[FreeNX-kNX] establish a encrypted NX session using an alternative SSH client
Marcelo Boveto Shima
marceloshima at gmail.com
Sat Jul 7 13:11:05 UTC 2012
It's possible to use openssh client with a patched nxproxy.
This patch redirects the nx connection to stdin.
Otherwise I don't think it's possible, because you can't
create a port forward on an existing connection.
The port forward is static and the nxagent port is not
defined by the time the connection is made.
With python-paramiko you can create tunnels dynamically.
Maybe some java ssh library has support for this too.
Regards.
Marcelo
On Saturday, 7 de July de 2012 at 04:56, Julio Carlos Barrera Juez wrote:
> Ok,
>
> it is very easy, I want to establish an encrypted NX session without 'nxssh', only openssh client. I achieve all the process until the switch to the SSL tunnel. I want to construct this tunnel using 'ssh -L'. Is it possible? If it was, it would be easy to use any SSH client.
>
> Thank you!
> De: freenx-knx-bounces at kde.org [freenx-knx-bounces at kde.org] en nombre de Jean Milot [jmilot at dotriver.eu]
> Enviado: viernes, 06 de julio de 2012 15:36
> Para: freenx-knx at kde.org
> Asunto: Re: [FreeNX-kNX] establish a encrypted NX session using an alternative SSH client
>
> Hi,
>
> I would like to help you but can you give more informations or tell us how to try what you have done.
>
>
>
> Le 06/07/2012 15:14, Julio Carlos Barrera Juez a écrit :
> >
> > Hi again!
> >
> >
> >
> >
> >
> > I have debugged the scenario a little bit more and I noticed that the local ‘nxproxy’ didn’t receive any data from the remote one. The SSL port forwarded tunnel is well established because I have tested it separately. But anyway the local ‘nxproxy’ remains in a the ‘ProxyStage’ called ‘stage_waiting_proxy_version’. It is the one after stage ‘stage_connected’. Then it seems the tunnel was not well established… a contradiction.
> >
> >
> >
> >
> >
> > I need some help with that, for sure.
> >
> >
> >
> >
> >
> > Thank you!
> >
> >
> >
> >
> >
> > De: freenx-knx-bounces at kde.org (mailto:freenx-knx-bounces at kde.org) [mailto:freenx-knx-bounces at kde.org] En nombre de Julio Carlos Barrera Juez
> > Enviado el: viernes, 06 de julio de 2012 14:03
> > Para: User Support for FreeNX Server and kNX Client
> > Asunto: Re: [FreeNX-kNX] establish a encrypted NX session using an alternative SSH client
> >
> >
> >
> >
> >
> >
> >
> > Hi again, I have noticed that remote ‘nxagent’ is listening on the correct port and when local ‘nxproxy’ starts the connection is established. But the session fails after 1 minute. It seems that a negotiation between both is not well done. I invoke the ‘nxproxy’ by the same way with ‘nxssh’ and with my custom program and SSL port forwarded tunnel, the it must be a negotiation failure.
> >
> >
> >
> >
> >
> > The ‘nxnode’ log shows me the failure, but not the reason:
> >
> >
> >
> >
> >
> > …
> >
> >
> > 06.07 13:49:49: node_start_agent (8225): Wait for NODE_AGENT_PID (8524)
> >
> >
> > 06.07 13:50:35: node_start_agent (8225): NODE_AGENT_EXIT_STATUS = "1"
> >
> >
> > 06.07 13:50:35: node_start_agent (8225): close session
> >
> >
> > 06.07 13:50:35: node_start_agent (8225): NODE_FAILED = "failed"
> >
> >
> > …
> >
> >
> >
> >
> >
> > And the session log shows a failure with the display, but I don’t understand why:
> >
> >
> >
> >
> >
> > NXAGENT - Version 3.5.0
> >
> >
> >
> >
> >
> > Copyright (C) 2001, 2011 NoMachine.
> >
> >
> > See http://www.nomachine.com/ for more information.
> >
> >
> >
> >
> >
> > Info: Agent running with pid '8524'.
> >
> >
> > Session: Starting session at 'Fri Jul 6 13:49:32 2012'.
> >
> >
> > Info: Proxy running in server mode with pid '8524'.
> >
> >
> > Info: Waiting for connection from '127.0.0.1' on port '6011'.
> >
> >
> > Info: Accepted connection from '127.0.0.1'.
> >
> >
> > Info: Aborting the procedure due to signal '1'.
> >
> >
> > Error: Aborting session with 'Unable to open display 'nx/nx,options=/home/logoff/.nx/C-Virtual-Xubuntu-2011-2759B7A3A04A7A53439B9CD1E7ED183E/options:2011''.
> >
> >
> > Session: Aborting session at 'Fri Jul 6 13:50:32 2012'.
> >
> >
> > Session: Session aborted at 'Fri Jul 6 13:50:32 2012'.
> >
> >
> >
> >
> >
> >
> >
> >
> > What I’m doing bad?
> >
> >
> >
> >
> >
> > Thank you!
> >
> >
> >
> >
> >
> >
> >
> >
> > De: freenx-knx-bounces at kde.org (mailto:freenx-knx-bounces at kde.org) [mailto:freenx-knx-bounces at kde.org] En nombre de Julio Carlos Barrera Juez
> > Enviado el: viernes, 06 de julio de 2012 13:04
> > Para: freenx-knx at kde.org (mailto:freenx-knx at kde.org)
> > Asunto: [FreeNX-kNX] establish a encrypted NX session using an alternative SSH client
> >
> >
> >
> >
> >
> >
> >
> > Hi all.
> >
> >
> >
> >
> >
> > I’m developing a Java based NX client. In my first sprint I have developed a NX handler to establish NX sessions using a SSH pure Java library called JSCH (http://www.jcraft.com/jsch/). It worked with few source code lines and I achieve establishing NX sessions without encryption (SSL Port forwarding). Now I’m trying to do the same, but using encrypted NX sessions that only use one SSH port. I change the ‘startsession’ parameter and I create a SSL forwarded tunnel in my SSH client. I know that using ‘nxssh’, it is necessary to say ‘bye’ to the server and then write the command ‘NX> 299 Switch connection to: SSH port: local_port accept: 127.0.0.1’. Then I launch ‘nxproxy’ and the remote NX session starts.
> >
> >
> >
> >
> >
> > The problem appeared when I tried to launch the original ‘nxproxy’ with my custom SSL port forwarded tunnel. ‘nxproxy’ connected with the local listening port, but it seems it didn’t connect with the remote ‘nxagent’ which was listening in the correct port. Maybe I was establishing bad the port forwarded tunnel, but I have no evidences of it.
> >
> >
> >
> >
> >
> > It is possible to establish the whole connection using ‘openssh’ standard client instead of ‘nxssh’, it will help me a lot to understand the whole process.
> >
> >
> >
> >
> >
> > Any help will be appreciated.
> >
> >
> >
> >
> >
> > Thank you!
> >
> >
> >
> >
> > ________________________________________________________________ Were you helped on this list with your FreeNX problem? Then please write up the solution in the FreeNX Wiki/FAQ: http://openfacts2.berlios.de/wikien/index.php/BerliosProject:FreeNX_-_FAQ Don't forget to check the NX Knowledge Base: http://www.nomachine.com/kb/ ________________________________________________________________ FreeNX-kNX mailing list --- FreeNX-kNX at kde.org (mailto:FreeNX-kNX at kde.org) https://mail.kde.org/mailman/listinfo/freenx-knx ________________________________________________________________
> -- Jean Milot - jmilot at dotriver.eu (mailto:jmilot at dotriver.eu) - www.dotriver.eu (http://www.dotriver.eu) <http://www.dotriver.eu/> (http://www.dotriver.eu/) 5 passage de l'avenir, F-69200 Vénissieux Fixe: +33 (0)4 27 46 39 80 Hotline: # 89 Fax: # 81 Rencontrez DotRiver : Salon Use-IT 2012 (http://bit.ly/IV8U81), Festival Temps Libre (http://bit.ly/L6YbwD) DotRiver, membre du consortium "nuage" (http://bit.ly/LNIfMr) Pas à pas, agissons au quotidien pour préserver notre environnement. N'imprimez que si nécessaire, réduisez les déchets informatiques et économisez l'énergie en utilisant les solutions DotRiver.
> ________________________________________________________________
> Were you helped on this list with your FreeNX problem?
> Then please write up the solution in the FreeNX Wiki/FAQ:
>
> http://openfacts2.berlios.de/wikien/index.php/BerliosProject:FreeNX_-_FAQ
>
> Don't forget to check the NX Knowledge Base:
> http://www.nomachine.com/kb/
>
> ________________________________________________________________
> FreeNX-kNX mailing list --- FreeNX-kNX at kde.org
> https://mail.kde.org/mailman/listinfo/freenx-knx
> ________________________________________________________________
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/freenx-knx/attachments/20120707/9186ce12/attachment.html>
More information about the FreeNX-kNX
mailing list