Setup SSH login

Configure a GDC shortcut to launch the application and implement port forwarding.

An advantage of using ssh and port forwarding is that the GUI information is encrypted during transmission. However, the unused port must be assigned on the server for the tunnel -- a difficult task if you are the system administrator. To solve this, we ask the server to tell us what port to use. This section shows how to implement this solution while maintaining system security.

As stated previously, we use a shell script to start the requested application instead of giving the user a shell; the login script is used for that purpose. In order for the script to work properly, the information in the Command Line field of the Genero Desktop Client shortcut must be altered accordingly to launch the application. The automatic assignment of the port forward number must also be set up.

This is the Genero Desktop Client shortcut entry for using ssh.

Figure: The Genero Desktop Client shortcut entry for using ssh.


The figure shows panel three of the Genero Desktop Client shortcut wizard with SSH 2 selected as the Terminal protocol.

In the Command field, we have specified AUTOPORT. This corresponds to an option near the end in the login script.

Figure: Setting AUTOPORT


The figure shows panel four of the Genero Desktop Client shortcut wizard with Command line port request selected for the Port forwarding mode and AUTOPORT specified in the Command field.

When the login script receives "AUTOPORT", it executes a program called autoportfind. The -e option will make it output a string like "FJSPORTFORWARD=nnnn" where nnnn is the port number provided by the operating system. The string matching rule we use looks for FJSPORTFORWARD= and retains the number following the =. This session is then closed and a new session is started using that number as the port to forward. It should not matter where in the sequence this rule is added.

You will also need to make an addition in Terminal Strings.

Figure: Configuring FJSPORTFORWARD in Terminal strings


The figure shows panel seven of the Genero Desktop Client shortcut wizard with the following entry highlighted: a String of "FJSPORTFORWARD=" and an Action of "retrieve forwarding port."

Normally, the Command Line is passed to the shell that is started when a user logs in. Since we are using our shell script, the Command Line is where we specify the application to run, and pass the port number and the security fields. In our example we want to run the demo application. The command DEMO can be changed to your own application name, and an entry in the login script can then be added to start your application.

Figure: Run as user1


The figure shows panel five of the Genero Desktop Client shortcut wizard with Standard specified as the Authentication method and "user1" specified in the User field.

When the shortcut is run, it will log in using AUTOPORT first. This will match a case statement in the script, and return a string "FJSPORTFORWARD=nnnn" where nnnn is a port number. Genero Desktop Client will then close the connection, and log in again using that port for the port to forward (tunnel) and pass it on the command line of the server @SRVNUM. This is what the login script uses to set the environment for the execution of the command DEMO. When using Port Forwarding, the server (127.0.0.1) is always the target for FGLSERVER (and therefore only the port number is needed).