
Apache Guacamole – A clientless remote desktop gateway - WhyNotHugo
https://guacamole.apache.org/
======
rcarmo
I love Guacamole, but the authentication options leave a lot to be desired, in
the sense that it defaults to saving passwords for all connections defined,
which is nice for usability and, say, having predefined accounts for
monitoring but a security nightmare for other purposes.

I wish the default were to prompt users to _always_ authenticate against the
target systems, and store no passwords whatsoever.

~~~
emsy
The frontend code is really lean, so adding an authentication prompt should be
fairly easy.

~~~
rcarmo
That’s not really my point. It should be there by default...

~~~
emsy
Well, they do have an issue tracker
[https://issues.apache.org/jira/projects/GUACAMOLE](https://issues.apache.org/jira/projects/GUACAMOLE)

~~~
rcarmo
That is still not the point.

This has been open since 2015:

[https://glyptodon.org/jira/browse/GUAC-1303](https://glyptodon.org/jira/browse/GUAC-1303)

New issue:
[https://issues.apache.org/jira/browse/GUACAMOLE-221](https://issues.apache.org/jira/browse/GUACAMOLE-221)

~~~
emsy
Downvoting for trying to help is kind of petty though

~~~
rcarmo
Wasn’t me, FWIW. Seems I got downvoted too.

------
j_s
Nice to see the love as this goes through the phases first as an incubator
project and now the real enchilada.

Guacamole – A clientless remote desktop gateway |
[https://news.ycombinator.com/item?id=15389727](https://news.ycombinator.com/item?id=15389727)
(Oct2017:1096points,216comments)

------
reembs
The install process is still very non trivial, to say the least. The usage
expirience is very smooth, though, anazingly for RDP contained in a browser.
Some browser addon to supplement the Keyboard shortcuts might be required if I
want to use it as a regular phyisical console to a cloud desktop. All in all,
pretty cool software!

~~~
rcarmo
I just used a Docker compose file. Took me all of 15m...

~~~
rcarmo
Forgot I had actually put my fork up on GitHub, and tweaked it for the current
versions:

[https://github.com/rcarmo/docker-compose-
guacamole](https://github.com/rcarmo/docker-compose-guacamole)

------
pveierland
Would it be possible to use Guacamole in a setup with a server and a client,
if neither the server or the client has an externally visible IP, and their
firewalls cannot be configured?

Alternatively, are there other solutions which make it "easy" to enable SSH
access to the server in such a scenario?

~~~
discordianfish
You can use something like [https://ngrok.com/](https://ngrok.com/) to expose
a local SSH server.

~~~
pveierland
Perfect, thanks! Will check it out.

------
fermuch
I've used guacamole many times and can only say good things about it. It's
much easier to give a client web based access to their server than explaining
how to use remote access.

------
Sektor
Have set this up many times for less tech-savy friends. What I actually did
was have them install docker-compose and provided them with a compose script
to build up the latest version. I wouldn't use it myself though, I don't think
I'd sleep well at night having a single factor auth webserver with access to
my entire network.

~~~
khaki54
just require mutual auth (certificate based authentication)on the reverse
proxy. extremely simple 2 factor auth

~~~
snuxoll
Dunno if I’d call dealing with your own SSL CA “simple”.

------
jlgaddis
Previous discussion (54 days ago, 218 comments):
[https://news.ycombinator.com/item?id=15389727](https://news.ycombinator.com/item?id=15389727)

------
pcunite
Can I provide remote access to a Windows 10 desktop PC with this?

~~~
jlgaddis
If you can enable RDP on it, you can.

~~~
berbec
So it specifically does not allow Windows 10 Home installs, without hacks [1].
Pro and Enterprise do allow RDP.

1: [https://github.com/stascorp/rdpwrap](https://github.com/stascorp/rdpwrap)

------
merricksb
Discussed 54 days ago (1096 points):

[https://news.ycombinator.com/item?id=15389727](https://news.ycombinator.com/item?id=15389727)

------
hossbeast
"Desktops accessed through Guacamole need not physically exist".

I love cloud as much as the next guy, but it is comprised of machines which do
have a physical existence.

~~~
Spivak
That seems a little pedantic for what is almost certainly talking about VMs
and VDIs which are contrasted with 'physical machines'.

~~~
hossbeast
Which do physically exist (a totally pedantic point).

~~~
Vendan
But not as a physical _desktop_ with a monitor, keyboard, and mouse.

------
jowsie
I swear I see this pop up on HN once a month. Has anything changed?

~~~
ensignavenger
The project graduated out of incubator status on the 15 Nov... I don't see a
formal announcement about it anywhere, and that isn't really apparent from the
page (other than the URL change). Not sure if that is why it was posted or
not, but that seems to be what is different from the last time it was posted.

------
supergreg
Cool

------
gsich
A browser is not a client?

~~~
heroprotagonist
I think they mean 'agentless' rather than 'clientless'. You don't need to
install anything special on the remote machines, just enable standard remote
access protocol (ssh, rdp, vnc, etc)

~~~
gsich
"We call it clientless because no plugins or client software are required."

Clientsoftware like mstsc, vncviewer, Teamviewer ... or a browser.

------
IronWolve
Also related. Thinlinc is free for 5 users and has a web and client access.
Includes drag/drop file access, vnc accelerated video, sound, video resizing,
etc.

[https://www.cendio.com/thinlinc/features/html5](https://www.cendio.com/thinlinc/features/html5)

