On 9/3/24 8:27 AM, [email protected] wrote:
Where can I read more information about how to configure the session
manager? I dont think I have the correct entry point for the session
manager documentation.
The User's Guide (https://turbovnc.org/Documentation/Documentation)
describes basic Session Manager operation. '/opt/TurboVNC/bin/vncviewer
-?' has more in-depth documentation of the various parameters.You
shouldn't really need to set any parameters for it, however.
I did seem to understand that to use the session manager I will need to
use the internal ssh manager.
For some reason I cant really get that working, unclear why, I dont
think I have a weird ssh config. Is there some way to debug the internal
ssh client to see where it fails?
Pass '-loglevel 110' to /opt/TurboVNC/bin/vncviewer. There are a few
limitations of the built-in SSH client at the moment, including lack of
direct support for ed25519 keys. (You can still use such keys via
ssh-agent, but you can't pass them directly to the viewer.) It also
doesn't yet support jump hosts, but that's the highest priority feature
for TurboVNC 3.2. (I hope to have that feature ready to test in the 3.2
evolving branch later this month.)
I use this atm:
secret-tool lookup turbovnc password|/opt/TurboVNC/bin/vncviewer -AutoPass
-ExtSSH=1 -Tunnel=1 genos:1
I use ssh-agent to handle the ssh. I understand from the docs that
AutoPass is not recomended, but what do you think about this use-case
using secret-tool?
The Session Manager automatically generates and transmits a one-time
password through the SSH connection, so there is no need to use a VNC
password with it at all. Once you authenticate with the SSH server,
encryption and authentication with the TurboVNC session are handled
automatically. Thus, if authentication is automatic and password-less
when you SSH into the host, then the same should be true when using the
TurboVNC Session Manager. When connecting to a session using the
Session Manager, it effectively acts as if you had invoked:
ssh {host} /opt/TurboVNC/bin/vncpasswd -o -display
{TurboVNC_session_display} 2>&1 | \
sed 's/^.*: //g' | \
/opt/TurboVNC/bin/vncviewer -autopass -tunnel -securitytypes vnc
{host}:{TurboVNC_session_display}
You can, however, also set the SessMgrAuto parameter to 0 if you want to
use the Session Manager solely for session management and configure
encryption and authentication manually.
I looked into enabling the Session Manager for external SSH clients as
well (see https://github.com/TurboVNC/turbovnc/issues/148), but there
doesn't seem to be a robust way of keeping the SSH session open for an
indefinite period of time (while the Session Manager dialog is open in
the TurboVNC Viewer) without risking the SSH session remaining open if
the viewer aborts unexpectedly. Thus, I would either have to deal with
OpenSSH control socket fragility, or I would have to stipulate that an
SSH agent must be used when using the Session Manager with an external
SSH client. (In other words, an SSH session created with the external
SSH client would not be persistent until the VNC connection is
established. Until then, the Session Manager would have to
re-authenticate every time it needs to run a command on the host.)
Neither is ideal.
--
You received this message because you are subscribed to the Google Groups "TurboVNC
User Discussion/Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/turbovnc-users/e9688dee-fff2-46d7-9ab3-5592f0dea660%40virtualgl.org.
