ctys-uc-RDP

June, 2010

.

NAME

ctys-uc-RDP - Use-Cases for RDP - Remote Desktop Protocol


USE-CASES

General

The RDP plugin supports access to remote desktops by the RDP protocol. The access could be an application, terminal server, or hypervisor supporting the RDP protocol.


Start a Local Desktop Session

This opens a local session, where the server as well as the RDP client are executed locally.

  
  ctys -t RDP -a create=l:tst1,RDPPORT:3389
  

The "localhost" is hard-coded to behave as a sub-shell call too, thus the following call is internally handled identical to the previous

  
  ctys -t RDP -a create=l:tst1,RDPPORT:3389  $USER@localhost
  

This case is called DISPLAYFORWARDING which is almost the same as the X11 display forwarding.

DISPLAYFORWARDING



Start a Remote Desktop with a Local Client

In case of a "Remote Desktop with Local Client" the server is running on the given <execution-target>, whereas the client is locally started on the caller's machine. This structure is called CONNECTIONFORWARDING and requires beneath the client and server processes a third, the connecting encrypted tunnel. The tunnel is established by means of OpenSSH and used as the local peer for the Client. This whole procedure of starting the processes and the establishment of the tunnel is controlled and preformed by ctys. The user has nothing else to do than setting the option '-L CONNECTIONFORWARDING' or for short '-L CF'.



DISPLAYFORWARDING



The scenario performed behind the scene by ctys varies slightly from the previous. In case of CONNECTIONFORWARDING the whole process is set up in two steps.

  1. establishment of the encrypted tunnel
  2. start and connect the client process to the tunnel

The tunnel is established in the so called one-shot mode, where the connection is opened for an inital time period and closes automatically when the life-time threshhold is reached without an actual usage, or afterwards, when the client and server are disconnected. The period of the initial timeout for is defined by the variable "SSH_ONESHOT_TIMEOUT", which is by default set to 20seconds.

The following call starts a local client for a remote server.

  
  ctys -t rdp -a create=l:tst -L CF lab00
  

The instances could be listed by the LIST action in several variants. The basic call with default selection executed on the caller workstation is:

  
  ctys -t rdp -a list ws2
  

The standard assignment to LIST call is "tab_tcp,both", which displays:

  
  TCP-container|TCP-guest|label |sesstype|c|user|group    
  -------------+---------+------+--------+-+----+---------
  ws2.soho     |-        |tst000|RDP     |C|acue|ldapusers
  ws2.soho     |-        |tst001|RDP     |C|acue|ldapusers
  ws2.soho     |ws2.soho.|ws2   |PM      |S|-   |-        
  ws2.soho     |-        |tst000|SSH(RDP)|T|acue|ldapusers
  ws2.soho     |-        |tst001|SSH(RDP)|T|acue|ldapusers
  

Here the two tunnels could be identified as "sesstype=SSH(RDP)", and "c=T". This indicates, that the tunnels are created for the subsystem RDP with the session label "tst000" and "tst001".

The following call displays the same table, but with IDs instead of LABELs.

  
  ctys -t rdp -a list=tab_tcp,id ws2
  

Which results to the display:

  
  TCP-cont|TCP-guest|id        |sesstype|c|user|group    
  --------+---------+----------+--------+-+----+---------
  ws2.soho|-        |3389      |RDP     |C|acue|ldapusers
  ws2.soho|-        |3390      |RDP     |C|acue|ldapusers
  ws2.soho|-        |../pm.conf|PM      |S|-   |-        
  ws2.soho|-        |5950-3389 |SSH(VNC)|T|acue|ldapusers
  ws2.soho|-        |5951-3390 |SSH(VNC)|T|acue|ldapusers
  

Indicating by the default ID of tunnels, that these are tunnels forwarding the ports "5950" to "3389" and "5951" to "3390".

The display could be changed as required by usage of specific free-customized tables, e.g. displaying LABEL and ID columns once.

The call with the whole set of involved machines as one call results to:

  
  ctys -t rdp -a list=tab_tcp,id ws2 lab00 lab01
  
  
  ctys -t rdp -a list=tab_tcp,id ws2 lab00 lab01
  
    
  TCP-contai|TCP-guest|id        |sesstype|c|user|group    
  ----------+---------+----------+--------+-+----+---------
  ws2.soho  |-        |3389      |RDP     |C|acue|ldapusers
  ws2.soho  |-        |3390      |RDP     |C|acue|ldapusers
  ws2.soho  |-        |d/pm.conf |PM      |S|-   |-        
  ws2.soho  |-        |5950-3389 |SSH(RDP)|T|acue|ldapusers
  ws2.soho  |-        |5951-3390 |SSH(RDP)|T|acue|ldapusers
  lab00.soho|-        |3784      |CLI     |C|acue|ldapusers
  lab00.soho|-        |31206     |CLI     |C|acue|ldapusers
  lab00.soho|-        |1         |VNC     |S|root|root     
  lab00.soho|-        |2         |VNC     |S|acue|ldapusers
  lab00.soho|-        |          |XEN     |S|-   |-        
  lab00.soho|-        |e/xen/tst1|XEN     |S|-   |-        
  lab00.soho|-        |d/pm.conf |PM      |S|-   |-        
  lab01.soho|-        |          |XEN     |S|-   |-        
  lab01.soho|-        |d/pm.conf |PM      |S|-   |-        
  


Start Remote Desktop Sessions by Native-RDP

This opens a remote session by using the RDP protocol via a remote connection to a boxed application or a terminal server. In this case actually the RDP client is attached 'from-outside' to an access port. This differs from the preferred 'localhost-access', where a pre-authorisation by SSH access is performed. Thus it is an exception to the common philosopy and therefore called 'INSECURE'.

The main application is the access to appliance-boxes when these provide an RDP access only, or to MS-Windows(TM) based OS.

  
  ctys -t RDP -a create=l:tst1,RDPPORT:3389,INSECURE:lab02
  

Same could be applied in a relay-configuration.

  
  ctys -t RDP -a create=l:tst1,RDPPORT:3389,INSECURE:lab02 lab05
  



SEE ALSO

ctys(1) , ctys-plugins(1) , ctys-RDP(1)

For System Tools:
rdesktop: [ http://www.rdesktop.org ]




AUTHOR

Written and maintained by Arno-Can Uestuensoez:

Maintenance: <<acue_sf1 (a) sourceforge net>>
Homepage: <https://arnocan.wordpress.com>
Sourceforge.net: <http://sourceforge.net/projects/ctys>
Project moved from Berlios.de to OSDN.net: <https://osdn.net/projects/ctys>
Commercial: <https://arnocan.wordpress.com>




COPYRIGHT

Copyright (C) 2008, 2009, 2010 Ingenieurbuero Arno-Can Uestuensoez

This is software and documentation from BASE package,

For additional information refer to enclosed Releasenotes and License files.