ctys-uc-RDP - Use-Cases for RDP - Remote Desktop Protocol
The RDP plugin supports access to remote desktops by the RDP protocol. The access could be an application, terminal server, or hypervisor supporting the RDP protocol.
This opens a local session, where the server as well as the RDP client are executed locally.
ctys -t RDP -a create=l:tst1,RDPPORT:3389
The "localhost" is hard-coded to behave as a sub-shell call too, thus the following call is internally handled identical to the previous
ctys -t RDP -a create=l:tst1,RDPPORT:3389 $USER@localhost
This case is called DISPLAYFORWARDING which is almost the same as the X11 display forwarding.
In case of a "Remote Desktop with Local Client" the server is running on the given <execution-target>, whereas the client is locally started on the caller's machine. This structure is called CONNECTIONFORWARDING and requires beneath the client and server processes a third, the connecting encrypted tunnel. The tunnel is established by means of OpenSSH and used as the local peer for the Client. This whole procedure of starting the processes and the establishment of the tunnel is controlled and preformed by ctys. The user has nothing else to do than setting the option '-L CONNECTIONFORWARDING' or for short '-L CF'.
The scenario performed behind the scene by ctys varies slightly from the previous. In case of CONNECTIONFORWARDING the whole process is set up in two steps.
The tunnel is established in the so called one-shot mode, where the connection is opened for an inital time period and closes automatically when the life-time threshhold is reached without an actual usage, or afterwards, when the client and server are disconnected. The period of the initial timeout for is defined by the variable "SSH_ONESHOT_TIMEOUT", which is by default set to 20seconds.
The following call starts a local client for a remote server.
ctys -t rdp -a create=l:tst -L CF lab00
The instances could be listed by the LIST action in several variants. The basic call with default selection executed on the caller workstation is:
ctys -t rdp -a list ws2
The standard assignment to LIST call is "tab_tcp,both", which displays:
TCP-container|TCP-guest|label |sesstype|c|user|group -------------+---------+------+--------+-+----+--------- ws2.soho |- |tst000|RDP |C|acue|ldapusers ws2.soho |- |tst001|RDP |C|acue|ldapusers ws2.soho |ws2.soho.|ws2 |PM |S|- |- ws2.soho |- |tst000|SSH(RDP)|T|acue|ldapusers ws2.soho |- |tst001|SSH(RDP)|T|acue|ldapusers
Here the two tunnels could be identified as "sesstype=SSH(RDP)", and "c=T". This indicates, that the tunnels are created for the subsystem RDP with the session label "tst000" and "tst001".
The following call displays the same table, but with IDs instead of LABELs.
ctys -t rdp -a list=tab_tcp,id ws2
Which results to the display:
TCP-cont|TCP-guest|id |sesstype|c|user|group --------+---------+----------+--------+-+----+--------- ws2.soho|- |3389 |RDP |C|acue|ldapusers ws2.soho|- |3390 |RDP |C|acue|ldapusers ws2.soho|- |../pm.conf|PM |S|- |- ws2.soho|- |5950-3389 |SSH(VNC)|T|acue|ldapusers ws2.soho|- |5951-3390 |SSH(VNC)|T|acue|ldapusers
Indicating by the default ID of tunnels, that these are tunnels forwarding the ports "5950" to "3389" and "5951" to "3390".
The display could be changed as required by usage of specific free-customized tables, e.g. displaying LABEL and ID columns once.
The call with the whole set of involved machines as one call results to:
ctys -t rdp -a list=tab_tcp,id ws2 lab00 lab01
ctys -t rdp -a list=tab_tcp,id ws2 lab00 lab01 TCP-contai|TCP-guest|id |sesstype|c|user|group ----------+---------+----------+--------+-+----+--------- ws2.soho |- |3389 |RDP |C|acue|ldapusers ws2.soho |- |3390 |RDP |C|acue|ldapusers ws2.soho |- |d/pm.conf |PM |S|- |- ws2.soho |- |5950-3389 |SSH(RDP)|T|acue|ldapusers ws2.soho |- |5951-3390 |SSH(RDP)|T|acue|ldapusers lab00.soho|- |3784 |CLI |C|acue|ldapusers lab00.soho|- |31206 |CLI |C|acue|ldapusers lab00.soho|- |1 |VNC |S|root|root lab00.soho|- |2 |VNC |S|acue|ldapusers lab00.soho|- | |XEN |S|- |- lab00.soho|- |e/xen/tst1|XEN |S|- |- lab00.soho|- |d/pm.conf |PM |S|- |- lab01.soho|- | |XEN |S|- |- lab01.soho|- |d/pm.conf |PM |S|- |-
This opens a remote session by using the RDP protocol via a remote connection to a boxed application or a terminal server. In this case actually the RDP client is attached 'from-outside' to an access port. This differs from the preferred 'localhost-access', where a pre-authorisation by SSH access is performed. Thus it is an exception to the common philosopy and therefore called 'INSECURE'.
The main application is the access to appliance-boxes when these provide an RDP access only, or to MS-Windows(TM) based OS.
ctys -t RDP -a create=l:tst1,RDPPORT:3389,INSECURE:lab02
Same could be applied in a relay-configuration.
ctys -t RDP -a create=l:tst1,RDPPORT:3389,INSECURE:lab02 lab05
ctys(1) , ctys-plugins(1) , ctys-RDP(1)
For System Tools:
rdesktop: [ http://www.rdesktop.org ]
Written and maintained by Arno-Can Uestuensoez:
|Maintenance:||<<acue_sf1 (a) sourceforge net>>|
Copyright (C) 2008, 2009, 2010 Ingenieurbuero Arno-Can Uestuensoez
This is software and documentation from BASE package,
For additional information refer to enclosed Releasenotes and License files.