I have disabled authentication and am using the NoAuth extension so that I can connect to hosts directly by their hostname i.e. http://<domain_name>:8080/guacamole/#/client/<hostname>. All protocols (telnet, rdp and vnc) are working great except for ssh clients. When I attempt to connect to ssh clients by hostname I get an error. However, I can connect when I click the hostname link directly from the guac webpage.
Here is what I see in the log:
16:31:13.475 [http-bio-8080-exec-7] INFO o.g.g.n.b.rest.auth.TokenRESTService - User "d0ae3933-c16f-48a8-9ad4-9350f5aba352" successfully authenticated from 10.4.255.199.
16:31:13.931 [http-bio-8080-exec-2] ERROR o.g.g.n.b.w.t.GuacamoleWebSocketTunnelServlet - Creation of WebSocket tunnel to guacd failed: Illegal identifier - unknown type.
16:31:13.977 [http-bio-8080-exec-9] WARN o.g.g.s.GuacamoleHTTPTunnelServlet - HTTP tunnel request rejected: Illegal identifier - unknown type.
Any ideas? Why can't I connect directly to ssh clients via their hostname like I can for telnet, rdp and vnc clients?
Thanks,
Keith
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
When I attempt to connect to ssh clients by hostname I get an error. However, I can connect when I click the hostname link directly from the guac webpage.
I would compare the link you get when you click on the connection against what you are entering in manually - there must be a difference, and that difference is likely why you are getting an error.
The fact that this is happening for SSH and not the other protocols can only be a coincidence. The underlying protocol of a connection (as well as that connection's configuration) is intentionally opaque to the client. At the JavaScript layer of the Guacamole stack, everything is the Guacamole protocol, and your connection is simply a connection identifier. The information dictating the protocol that guacd will use on your behalf, the other connection parameters that are involved, etc. is only handled at lower levels, and the URL would not have any effect on this.
For the sake of maximum clarity, let me also point out that the format http://<domain_name>:8080/guacamole/#/client/<hostname> is technically incorrect. It may work, but only if you have explicitly named your connections with their hostname, and only if using a version of Guacamole where the connection name/identifier was included in human-readable form within the URL (0.9.7 and older).
For 0.9.7 and older, the URL format was something like .../#/client/c/IDENTIFIER, where that "c" indicates you are connecting to a connection (this would be "g" if you were connecting to a balancing group) and "IDENTIFIER" is the unique identifier of your connection (the name specified in the <config> tag in the case of NoAuth).
For 0.9.8 and onward, the URL format has become .../#/client/BASE64_STRING, where "BASE64_STRING" is a base64-encoded string containing the connection identifier, connection type, and the identifier of the auth provider (as 0.9.8 and onward allow multiple extensions to be loaded simultaneously). This is described in more detail here: https://sourceforge.net/p/guacamole/discussion/1110834/thread/fb609070/
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I am using 0.9.8 and I can connect to every device by using http://<domain_name>:8080/guacamole/#/client/<hostname> except for SSH clients. The only way I can connect to them is by using BASE64_STRING. If this is technically wrong, how and why is it working for non SSH clients? Also, is there a way around using the BASE64_STRING and connecting using the client identifier only without downgrading to 0.9.7?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I went ahead and downgraded to 0.9.7 but the exact same thing is happening. Also, the non ssh clients can only be connected to directly using .../#/client/IDENTIFIER not .../#/c/IDENTIFIER.
Any suggetions is greatly appreciated. I would really like the ability to connect directly to clients via the config name (IDENTIFIER).
Well, not anyone, per se ... anyone that misses the human-readable URLs of 0.9.7 so much that they are willing to sacrifice all the improvements made in 0.9.8 and 0.9.9 to get them.
I'm glad you've found a workable solution that makes you happy, but it's not a reasonable tradeoff IMHO.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
That extension will add support for the old-style URLs, resolving the multi-extension ambiguity by assuming the connection (or connection group) is coming from the backend which authenticated the current user.
Just build the above, plop it in your GUACAMOLE_HOME/extensions, restart Tomcat, and you should be all set. The old .../client/c/IDENTIFIER style should work.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I am hoping you can help me or point me in the right direction. I am using the legacy-urls extension and it works 60% of the time. I find with some clients I have to change the name several times before it will work. Certain text stringa never work. For example, this works:
<configname="Cisco"protocol="ssh"><paramname="hostname"value="10.10.0.22"/><paramname="port"value="22"/></config>
But this doesn't:
<configname="Brocade"protocol="ssh"><paramname="hostname"value="10.10.0.22"/><paramname="port"value="22"/></config>
Although I believe the string "Brocade" did work when attached to another address....Is there a way to clear the cache that survives even after a restart or something that may be holding on to old address data?
Thanks,
Keith
Last edit: Kode7 2016-05-17
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Nope. There's no configuration. It just adds some additional JavaScript which adds handling for the old-style URLs with the assumptions described above.
You might need to clear browser cache, though.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
But I always get to the login screen. I also installed the legacy urls but this did no change anything. Can someone help me how to use no-auth? It works nicely when I login manually entering the credentials.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Are you referring to the client login or guacamole login? noauth-config.xml only allows you to bipass the guac login, you will still have to input the uname and pw for the connection.
Keith
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I was referring to the guacamole login. I always get to the white screen with the green bowl asking for login and password. This gets saved ones I login once, but I was looking for a way to either add the credentials for guacamole login in the url or to just by-pass this screen.
Thank you
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I have disabled authentication and am using the NoAuth extension so that I can connect to hosts directly by their hostname i.e. http://<domain_name>:8080/guacamole/#/client/<hostname>. All protocols (telnet, rdp and vnc) are working great except for ssh clients. When I attempt to connect to ssh clients by hostname I get an error. However, I can connect when I click the hostname link directly from the guac webpage.
Here is what I see in the log:
16:31:13.475 [http-bio-8080-exec-7] INFO o.g.g.n.b.rest.auth.TokenRESTService - User "d0ae3933-c16f-48a8-9ad4-9350f5aba352" successfully authenticated from 10.4.255.199.
16:31:13.931 [http-bio-8080-exec-2] ERROR o.g.g.n.b.w.t.GuacamoleWebSocketTunnelServlet - Creation of WebSocket tunnel to guacd failed: Illegal identifier - unknown type.
16:31:13.977 [http-bio-8080-exec-9] WARN o.g.g.s.GuacamoleHTTPTunnelServlet - HTTP tunnel request rejected: Illegal identifier - unknown type.
Any ideas? Why can't I connect directly to ssh clients via their hostname like I can for telnet, rdp and vnc clients?
Thanks,
Keith
I would compare the link you get when you click on the connection against what you are entering in manually - there must be a difference, and that difference is likely why you are getting an error.
The fact that this is happening for SSH and not the other protocols can only be a coincidence. The underlying protocol of a connection (as well as that connection's configuration) is intentionally opaque to the client. At the JavaScript layer of the Guacamole stack, everything is the Guacamole protocol, and your connection is simply a connection identifier. The information dictating the protocol that guacd will use on your behalf, the other connection parameters that are involved, etc. is only handled at lower levels, and the URL would not have any effect on this.
For the sake of maximum clarity, let me also point out that the format
http://<domain_name>:8080/guacamole/#/client/<hostname>is technically incorrect. It may work, but only if you have explicitly named your connections with their hostname, and only if using a version of Guacamole where the connection name/identifier was included in human-readable form within the URL (0.9.7 and older).For 0.9.7 and older, the URL format was something like
.../#/client/c/IDENTIFIER, where that "c" indicates you are connecting to a connection (this would be "g" if you were connecting to a balancing group) and "IDENTIFIER" is the unique identifier of your connection (the name specified in the<config>tag in the case of NoAuth).For 0.9.8 and onward, the URL format has become
.../#/client/BASE64_STRING, where "BASE64_STRING" is a base64-encoded string containing the connection identifier, connection type, and the identifier of the auth provider (as 0.9.8 and onward allow multiple extensions to be loaded simultaneously). This is described in more detail here: https://sourceforge.net/p/guacamole/discussion/1110834/thread/fb609070/First off thanks for the fast response :-)
I am using 0.9.8 and I can connect to every device by using http://<domain_name>:8080/guacamole/#/client/<hostname> except for SSH clients. The only way I can connect to them is by using BASE64_STRING. If this is technically wrong, how and why is it working for non SSH clients? Also, is there a way around using the BASE64_STRING and connecting using the client identifier only without downgrading to 0.9.7?
Hi Michael,
I went ahead and downgraded to 0.9.7 but the exact same thing is happening. Also, the non ssh clients can only be connected to directly using .../#/client/IDENTIFIER not .../#/c/IDENTIFIER.
Any suggetions is greatly appreciated. I would really like the ability to connect directly to clients via the config name (IDENTIFIER).
<configs>
<config name="myconfig" protocol="rdp">
<param name="hostname" value="rdp-server"/>
<param name="port" value="3389"/>
</config>
</configs>
Thanks,
Keith
After a complete reinstall I was able to get 0.9.7 working using http://<domain_name>:8080/guacamole/#/client/c/<hostname>
So, for anyone who requires a simple direct connection by hostname (identifier) use 0.9.7 not 0.9.8+.
Last edit: Kode7 2015-12-29
Well, not anyone, per se ... anyone that misses the human-readable URLs of 0.9.7 so much that they are willing to sacrifice all the improvements made in 0.9.8 and 0.9.9 to get them.
I'm glad you've found a workable solution that makes you happy, but it's not a reasonable tradeoff IMHO.
I agree, I really would prefer 0.9.9. Is there any work around?
Here - give this a shot: https://github.com/mike-jumper/guacamole-legacy-urls
That extension will add support for the old-style URLs, resolving the multi-extension ambiguity by assuming the connection (or connection group) is coming from the backend which authenticated the current user.
Just build the above, plop it in your
GUACAMOLE_HOME/extensions, restart Tomcat, and you should be all set. The old.../client/c/IDENTIFIERstyle should work.Thanks! I will try this right now. Do I need to edit guacamole.properties for this new extenstion?
Hi Michael,
I am hoping you can help me or point me in the right direction. I am using the legacy-urls extension and it works 60% of the time. I find with some clients I have to change the name several times before it will work. Certain text stringa never work. For example, this works:
Although I believe the string "Brocade" did work when attached to another address....Is there a way to clear the cache that survives even after a restart or something that may be holding on to old address data?
Thanks,
Keith
Last edit: Kode7 2016-05-17
Nope. There's no configuration. It just adds some additional JavaScript which adds handling for the old-style URLs with the assumptions described above.
You might need to clear browser cache, though.
Works perfectly! THANK YOU!!!
I am still struggling and followed the instruction (guacamole 0.9.9):
<configs>
<config name="connection1" protocol="rdp">
<param name="hostname" value="192.168.1.10"/>
<param name="port" value="3389"/>
</config>
</configs>
http://<ip:port>/guacamole/#/client/connection1
http://<ip:port>/#/client/c/connection1
But I always get to the login screen. I also installed the legacy urls but this did no change anything. Can someone help me how to use no-auth? It works nicely when I login manually entering the credentials.
Hi Micki,
Are you referring to the client login or guacamole login? noauth-config.xml only allows you to bipass the guac login, you will still have to input the uname and pw for the connection.
Keith
Hi Keith,
I was referring to the guacamole login. I always get to the white screen with the green bowl asking for login and password. This gets saved ones I login once, but I was looking for a way to either add the credentials for guacamole login in the url or to just by-pass this screen.
Thank you