[FreeNX-kNX] [PATCH] nxproxy-stdin as replacement for nxssh

Fabian Franz FabianFranz at gmx.de
Tue Jul 24 17:26:49 UTC 2007 

Hello, to all client developers.

Today I have got pretty good news: We no longer "need" to use 'nxssh' to 
tunnel a nxproxy connection easily over SSH.

This means: One fork less.

One the downside we loose the ability to set options on the SSH sockets.

The two options we need for "interactive" sessions are only activated (in
openssh) if either a tty is used or X11 forwarding is activated.

On the upside those options had never been activated for the server either
and a more general solution needs to be found.

Preferably in communication with the openssh people.

As a workaround one could enable the "-X" option with a fake set DISPLAY like:

DISPLAY="xyz" ssh -X nx at host or
DISPLAY="xyz" ssh -X user at host

but there would also be changes needed on the server for that.

Anyway, here is the very small patch to nxproxy and should work already with NX 2.1.0.

Client spawning of nxproxy instead of nxssh is then done like (in pseudo code):

if (!ssl)
    options += "connect=host:port,";

// create options file here

setenv("NX_DISPLAY", "nx/nx,options=</path/to/options/file/>:<display>");

if (ssl)
{
     dup2(ssh_fd, 0); // dup fd used to communicate with SSH to fd #0
     send(0, "bye"); // send bye command to have remote end switch
                     // to nxagent
     wait_num(0, 999);
     exec("nxproxy -stdin"); // Let nxproxy use fd #0 to communicate with ssh.
}
else
{
     send(ssh_fd, "quit"); 
     wait_num(ssh_fd, 999);
     exec("nxproxy -S");
}

So instead of sending the switch command after the "bye" we spawn nxproxy instead.

The -stdin is new and must not be used together with accept=, listen= or connect= options.

Alternatives to above pseudo code are to fork() off first and wait for both children (nxproxy and ssh), because in above pseudo code ssh is made a child of nxproxy (at least theoretically) ...

Or you could run a loop feeding from ssh to nxproxy and vice versa ... (via a socketpair)

There are endless possibilities for implementation, but the basic idea is:

Have "nxproxy -stdin" talk directly to the fd used to communicate with ssh.

This should make client development a little bit easier as most clients support unencrypted, but not encrypted connections.

cu

Fabian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: nxproxy-stdin.diff
Type: text/x-diff
Size: 1534 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/freenx-knx/attachments/20070724/558157e5/attachment.bin>

More information about the FreeNX-kNX mailing list