[FreeNX-kNX] Re: Problem sending 'switch' command to nxssh (Was: Re: Need help to get nxproxy & nxssh working over encrypted connection)

[Gian Filippo Pinzari]

LROUFAIL at nc.rr.com wrote:
> If I have the client send the switch command, how do I decide what 
 > port to use?

Run the proxy with the "listen=port" option. Look at the "options"
file created by nxclient.

 > The nxrun code hardcodes an encryption port for nxssh
 > (the -D option), but the commercial client does not use it.  Are
 > these things related?

Of course they are related. Using -D required that the NX server
had port forwarding enabled. The new method tunnels the traffic
by inheriting the same SSH connections.

 > Can you describe in more detail how the client proxy switch works?

- nxclient runs nxssh to connect to the server.

- The session is negotiated, using the SSH connection.

- Once session is successfully negotiated, nxclient
   runs nxproxy.

- Then nxclient tells to nxssh to connect to the
   running nxproxy. It does that using the switch
   command

- To let nxproxy accept the connection you have to
   tell nxssh which authorization cookie it must use.
   This is done as part of the switch command.

This same mechanism makes possible to use arbitrary trasports
for tunning the proxy payload. For example you might keep the
session running while the TCP connections is broken. nxproxy
would continue using a different connection when it is re-esta-
blished, useful for HTTP tunneling. Provision for that already
exists in nxcomp/nxproxy, though incomplete. Please check how
SIGHUP is managed in nxcomp.

Regards,

/Gian Filippo.