Jumpserver is an open source from Python's Springboard (Fortress Machine) system, to achieve the role of the springboard. Based on the SSH protocol, the client does not need to install the agent.
Characteristics:
Fully open source, GPL licensed
Python writing, easy to develop again
Realize the basic functions of the springboard, certification, authorization, audit
Integrated ansible, Batch command, etc.
Support Webterminal
Bootstrap writing, beautiful interface
Automatic collection of hardware information
Video playback
Command Search
Real-time monitoring
Bulk upload Download
Jumpserver 3.0 Installation
In contrast to the Jumpserver 2.0 version, the LDAP authorization was canceled in the new version 3.0, and the interface was also changed, the function was more perfect, the installation was simpler, unlike the 2.0 version, it puzzled a lot of people. The following two hosts to build Jumpserver fortress machine.
Environment:
Centos 6.5 x86_64
Close Iptables, close SELinux
jumpserver:192.168.1.200
clients:192.168.1.210
PS: Operations only for Jumpserver,clients will not operate, but environmental requirements.
First, install the dependency pack
Yum-y Install Epel-release
Yum Clean all && yum Makecache
Yum-y Update
Yum-y install git python-pip mysql-devel gcc automake autoconf python-devel vim sshpass lrzsz readline-devel
Second, download jumpserver
Cd/opt
git clone https://github.com/jumpserver/jumpserver.git
Note: If the download fails, then go to GitHub to download the ZIP package, unzip decompression can
Third, execute the Quick install script
Cd/opt/jumpserver/install
Pip Install-r requirement.txt
To view installed packages
Pip Freeze
Python install.py
Enter the address of Jumpserver, default is: "192.168.1.200", enter can.
Whether to install MySQL: select "y" for installation
MySQL startup will require users to enter the mail server and account (later used to send user name, SSH pass, Web Pass, SSH key)
163 Mailbox with authorization password, not login password, remember.
After entering SMTP information, I found an error, it is Python's pycrypto module problem, it needs unloading load:
Pip Uninstall Pycrypto
Easy_install Pycrypto
After installation, continue with the Python install.py installation and enter the Web Administrator username and admin password, OK
Run crontab, periodically process failed connections, update asset information regularly
Cd/opt/jumpserver
Python manage.py crontab add
Note:
1 According to the prompts to enter the relevant information, complete the installation, after the installation is completed, please visit the Web, continue to view the following documents
2 If startup fails, please return to the upper directory and run manually./service.sh start
3 If./service.sh Start failed
Cd/opt/jumpserver
Python manage.py runserver 0.0.0.0:80
Python run_websocket.py
4 If startup fails, may be due to 80 ports and 3000 ports have been occupied, or the database account password is not correct, please check
Five, Web Login
http://192.168.1.200
Attention:
In the process of using jumpserver, one step is for the system user to push, to push successfully, the client (back-end server) to meet the following conditions:
1 Back-end servers need to have Python, sudo environment to use the Push user, batch command and other functions
2 Back-end server if SELinux is turned on, please install Libselinux-python
VI. Update code
Cd/opt/jumpserver
Git pull
The environment to build this step is over ~
First, user management
1) Add Users
Click User admin-> View user-> Add user
Enter the username, name, permission, mail, and send mail-> to be added to save
To view added users
View User Messages
The message contains the username, permissions, web password, SSH key password, and key download address.
2) Add user Group
Click User admin-> View user Group-> Add user Group
Add a new group-> operation Dimension Group
View the group that you just added
second, asset management
1) Add asset group
Click Asset Management-> View asset groups-> Add host group
Enter a group name and enter a description group purpose
2) Add assets
Click Asset Management-> View Assets-> Add assets
Input host name, host IP, Admin user name (Admin user, host must exist in Oh ~ can be root), port, asset group-> submit Save
3) Add room
Click Asset Management-> View Room-> Add room
Enter the name of the room, the other can be selected to fill-> save
third, authority management
1) sudo
Click Rights Management-> sudo-> add alias
Enter alias, System command, note-> Click Save
2) Adding system users
Click on authorized Management-> System User-> Add System user
Enter user name, password, admin sudo and notes-> click Save
After you have created the system, click Push to push the user name, password, and sudo information to the server.
Select System user, asset group-> Click Save
Push success
3) Authorization rules
Click authorization Management-> Authorization rules-> Add rules
Enter the authorization name, user/user group, asset/asset group, System user, notes-> click Save
Four, login
This time the creation is complete, the next user "Hongxue" through the Web and key login Fortress 192.168.1.200, and implement the jump to the server 192.168.1.210
1 Login via Web
You can see the user ID, username, permissions, key, last login, user group, number of authorized hosts, and host information.
Click to view host-> connection
The connection is successful and you can operate on the host.
2) login via SSH
Download key via address received in email
Click Tool-> user Key Manager
Click Import-> Enter user name, password
Connect the Jumpserver fortress 192.168.1.200, enter the key password to log in
Login successful ... Connect to the server from the list of authorizations 192.168.1.210
。。 For security, it is recommended that you configure Nginx reverse proxy jumpserver
Log_format Jump