On Mon, Sep 19, 2022 at 5:50 AM Michael Milton <[email protected]> wrote:
> Thanks for the help. Unfortunately it looks like our guacamole server is > behind the VPN and is only accessed through some kind of HTTP API. I think > this means I won't be able to use SSH directly? When I create an SSH > session in the browser it upgrades the HTTP connection to websockets. Is > this websocket interface provided by Guacamole? Is it documented anywhere? > Because I might be able to use it to emulate SSH, even if I can't make a > true SSH connection. > If you're going to use the method that Philipp suggested, then you'd need to make your Guacamole server (or whatever SSH relay/proxy server you use) accessible via the firewall and/or VPN. You basically have to have something that the end client can access that can also access the remote systems. Philipp's point was that this method would be used as an alternative to Guacamole, not using the Guacamole system. Regarding your other questions... * Guacamole currently does not have an strict text-only/command-line client, because it is designed to be browser-driven, and work within a browser. All of the items displayed to the screen - including the "text" displayed for Telnet and SSH sessions - is rendered as an image to the web browser, not as text. This is fairly core to the Guacamole protocol itself - the data is sent that way between guacd and the end client (browser). Changing that behavior is not trivial - it would require some pretty core changes to the implementation of Guacamole. And, as Philipp points out, there are other ways to do that that may be simpler than trying to use Guacamole. * And, yes, Guacamole does attempt Websocket connections between the browser and the Tomcat instance, and then falls back to HTTP if that is not available. And, yes, Guacamole provides that interface - it is implemented in the Java code that runs in Tomcat, within the guacamole-client codebase. That said, the Websocket interface is specifically written with the goal of carrying the Guacamole protocol data, and not just a generic tunnel (though it does have ways of being used to tunnel arbitrary data). You can find API documentation here: https://guacamole.apache.org/api-documentation/. And, of course, any further questions or concerns, feel free to post back here. -Nick
