Often the whole team of people working on different computers and even from different locations should share single terminal session. Shared session means all team is typing on “remotely-shared” keyboard (one at the time) and viewing “remotely-shared” screen with output of remote host (simultaneously). This “shared” Proxy32 terminal session can be login session to remote host or session of local Proxy32 terminal CYGWIN bash shell activities.
When such “sharing” may be needed:
More experienced members of the team have to couch/teach colleagues and help them remotely.
- Only single login session is available for many people
Remote host allows only one single login session but many people should perform their part of work with remote host (one at the time as this is the same terminal session).
- Execute legacy scripts from another terminal software
User has to use different terminal software to work with the same terminal session. Say, user works most of the time in Proxy32 terminal session but still has to run legacy scripts written long time ago for another automated terminal. Examples: Expect script to interact with remote host over telnet in Xterm, TeraTerm script, SecureCRT script, AbsoluteTelnet script, etc. If user does not want to convert/adapt those legacy scripts to use them in Proxy32 terminal there is another way to execute them into existing Proxy32 terminal session. Another terminal (the one that can run legacy script) can be temporarily connected to Proxy32 terminal session (via Proxy32 terminal session sharing port) to execute it’s own legacy script into this existing Proxy32 session. Then another terminal is disconnected from the session and user continues to work with the same session in Proxy32 terminal.
Every Proxy32 terminal window has built-in TELNET/TLS server and one “serving/listening” COM-PORT to share existing terminal session with remote users. Remote users connect via TELNET, TELNET/TLS or Serial protocol to Proxy32 terminal to receive copy of the output from remote host and to be able to type commands into shared terminal session. One user at the time can type commands to the remote host (shared session means shared keyboard and shared screen), otherwise remote host will be confused. Local User at the Proxy32 terminal can switch Remote users into “read only” mode when they will receive output from remote host but they cannot type commands to the host.
- TELNET server: Unlimited number of remote users (telnet clients). No authentication, no encryption. Remote user needs to know only “sharing” TCP port number to connect to Proxy32 terminal session. But the port number is random by default, so Local User has to supply this information to Remote User before Remote User can connect to the terminal of Local User.
- TELNET/TLS server (TELNET protocol over Transport Layer Security protocol): Unlimited number of remote users (telnet/TLS clients). Certificate authentication (server only or both server and client). Encryption is implemented by Microsoft Windows SCHANNEL library (that is also used for TLS part of HTTPS by MS Internet Explorer). Remote user initially needs to know “sharing” TCP port number to connect to Proxy32 terminal session. After TCP connection is established, both parties will validate each other’s certificates (digital IDs) and (if validation is successful) proceed to cipher negotiation. When Cipher is negotiated, encryption starts and then TELNET connection is established inside of already encrypted TLS/TCP pipe.
- Serial (COM-PORT): One remote user (serial Terminal). No authentication, no encryption. Remote user needs to know only “sharing” COM-PORT number and settings to connect to Proxy32 terminal session. Useful to connect over Bluetooth COM-PORT link to share Terminal session between two computers that are IP-isolated by firewalls or by infrastructure.
Step-by-step example, using two terminals in the same Proxy32 workspace
Create terminal and connect it to remote equipment. This is terminal session that will be shared.
Obtain information that remote users will need to connect to the shared session (to the terminal created on Step 1). Shared session owner should open drop-down list (reference 10) in the shared terminal and select desired item in this list.
Text of the selected item is copied to clipboard to make it easy to paste it into text message or e-mail and send this info to the remote user who will use this info to connect to the shared session. Content of the list has 3 parts separated by horizontal lines. Upper part contains TCP port number that should be used to connect to the shared session (each shared session – aka terminal window – has its own unique port number). Middle part of the list contains list of the IP addresses which can be used to connect to the shared session. Bottom part of the list contains all possible combinations “protocol/IP-address/port” that can be used to connect to the shared session. Protocol can be either TELNET or TELNET-TLS depending on the state of the button “TLS on/off” (reference 9).
List of IP addresses can contain single IP address 127.0.0.1 if option “TSS Server listens only on loopback IP” is turned on in the terminal menu “Control/Sharing Terminal Session with other users/TELNET/TLS SERVER”. Drop-down list contains information about different combinations so that owner of the shared session can choose which list element he/she wants to copy to clipboard for sending to remote user. List content is refreshed every time when it is opened. Next time drop-down list is opened, list of IP addresses or protocol may be different if configuration of the terminal or the computer has changed.
User also has to make sure that option “TSS Server denies new connections” in terminal menu is not enabled.
When TELNET-TLS is used for terminal session sharing, it may be necessary to set parameters for TLS protocol, including selection of the certificate that will be used to authenticate session sharing connection.
Telnet server in each terminal window is using its own unique TCP port number in order to receive connection requests coming from telnet terminals of the remote users. Therefore, by choosing connection port number remote user can choose to which terminal window of the main user he/she will be connected.
By default, in Proxy32 when the new terminal window is created TCP port number for the built-in telnet server is selected from the list of available ports that is kept in the system. If several windows of the built-in terminal created one by one then TCP port numbers for those windows may happen to be sequential. When window of the built-in terminal is closed, TCP port number that is used by this window is freed and later can be assigned to one of the newly created windows. By default, user doesn’t have control over the port numbers assigned to the newly created terminal windows. When telnet server is located behind the firewall user can choose an option when every newly created window will try to use the same fixed initial port number, for example, 1300. If this port number is available, it will be used and if it is already assigned then window will try to use next port number, 1301. This process will continue by increasing port number by one every time until available port will be found and used. Next created terminal window will use the same algorithm for the port number selection. As a result, all newly created terminal windows will have port numbers in the range 1300 and above assuming that this port range is available in the system. User can turn on and off this port selection algorithm. Also, user can choose initial port number that is set by default to 1300. Those settings are located in the menu “Settings/Initial Terminal Settings/Terminal Session Sharing” in the LauncherTree window. Default value of the initial port number is selected for Windows XP. If Proxy32 is running on the other Windows operational systems initial port number may have to be corrected, so that its value will get into the range of the free ports that are available for use in this particular Windows operational system. If Proxy32 is running behind the firewall port range that is used by the built-in terminal windows (in our example this is the port range starting from 1300 and above) has to be open in the firewall to let remote users connect to the terminal windows.
Remote user connects to shared session using information received from the owner of the shared session. If remote user received from the owner of the shared session line “telnet belous-PC 64382″, that is copied from the drop-down list in the shared terminal, then he/she can paste this line into his/her bash terminal and press “Enter” key to connect to shared session. When TELNET-TLS is used for terminal session sharing, it may be necessary to set parameters for TLS protocol, including selection of the certificate that will be used to authenticate session sharing connection.
Owner of the shared session is notified when remote user has connected to the shared session. This information appears as the message in the window of the shared terminal. In addition, list of all remote users connected to the shared session is contained in the drop-down list (reference 11) in the lower part of the window of the shared terminal.
Owner of the shared session and remote user connected to the shared session can type commands in turn into the shared session. Command execution results are printed simultaneously into both terminals.
Remote user disconnects from the shared session by disconnecting his/her terminal (for example, by pressing “Ctrl-]”, and then typing “quit” at the “telnet>” prompt). Owner of the shared session is notified when remote user has disconnected from the shared session. This information appears as the message in the window of the shared terminal. In addition, list of all remote users connected to the shared session is contained in the drop-down list (reference 11) in the lower part of the window of the shared terminal.
Owner of the shared session can disconnect remote user (or prevent him/her from typing into shared session) by using commands in the terminal menu.