1. first of all, why should Web ssh?
Some people say, there are xshell,securert,putty and so many SSH terminal, for why also to get a web of ssh, not enough two? How much does it work?
There is a web of ssh, really does not have much role, indeed can not replace the SSH client, but you think not, similar to Xshell,securert,putty, in the operation and maintenance management is indeed a lot of trouble, different users, need different logins, authorization and so on management, and there is a certain risk , such as personal computers being attacked and so on security issues?
Summarize:
For small companies such as only 50~100 to the server, in the actual use is not necessary to use the WEB-SSH solution, the traditional way to connect and manage the Linux server can be maintained.
But we are actually using the process, with the server more and more, the traditional securecrt to manage more and more trouble, because the server increased to hundreds of units, (SECURECRT directory and connection list will be more and more) when we need to connect some of these machines, when the need to quickly
When connecting and locating problems, it also takes some time to find and connect. This is not what we want, so we urgently need the opportunity WEB-SSH solution.
2. Is there a solution?
In fact, many companies are now using a series of security measures such as Fortress machine, springboard machine to prevent illegal access to the system, many companies have realized the login system requires a mobile phone verification code, it is a security solution.
3. Are there other solutions?
Well, here I recommend a software that can replace the function of the Ops fortress machine, and that is the gateone here.
Before you talk about the Ops fortress machine, let's get to know what the Ops fortress machine is.
Operation and maintenance Fortress machine concept originated from the springboard machine, then the weakness of the springboard machine where?
Idea one: Only control can really solve the problem
Concept Two: System account cannot confirm user identity
Concept three: Human operation will inevitably be problematic
Thus, the subsequent operation of the Fortress Machine, operation and maintenance of the Fortress machine has the identity of operators, operation and maintenance operations of access control and audit functions (from the Baidu Encyclopedia to read the interpretation of http://baike.baidu.com/view/4274690.htm, At present, there are many manufacturers can provide operation and maintenance Fortress machine products, but as a devops or operations personnel, like to do their own functions to achieve!
4. Recommended Solutions
Can see, operation and maintenance Fortress machine benefits a lot, effectively control the operation and maintenance risk, and today to introduce the Gateone, is a set of their own open-source Fortress machine solution.
5. Introduction to Gateone
Personally think that Gateone is a high-end atmosphere on the level of the web SSH, similar products, either experience is not good, or the interface is not pleasing to the eye, or with subtle bug, until met Gateone, just think the web ssh can be so useful.
See what Web SSH terminals are available
Https://github.com/aluzzardi/wssh
Https://code.google.com/p/shellinabox
Http://code.google.com/p/web-shell
Https://github.com/antonylesuisse/qweb
You can try it one by one.
Gateone is a web-version SSH terminal simulator written using HTML5 technology.
· Based on modern HTML5 technology, no browser plugins are required .
· Supports multiple SSH processes .
· Can be embedded in any other application.
· Support for plugins written using JavaScript,Python , or even pure CSS .
· Supports a copy of the SSH process and opens multiple processes without having to enter the password repeatedly.
· Support a variety of server-side logging capabilities , support keberos-based Single sign-on or even Active Directory.
· Support Operation logging, with Operation Record replay function
Project Address Https://github.com/liftoff/GateOne
Document Address http://liftoff.github.io/GateOne/About/
Developing language Python
Frame TORNADO+HTML5
Current version 1.1
Easy to install, easy to use, more versatility see the official documentation.
6. Installing Gateone
My system version is CentOS release 6.4 64bit
Browser version is Chrome 30, look at the official document, Gateone in IE browser is not supported (despise IE, although my computer has IE browser, but always let it lie asleep), supported browsers have Chrome,firefox, so if you use IE can not display ...
#wget https://github.com/downloads/liftoff/GateOne/tornado-2.4-1.noarch.rpm
#wget https://github.com/downloads/liftoff/GateOne/gateone-1.1-1.noarch.rpm
# RPM-IVH http://mirrors.sohu.com/fedora-epel/6Server/x86_64/epel-release-6-8.noarch.rpm (Epel source, can not be installed)
# yum Localinstall tornado-2.4-1.noarch.rpm # yum localinstallgateone-1.1-1.noarch.rpm # Easy_install Install ordereddict
#cd/opt/gateone #./gateone.py #运行这个脚本, the server.conf configuration file is generated
If the following error occurs
is to prompt you not to install Ordereddict
Okay, start the service.
#cd/opt/gateone
#./gateone.py
Gateone Installation Script: Http://pan.baidu.com/s/1qW4sHLM
If you want to run it in the background, use Serveri to start
#/etc/init.d/gateone Start
OK, the service starts successfully and is accessed through the browser
My IP address is 192.168.0.201.
So the access address is https://192.168.0.201, click Continue
If the following message appears, follow these steps to process it
Prompt for this URL access is denied, look at the Web log as follows
1. Modifications
#vim/opt/gateone/server.conf
If all goes well, see the following interface
Haha, finally into the system, LS below
Try a vim/etc/passwd.
Don't worry, there is also log audit function, support log playback Oh!
A screen is not a bit monotonous, to open 4 screens to try
There are more fun features that show pictures
Well, if you haven't seen enough, I suggest you try it quickly. To experience the charms of the following Web SSH!
What, is not high-end atmosphere on the grade?
7. Said so much, is not agreed to get what operation and maintenance fortress machine function, how I did not see, don't worry, this is exactly what I want to say function.
Gateone provides web-based SSH functionality, then, asset system, operation and maintenance system, other user rights distribution system, and log replay function, need devops to develop themselves, combined with gateone, to ensure that you play the cool crooked, as to how to develop this fortress machine function system, Oneself slowly realize oh, here is donuts!
8.WEB-SSH API Interface Development
First
Blog text taken from (partially modified): http://itnihao.blog.51cto.com/1741976/1311506
Open source Web terminal SSH Solution--gateone