Using native SSH client with ProxyCommand

[schlomo]

I’m connecting with NoMachine Enterprise Client from Mac to a Linux Terminal Server over SSH protocol.

My problem is that I need to use a ProxyCommand to establish the SSH connection as the server is not accessible via a direct connection. To illustrate, my ~/.ssh/config looks like this:

Host box
  Hostname box.some.domain
  ProxyCommand cloudflared access ssh --hostname %h

In this case, we are using cloudflared access to tunnel the SSH connection via the Cloudflare network.

My question is how to configure the NoMachine Enterprise Client to use the native SSH client to establish the connection and to trust the native SSH client to authenticate the connection?

In the attached screenshot you can see how a regular ssh connection works. The stuff in the red rectangle is the effect of the ProxyCommand, which creates an authenticated tunnel to the SSH server.

Attachments:

1. 

   SCR-20220620-iau.png
   

[kroy]

Hi

First of all close all nxplayer processes with button “Quit NoMachine player” which you can find by clicking on NoMachine icon on the system tray. This is needed to save changes in player.cfg. Configuration file you can find in ~/.nx/config/player.cfg. Key which you are looking for is “SSH client mode”. Change value from “library” to “native”. The line should look like this:

<option key="SSH client mode" value="native" />

[schlomo]

Thanks! That actually works. Can you please link to the documentation where this is explained? I couldn’t find that via a Google search.

Follow up question: How can I change the path that is used by the NX Client? Currently the PATH is only the bare system directories:

$ ps eww -o command 1675 | tr ' ' '\n'
COMMAND
/Applications/NoMachine.app/Contents/MacOS/nxplayer
COMMAND_MODE=unix2003
PATH=/usr/bin:/bin:/usr/sbin:/sbin
TMPDIR=/var/folders/0g/3s3mgqqn6k78g_qx_sryqr8c0000gn/T/
__CFBundleIdentifier=com.nomachine.nxdock
LOGNAME=xxx
HOME=/Users/xxx
XPC_FLAGS=0x0
USER=xxx
DISPLAY=/private/tmp/com.apple.launchd.fjVgzdDVok/org.xquartz:0
SSH_AUTH_SOCK=/private/tmp/com.apple.launchd.86zqQQ0wCW/Listeners
XPC_SERVICE_NAME=application.com.nomachine.nxdock.32575488.37668810
SHELL=/bin/zsh
__CF_USER_TEXT_ENCODING=0x1F5:0x0:0x0

And my ProxyCommand binary is of course in /opt/homebrew/bin/cloudflared.

The problem is that the SSH process spawned by the NX client can’t find that binary as the PATH is missing the Homebrew or even the /usr/local/bin directory.

Of course I could solve that with a custom SSH wrapper, I was wondering if I could solve that via NX Client configuration.

Another question: How should I configure the NX Client profile to not ask for username or password? Essentially to not ask for anything and just use the system SSH binary to deal with the connection? And also to not try to configure authentication methods?

[kroy]

Everything you need to know is the following document in our knowledge base which gives multiple examples of what and how to configure specific items of the player.cfg and session file. Please see:

https://kb.nomachine.com/DT11R00186

Additional information about storing the password is available here. https://kb.nomachine.com/AR01C00125

This key <option key="SSH Client" value="/usr/bin/ssh" /> can be used to change the path to the native client. So if you want to change the env, you can create a script to do this and then spawn the ssh process by using the path of the script as the value.

[Author]

Posts