Hi Nick,
the execute command option sounds like a good idea.
I saw the ${GUAC_CLIENT_ADDRESS} token but wasn't aware that guacd
supports the command parameter for ssh connections.
Usually I start the application after ssh login directly via
/etc/passwd, but by ssh command should work as well, so I can process
the ip as parameter of the application then. I just need to check then
to what extent that would allow users that use ssh directly to start
other applications then.
I'll give that a try, thanks for the hint!
regards
Tjareson
Am 23.08.2017 um 10:36 schrieb Nick Couchman:
Took a look at the available SSH client options, and I do not see an
obvious way to pass through the client hostname/IP/identity to the
server. Here are the two options I see:
- As mentioned before, you can use the Execute Command parameter to
pass through the identity using the token. You'd have to set up a
startup script or something like that, or figure out the right way to
use the execute command option to set a variable and then launch the
shell or whatever application you want to launch with that variable.
This is the only way to do it currently, and probably the best bet.
- It is possible to set up SSH clients and servers to send environment
variables between the client and server. I would imagine Guacamole
could be tweaked to add this functionality...but...it seems like a
little bit of a corner case to add, particularly given that you'd have
to both configure Guacamole to have some map of arbitrary environment
variables and values (and sanitize them for security purposes), and,
in order for this to work, the SSH server has to be configured, not
just to allow variables, but with the specific list of variables that
you want to pass through. That's a lot of extra configuration to
allow this behavior - particularly given the fact that you can just do
it on the command line.
-Nick
On Wednesday, August 23, 2017, 9:49:36 AM EDT, Nick Couchman
<[email protected]> wrote:
Tjareson,
While RDP currently has an option to pass through the client name, SSH
does not. I need to look and see if there's an easy way to enable
this functionality in Guacamole, but the only thing I'd suggest today
is that you might be able to find a way to use the "Execute Command"
parameter for SSH connections to pass in that token.
-Nick
On Wednesday, August 23, 2017, 9:34:55 AM EDT, Tjareson
<[email protected]> wrote:
Hi,
I'm using an ncurses based database application, which makes use of the
IP address of the ssh session from which it got used to e.g. chose the
right printer, rfid reader etc.
This became web enabled now with guacamole and I was wondering if there
is any easy way to get hold of the IP address of the web session which
is used to connect via ssh to that application mentioned above.
The setup is like this:
user <-> nginx <-> tomcat <-> guacd <-> ssh <-> ncurses application
All components from nginx to the ncurses application are on the same
server. But of course from the application side it looks always that the
connection is coming from where tomcat/guacd sits, so 127.0.0.1 in this
case.
I could probably somehow browse through all logs,
/proc/<process-id>/status and netstat to somehow figure out, who is
talking with whom, but I hope there is a more convenient approach for
this? I found that there is ${GUAC_CLIENT_ADDRESS} but I'm not sure if
there is any way to hand that over via ssh session.
regards
Tjareson
