Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
 [dupe] Apache Guacamole – A clientless remote desktop gateway (apache.org)
193 points by WhyNotHugo on Nov 26, 2017 | hide | past | favorite | 41 comments


I love Guacamole, but the authentication options leave a lot to be desired, in the sense that it defaults to saving passwords for all connections defined, which is nice for usability and, say, having predefined accounts for monitoring but a security nightmare for other purposes.

I wish the default were to prompt users to _always_ authenticate against the target systems, and store no passwords whatsoever.


The frontend code is really lean, so adding an authentication prompt should be fairly easy.


That’s not really my point. It should be there by default...


Well, they do have an issue tracker https://issues.apache.org/jira/projects/GUACAMOLE


That is still not the point.

This has been open since 2015:

https://glyptodon.org/jira/browse/GUAC-1303

New issue: https://issues.apache.org/jira/browse/GUACAMOLE-221


Downvoting for trying to help is kind of petty though


Wasn’t me, FWIW. Seems I got downvoted too.


Nice to see the love as this goes through the phases first as an incubator project and now the real enchilada.

Guacamole – A clientless remote desktop gateway | https://news.ycombinator.com/item?id=15389727 (Oct2017:1096points,216comments)


The install process is still very non trivial, to say the least. The usage expirience is very smooth, though, anazingly for RDP contained in a browser. Some browser addon to supplement the Keyboard shortcuts might be required if I want to use it as a regular phyisical console to a cloud desktop. All in all, pretty cool software!


The docs aren’t one step, but it’s not that hard

https://gist.github.com/maedoc/01fd7b97852ed2a6a24d5722055e8...


I just used a Docker compose file. Took me all of 15m...


Forgot I had actually put my fork up on GitHub, and tweaked it for the current versions:

https://github.com/rcarmo/docker-compose-guacamole


Would it be possible to use Guacamole in a setup with a server and a client, if neither the server or the client has an externally visible IP, and their firewalls cannot be configured?

Alternatively, are there other solutions which make it "easy" to enable SSH access to the server in such a scenario?


You can use something like https://ngrok.com/ to expose a local SSH server.


Perfect, thanks! Will check it out.


Gravitational Teleport[0] is exactly what you've just imagined.

I set up the free version a few month ago. if that suffices, its really neat.

if it doesn't... the paid version probably still won't be an option, because it's silly expensive.

[0] https://github.com/gravitational/teleport


Perfect, thanks! Will check it out.


They are exploring making it work over webrtc which would support such a use case (although you'd still need a signaling server to setup the initial connection)


You could give zero-tier a go. It supports that case and asked you to build a whole network, not just tunnel ssh.


"Easiest" way I can think of is to both connect them to an externally visible VPN server. This can be an Amazon micro instance or even a raspberry pi.


I've used guacamole many times and can only say good things about it. It's much easier to give a client web based access to their server than explaining how to use remote access.


Have set this up many times for less tech-savy friends. What I actually did was have them install docker-compose and provided them with a compose script to build up the latest version. I wouldn't use it myself though, I don't think I'd sleep well at night having a single factor auth webserver with access to my entire network.


I suppose you could set up a VPN that supports two-factor, then put the server behind it.


just require mutual auth (certificate based authentication)on the reverse proxy. extremely simple 2 factor auth


Dunno if I’d call dealing with your own SSL CA “simple”.


Previous discussion (54 days ago, 218 comments): https://news.ycombinator.com/item?id=15389727


Can I provide remote access to a Windows 10 desktop PC with this?


If you can enable RDP on it, you can.


So it specifically does not allow Windows 10 Home installs, without hacks [1]. Pro and Enterprise do allow RDP.

1: https://github.com/stascorp/rdpwrap


Discussed 54 days ago (1096 points):

https://news.ycombinator.com/item?id=15389727


"Desktops accessed through Guacamole need not physically exist".

I love cloud as much as the next guy, but it is comprised of machines which do have a physical existence.


That seems a little pedantic for what is almost certainly talking about VMs and VDIs which are contrasted with 'physical machines'.


Which do physically exist (a totally pedantic point).


But not as a physical desktop with a monitor, keyboard, and mouse.


I swear I see this pop up on HN once a month. Has anything changed?


The project graduated out of incubator status on the 15 Nov... I don't see a formal announcement about it anywhere, and that isn't really apparent from the page (other than the URL change). Not sure if that is why it was posted or not, but that seems to be what is different from the last time it was posted.


Cool


A browser is not a client?


I think they mean 'agentless' rather than 'clientless'. You don't need to install anything special on the remote machines, just enable standard remote access protocol (ssh, rdp, vnc, etc)


"We call it clientless because no plugins or client software are required."

Clientsoftware like mstsc, vncviewer, Teamviewer ... or a browser.


Also related. Thinlinc is free for 5 users and has a web and client access. Includes drag/drop file access, vnc accelerated video, sound, video resizing, etc.

https://www.cendio.com/thinlinc/features/html5




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: