Hi,

I have completed the code & build changes necessary to utilize libssh within 
vncviewer for "-via" SSH connections (instead of starting a /usr/bin/ssh child 
process). This solves the issue of two vncviewer processes trying to start SSH 
processes bound to the same local port during startup, and has some nice fringe 
benefits such as eliminating a process and a socket when in this tunneling 
mode. The changes were relatively straightforward - I was even able to 
successfully replicate the "process GUI events when the SSH channel read would 
block" methodology with the libssh API.

In brief, the changes are as follows:
Implement a new "SSHChanConn" connection class (derived from CConn) that 
establishes the SSH connection and creates a forwarding channel to the 
specified VNC server.
Implemented new RDR stream classes to handle the SSH channel I/O 
(SSHChanInStream and SSHChanOutStream). These are derived from the FdInStream 
and FdOutStream classes in order to re-use the existing event processing, 
buffer management and timing logic.
Modified configure.ac and Makefile.am files to dynamically discover the 
presence of the libssh library in the build environment, and add define flags 
and make targets appropriately
Reworked some of the logic in vncserver.cxx that handled the "-via" flag, and 
implement a decision between CConn or SSHChanConn depending on the presence of 
that flag.

The work isn't 100% complete, since I wanted to ask how you would prefer some 
things be handled:
SSH Authentication - I use the API to discover the authentication mechanisms 
supported by the SSH server, and try each in turn until authentication is 
successful (key pair, password, keyboard-interactive, none). I haven't tested 
the "None" or "Password" authentication mechanisms, since I don't have access 
to an SSH server that is configured for those methods. How do you want to 
handle that testing? Are there other auth methods that you would like to see 
supported?
Man page - I made the "-via" argument conditionally present based on the 
presence/absence of the libssh library during the build. First, do you agree 
with that approach? If so, how should the man page be handled? Can we 
conditionalize the description of that argument, or just put a caveat about 
"only available if built with libssh" or something along those lines?
Patch submission - I have a .patch file built against the latest Subversion 
trunk, but the changes are fairly extensive. Is a .patch file still 
appropriate, or would you like to see things a different way?

Thanks!
-Eric


------------------------------------------------------------------------------
The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
Pinpoint memory and threading errors before they happen.
Find and fix more than 250 security defects in the development cycle.
Locate bottlenecks in serial and parallel code that limit performance.
http://p.sf.net/sfu/intel-dev2devfeb
_______________________________________________
Tigervnc-devel mailing list
Tigervnc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tigervnc-devel

Reply via email to