Jumpserver Fortress Machine Environment Construction (picture and text detailed)

Jumpserver is an open source from Python's Springboard (Fortress Machine) system, to achieve the role of the springboard. Based on the SSH protocol, the client does not need to install the agent.

Characteristics:

Fully open source, GPL licensed
Python writing, easy to develop again
Realize the basic functions of the springboard, certification, authorization, audit
Integrated ansible, Batch command, etc.
Support Webterminal
Bootstrap writing, beautiful interface
Automatic collection of hardware information
Video playback
Command Search
Real-time monitoring
Bulk upload Download

Jumpserver 3.0 Installation

In contrast to the Jumpserver 2.0 version, the LDAP authorization was canceled in the new version 3.0, and the interface was also changed, the function was more perfect, the installation was simpler, unlike the 2.0 version, it puzzled a lot of people. The following two hosts to build Jumpserver fortress machine.

Environment:
Centos 6.5 x86_64
Close Iptables, close SELinux
jumpserver:192.168.1.200
clients:192.168.1.210
PS: Operations only for Jumpserver,clients will not operate, but environmental requirements.

First, install the dependency pack
Yum-y Install Epel-release
Yum Clean all && yum Makecache
Yum-y Update
Yum-y install git python-pip mysql-devel gcc automake autoconf python-devel vim sshpass lrzsz readline-devel

Second, download jumpserver
Cd/opt
git clone https://github.com/jumpserver/jumpserver.git
Note: If the download fails, then go to GitHub to download the ZIP package, unzip decompression can

Third, execute the Quick install script
Cd/opt/jumpserver/install

Pip Install-r requirement.txt

To view installed packages
Pip Freeze

Python install.py
Enter the address of Jumpserver, default is: "192.168.1.200", enter can.
Whether to install MySQL: select "y" for installation

MySQL startup will require users to enter the mail server and account (later used to send user name, SSH pass, Web Pass, SSH key)

163 Mailbox with authorization password, not login password, remember.

After entering SMTP information, I found an error, it is Python's pycrypto module problem, it needs unloading load:
Pip Uninstall Pycrypto
Easy_install Pycrypto

After installation, continue with the Python install.py installation and enter the Web Administrator username and admin password, OK

Run crontab, periodically process failed connections, update asset information regularly
Cd/opt/jumpserver
Python manage.py crontab add

Note:
1 According to the prompts to enter the relevant information, complete the installation, after the installation is completed, please visit the Web, continue to view the following documents
2 If startup fails, please return to the upper directory and run manually./service.sh start
3 If./service.sh Start failed
Cd/opt/jumpserver
Python manage.py runserver 0.0.0.0:80
Python run_websocket.py
4 If startup fails, may be due to 80 ports and 3000 ports have been occupied, or the database account password is not correct, please check

Five, Web Login
http://192.168.1.200

Attention:
In the process of using jumpserver, one step is for the system user to push, to push successfully, the client (back-end server) to meet the following conditions:
1 Back-end servers need to have Python, sudo environment to use the Push user, batch command and other functions
2 Back-end server if SELinux is turned on, please install Libselinux-python

VI. Update code
Cd/opt/jumpserver
Git pull

The environment to build this step is over ~

First, user management

1) Add Users

Click User admin-> View user-> Add user

Enter the username, name, permission, mail, and send mail-> to be added to save

To view added users

View User Messages
The message contains the username, permissions, web password, SSH key password, and key download address.

2) Add user Group

Click User admin-> View user Group-> Add user Group

Add a new group-> operation Dimension Group

View the group that you just added

second, asset management

1) Add asset group

Click Asset Management-> View asset groups-> Add host group

Enter a group name and enter a description group purpose

2) Add assets

Click Asset Management-> View Assets-> Add assets

Input host name, host IP, Admin user name (Admin user, host must exist in Oh ~ can be root), port, asset group-> submit Save

3) Add room

Click Asset Management-> View Room-> Add room

Enter the name of the room, the other can be selected to fill-> save

third, authority management

1) sudo

Click Rights Management-> sudo-> add alias

Enter alias, System command, note-> Click Save

2) Adding system users

Click on authorized Management-> System User-> Add System user

Enter user name, password, admin sudo and notes-> click Save

After you have created the system, click Push to push the user name, password, and sudo information to the server.

Select System user, asset group-> Click Save

Push success

3) Authorization rules

Click authorization Management-> Authorization rules-> Add rules

Enter the authorization name, user/user group, asset/asset group, System user, notes-> click Save

Four, login

This time the creation is complete, the next user "Hongxue" through the Web and key login Fortress 192.168.1.200, and implement the jump to the server 192.168.1.210

1 Login via Web
You can see the user ID, username, permissions, key, last login, user group, number of authorized hosts, and host information.

Click to view host-> connection

The connection is successful and you can operate on the host.

2) login via SSH

Download key via address received in email

Click Tool-> user Key Manager

Click Import-> Enter user name, password

Connect the Jumpserver fortress 192.168.1.200, enter the key password to log in

Login successful ... Connect to the server from the list of authorizations 192.168.1.210

。。 For security, it is recommended that you configure Nginx reverse proxy jumpserver

Log_format Jump