21 | {{{#!div class="box" |
| | 22 | == Client == |
| | 23 | |
| | 24 | Starting with version 2.4, there are now 2 backends which can be used for SSH transport. Older versions only support the ''openssh'' mode. In ''auto'' mode, ''paramiko'' will be used if installed. |
| | 25 | |
| | 26 | The backend can be selected using the {{{--ssh=}}} switch. (ie: {{{--ssh=paramiko}}}) |
| | 27 | |
| | 28 | [[BR]] |
| | 29 | |
| | 30 | === OpenSSH === |
| | 31 | This mechanism relies on [https://www.openssh.com/ openssh] on Posix systems, optionally using [https://sourceforge.net/projects/sshpass/ sshpass] to supply passwords via the command line or connection files. |
| | 32 | |
| | 33 | On MS Windows, the installer will bundle the [https://tortoisesvn.net/ tortoisesvn] version of [https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html putty plink] which includes a GUI for host key confirmation and password input. |
| | 34 | |
| | 35 | Since this mechanism relies on executing the ssh client program, you can use the same command line options as you normally would and / or use the openssh configuration files for using tunnels, restricting ciphers, etc. |
| | 36 | ie: {{{--ssh="ssh -x -c blowfish-cbc"}}} |
| | 37 | |
| | 38 | The {{{--exit-ssh}}} switch controls whether the SSH transport is killed when the client terminates, this can be useful if openssh is setup to use connection sharing. (see #203 or details) |
| | 39 | |
| | 40 | [[BR]] |
| | 41 | |
| | 42 | ---- |
| | 43 | |
| | 44 | |
| | 45 | === Paramiko === |
| | 46 | |
| | 47 | This backend is built into the client connection code and provides better diagnostics (using the {{{--debug=ssh}}} switch), and it provides a GUI for confirming host keys, entering key passphrases or passwords. |
| | 48 | The downside is that since it does not use openssh at all, it does not have the same flexibility and may require re-confirmation of known hosts. |
| | 49 | }}} |
copyleft 2010 - 2021
