Hi,
I have completed the code & build changes necessary to utilize libssh within
vncviewer for "-via" SSH connections (instead of starting a /usr/bin/ssh child
process). This solves the issue of two vncviewer processes trying to start SSH
processes bound to the same local port during startup, and has some nice fringe
benefits such as eliminating a process and a socket when in this tunneling
mode. The changes were relatively straightforward - I was even able to
successfully replicate the "process GUI events when the SSH channel read would
block" methodology with the libssh API.
In brief, the changes are as follows:
Implement a new "SSHChanConn" connection class (derived from CConn) that
establishes the SSH connection and creates a forwarding channel to the
specified VNC server.
Implemented new RDR stream classes to handle the SSH channel I/O
(SSHChanInStream and SSHChanOutStream). These are derived from the FdInStream
and FdOutStream classes in order to re-use the existing event processing,
buffer management and timing logic.
Modified configure.ac and Makefile.am files to dynamically discover the
presence of the libssh library in the build environment, and add define flags
and make targets appropriately
Reworked some of the logic in vncserver.cxx that handled the "-via" flag, and
implement a decision between CConn or SSHChanConn depending on the presence of
that flag.
The work isn't 100% complete, since I wanted to ask how you would prefer some
things be handled:
SSH Authentication - I use the API to discover the authentication mechanisms
supported by the SSH server, and try each in turn until authentication is
successful (key pair, password, keyboard-interactive, none). I haven't tested
the "None" or "Password" authentication mechanisms, since I don't have access
to an SSH server that is configured for those methods. How do you want to
handle that testing? Are there other auth methods that you would like to see
supported?
Man page - I made the "-via" argument conditionally present based on the
presence/absence of the libssh library during the build. First, do you agree
with that approach? If so, how should the man page be handled? Can we
conditionalize the description of that argument, or just put a caveat about
"only available if built with libssh" or something along those lines?
Patch submission - I have a .patch file built against the latest Subversion
trunk, but the changes are fairly extensive. Is a .patch file still
appropriate, or would you like to see things a different way?
Thanks!
-Eric
------------------------------------------------------------------------------
The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
Pinpoint memory and threading errors before they happen.
Find and fix more than 250 security defects in the development cycle.
Locate bottlenecks in serial and parallel code that limit performance.
http://p.sf.net/sfu/intel-dev2devfeb
_______________________________________________
Tigervnc-devel mailing list
Tigervnc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tigervnc-devel
