Web版SSH工具GateOne

by LauCyun Aug 08,2017 17:04:57 24,526 views

在Windows下连接远程Linux主机可以使用Putty等工具。可是我们有时还是希望直接通过浏览器访问Linux主机,网上有wssh、Gateone等开源工具。比较一下:

  • wssh是基于paramiko模块的,但是通过paramiko模块访问vi 、vim、nano等软件会存在问题。
  • Gateone基本上已经满足了需要,效果是非常不错的。

下面我就来部署一下,我是基于Ubuntu 16.04。

1 安装Gateone

下载Gateone源码:

wget -c https://github.com/downloads/liftoff/GateOne/gateone-1.1.tar.gz
tar -vxf gateone-1.1.tar.gz
cd GateOne

配置Gateone依赖环境

apt-get install python python-pip python-imaging
pip install pyopenssl ordereddict tornado==2.4.1

开始安装,请确认是在GateOne目录中

python setup.py install

安装成功后,会生成/opt/gateone/目录。

2 修改配置文件

先运行gateone,并生成一个默认的配置文件

cd /opt/gateone
./gateone.py

然后修改配置文件

vim /opt/gateone/server.conf

修改内容如下:

# -*- coding: utf-8 -*-
locale = "en_US"
pam_service = "login"
syslog_facility = "daemon"
syslog_host = None
enable_unix_socket = False
port = 21604  #端口号,随意设置
uid = "0"
url_prefix = "/"
user_dir = "/opt/gateone/users"
dtach = True
certificate = "/opt/gateone/ubuntu-xenial.crt"  # SSL证书
log_to_stderr = False
session_logs_max_age = "30d"
gid = "0"
pid_file = "/var/run/gateone.pid"
sso_realm = None
cookie_secret = "NGI4NjI0MDAwY2JhNDNkNThkZTRkMDllNWJlMWY4MmQ2M"
pam_realm = "31d97bf9a740"
sso_service = "HTTP"
https_redirect = False
syslog_session_logging = False
disable_ssl = False
debug = False
session_dir = "/tmp/gateone"
auth = "none"
address = ""
api_timestamp_window = "30s"
log_file_num_backups = 10
logging = "info"
embedded = False
origins = "https://172.17.0.3;https://ubuntu-xenial.liuker.org"  # 设置需要用到的ip和域名
session_logging = True
unix_socket_path = "/var/run/gateone.sock"
ssl_auth = "none"
log_file_max_size = 104857600
session_timeout = "5d"
command = "/opt/gateone/plugins/ssh/scripts/ssh_connect.py -S '/tmp/gateone/%SESSION%/%SHORT_SOCKET%' --sshfp -a '-oUserKnownHostsFile=%USERDIR%/%USER%/ssh/known_hosts'"
ca_certs = None
js_init = ""
keyfile = "/opt/gateone/ubuntu-xenial.key"  # SSL密钥
log_file_prefix = "/opt/gateone/logs/webserver.log"

:wq保存后,重新运行

cd /opt/gateone
./gateone.py

在浏览器中打开https://ip:21604即可使用。

3 配置Nginx代理

如果使用https://ip:21604这样的地址,不方便不美观也不容易记,如果用Nginx代理端口,就能使用https://ubuntu-xenial.liuker.org来使用了Gateone了。

vim /usr/local/nginx/conf/sites-enabled/default

添加内容为:

# ubuntu-xenial.liuker.org
server {
    listen 443;
    server_name ubuntu-xenial.liuker.org;

    ssl on;
    ssl_certificate /usr/local/nginx/conf/ssl/ubuntu-xenial.crt;
    ssl_certificate_key /usr/local/nginx/conf/ssl/ubuntu-xenial.key;

    ssl_session_timeout 5m;

    ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
    ssl_prefer_server_ciphers on;

    location / {
        proxy_pass       https://172.17.0.3:21604;

        proxy_redirect off;
        proxy_pass_header Server;
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $http_address;
        proxy_set_header X-Scheme $scheme;

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

重新加载nginx配置:

/usr/local/nginx/sbin/nginx -s reload

在浏览器中打开https://ubuntu-xenial.liuker.org即可使用。

最后来几张图~


图1 登录界面


图2 查看进程


图3 使用vim编辑文件

Tags