Shulou(Shulou.com)06/03 Report--

This article brings you tutorials on installing and using jumpserver. In this paper, the brief introduction of jumpserver, the installation and deployment of jumpserver and the simple use of jumpserver are introduced in detail.

Jumpserver is an open source jumper (fortress system) written by Python, which realizes the proper function of jumper. It manages server resources based on ssh protocol, and the client does not need to install jumpserver client software programs. * introduction to the fortress machine

In a specific network environment (such as internal and external networks), in order to ensure that the server data in the company's network will not be damaged by the outside world, various technical means are used to collect and monitor the status of the company's servers, security time, so as to centralize the alarm, and deal with it in a timely manner.

We also call the fortress machine a jumping machine, and the simple jumping machine has simple functions. The main core function is remote login server and log audit excellent open source software jumpserver, with complete functions such as authentication, authorization, audit, automation, asset management (intranet server resource allocation) and so on.

* characteristics of Jumpserver

1. Completely open source

2.Python is written to facilitate secondary development.

3. Realize the basic functions, authentication, authorization and audit of the jumping machine.

4. Integrate Ansiable, realize batch operation command, etc.

5. Support for web terminals

6.Bootstrap is written with beautiful interface.

7. Automatically collect hardware information

8. Video playback, command search, real-time monitoring

* Jump architecture diagram

Users access the nginx proxy server page through the browser. The nginx server acts as a proxy server in the jump architecture, which is used to proxy the web pages of jumpserver programs, coco programs, luna programs and guacamole programs. It is convenient for users to use. If nginx is not used as the proxy server, it is troublesome for users to access the page (for example, coco programs need to use port 8080 and guncamole needs other ports, which is not convenient to use. And subsequent page jumps may lead to not found), nginx calls luna program settings terminal uses ssh protocol to connect back-end assets (back-end servers).

Jumpserver component description

The administrative background of Jumpserver:jumpserver

Coco: implements the components of ssh server and web terminals, and provides ssh and websocket interfaces

Luna: is the front end of web Terminal (used to show and interact with users) front-end pages are completed by the project

Guacamole:apache 's springboard project, jumpserver uses its components to implement RDP (remote Desktop) function, can, jumpserver adds additional plug-ins to guacamole, does not modify itself, and implements calling

two。 Install jumpserver

Download the software package

Installation hardware introduction centos 7 4G or above memory at least dual-core processor

Install dependent environment: python3.6 or above back-end database redis

Modify character set The Chinese character [root@localhost ~] # localedef-c-f UTF-8-I zh_CN zh_CN.UTF-8 / /-c enforces the character set specified by f-I from that source [root@localhost ~] # export LC_ALL=zh_CN.UTF-8 / / sets the character set to the environment variable [root@localhost ~] # echo 'LANG= "zh_CN.UTF-8"' > / etc/locale .conf / / add to character configuration file install python environment [root@bogon ~] # yum-y install wget sqlite-devel xz gcc automake zlib-devel openssl-devel epel-release git [root@bogon ~] # tar xf Python-3.6.1.tar.xz-C / usr/src/ [root@bogon ~] # cd / usr/src/Python-3.6.1/ [root@bogon Python-3.6.1] #. / configure & & make & & make install create python to run Virtual Environment [root@bogon] # cd / opt/ [root@bogon opt] # python3-m venv py3/ / venv python py3 Virtual Environment name [root@bogon opt] # source / opt/py3/bin/activate (py3) [root@bogon opt] # automatically load python Virtual Environment Settings (py3) [root@bogon opt] # cd / opt/ (py3) [root@bogon opt ] # git clone https://github.com/kennethreitz/autoenv.git / / Clone the project from the github website to the local project path https://github.com/kennethreitz/autoenv is cloning to 'autoenv'... Remote: Enumerating objects: 16, done. Remote: Counting objects: 100% (16 amp 16), done. Remote: Compressing objects: 100% (13 amp 13), done. Remote: Total 688 (delta 5), reused 9 (delta 3), pack-reused 672 recipients: 100% (688 KiB), 111.91 KiB | 108.00 KiB/s, done. Processing delta: 100% (362 Universe), done. (py3) [root@bogon opt] # echo 'source / opt/autoenv/activate.sh' > > / root/.bashrc (py3) [root@bogon opt] # source ~ / .bashrc (py3) [root@bogon opt] # install jumpserver (py3) [root@bogon requirements] # unzip jumpserver.zip (py3) [root@bogon requirements] # echo "source / opt/py3/bin/activate" > / opt/jumpserver/.env (py3) [root@bogon requirements] # cd Jumpserver/ install dependency package rpm / / enter y (py3) [root@bogon requirements] # yum-y install $(cat rpm_requirements.txt) (py3) [root@bogon requirements] # pip install-upgrade pip Collecting pip Downloading https://files.pythonhosted.org/packages/54/0c/d01aa759fdc501a58f431eb594a17495f15b88da142ce14b5845662c13f3/pip-20.0.2-py2.py3-none-any.whl (1.4MB) 100% | █ █ | 1.4MB 883kB/s Installing collected packages: pip Found existing installation: pip 9.0.1 Uninstalling pip-9.0.1: Successfully uninstalled pip-9.0.1 Successfully installed pip-20.0.2 (py3) [root@bogon requirements] # pip install wheel Collecting wheel Downloading wheel-0.34.2-py2.py3-none-any.whl (26 kB) Installing collected packages: wheel Successfully installed wheel-0.34.2 (py3) [root@bogon requirements] # pip install-r requirements.txt-I https://mirrors.aliyun.com/pypi/simple/ pip install-r treat the contents of the file as an installation package-I specify the connection to download the installation package Pip is the command to install the package in python Equivalent to the yum command (wait a few minutes for installation) to install mariadb and redis (py3) [root@bogon requirements] # yum-y install mariadb mariadb-devel mariadb-server (py3) [root@bogon requirements] # systemctl start mariadb (py3) [root@bogon requirements] # mysqladmin-u root password 1234.com (py3) [root@bogon requirements] # mysql-u root-p1234.com / / Log in database to create jumpserver library to store jumpserver data MariaDB [( None)] > create database jumpserver default charset 'utf8' / / create a database named jumpserver MariaDB [(none)] > grant all on jumpserver.* to jumpserver@127.0.0.1 identified by '1234.compositions; / / jumpserver has all permissions to the database, and the password is 123.com MariaDB [(none)] > flush privileges MariaDB [(none)] > exit (py3) [root@bogon requirements] # ss-lnt | grep 3306 LISTEN 0 50 *: 3306 *: * (py3) [root@bogon requirements] # yum-y install redis (py3) [root@bogon requirements] # systemctl start redis (py3) [root@bogon requirements] # netstat-anpt | grep redis tcp 0 0127.0.0.1 : 6379 0.0.0.0 LISTEN 75890/redis-server configuration jumpserver file (py3) [root@bogon requirements] # cd / opt/jumpserver/ (py3) [root@bogon jumpserver] # cp config_example.yml config.yml / / generate SECRET_KEY write configuration file (py3) [root@bogon jumpserver] # cat / dev/urandom | tr-dc A-Za-z0-9 | head-c 50 / / copy the generated code of this command to the configuration file (py3) [root@bogon jumpserver] # cat / dev/urandom | tr-dc A-Za-z0-9 | head-c 16 / / copy the generated code of this command to the configuration file

Install the coco component and configure (py3) [root@bogon requirements] # unzip coco.zip (py3) [root@bogon requirements] # cd coco (py3) [root@bogon requirements] # echo "source / opt/py3/bin/activate" > / opt/coco/.env (py3) [root@bogon requirements] # cd requirements/ (py3) [root@bogon requirements] # yum-y install $(cat rpm_requirements.txt) (py3) [root@bogon requirements] # pip install-r requirements.txt (py3) [root@bogon requirements] # cd. (py3) [root@bogon coco] # cp config_example.yml config.yml (py3) [root@bogon coco] # vim / opt/jumpserver/config.yml / / copy the 16-bit code in this file to (py3) [root@bogon coco] # vim config.yml

(py3) [root@bogon coco] #. / cocod start-d Use eventlet dispatch Start coco process (py3) [root@bogon coco] # netstat-anpt | grep 2222 tcp 00 0.0.0.0 cocod start 2222 0.0.0.0 LISTEN 33439/python3 install guacamole and luna (py3) [root@jumpserver] # yum install-y yum-utils device-mapper-persistent-data lvm2 (py3) [root@jumpserver] # yum-config-manager-- add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo (py3) [root@jumpserver ~] # yum makecache fast (py3) [root@jumpserver ~] # yum- y install docker-ce (py3) [root@jumpserver ~] # systemctl start docker (py3) [root@jumpserver ~] # docker load < guacamole.tar (py3) [root@jumpserver ~] # docker run -- name jms_guacamole-d\-p 8081 JUMPSERVER_KEY_DIR=/config/guacamole/key 8080-v / opt/guacamole/key:/config/guacamole/key\-e JUMPSERVER_KEY_DIR=/config/guacamole/key\-e JUMPSERVER_SERVER= http://192.168.1.10:8080\ jumpserver/guacamole:latest (py3) [root@jumpserver ~] # ss-lnt | grep 8081 LISTEN 0 128: 8081:: * (py3) [root@jumpserver ~] # tar zxf luna.tar.gz-C / opt install nginx (py3) [root@jumpserver ~] # tar zxf nginx-1.2.4.tar.gz-C / usr/src (py3) [root@jumpserver ~] # cd / usr/src/nginx-1.2.4/ (py3) [root@jumpserver nginx-1.2.4] # / configure & & make & & make install (py3) [root@jumpserver nginx-1.2.4] # ln-sf / usr/local/nginx/sbin/nginx / usr/local/bin/ (py3) [root@jumpserver nginx-1.2.4] # cd / usr/local/nginx/conf/ (py3) [root@jumpserver conf] # cp nginx.conf nginx.conf.bak (py3) [root@jumpserver conf] # mv / root/nginx.conf. Mv: overwrite ". / nginx.conf"? Y / / copy the nginx.conf from the package at the beginning of the post to the nginx main configuration file (py3) [root@jumpserver conf] # nginx-t nginx: the configuration file / usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file / usr/local/nginx/conf/nginx.conf test is successful (py3) [root@jumpserver conf] # nginx (py3) [root@jumpserver conf] # ss-lnt | grep-w 80 LISTEN 0128 *: 80 *: ``client test

Create a normal user

Create an administrative user

Create a system user

Create back-end assets

Experimental environment, so open a virtual machine 192.168.1.131 as a test (the client of the web page is definitely not on the same network segment as the back-end asset, because users can operate on the back-end server only when they log in to jumpserver through the public network)!

Create authorization rules

Connect back-end assets

This is the end of the tutorial on the installation and use of jumpserver. I hope the above content can be of some help to you and can learn more. If you like this article, you might as well share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.