@@ -8,11 +9,10 @@
+ A Simple, Lightweight, Flexible Bastion Host. +
-`Main use`: It is mainly used for products that enhance IT internal control and compliance security by implementing control and audit of IT personnel's operating behaviors in enterprises. - -`Main functions`: role management, authorization approval, resource access control, session audit, etc. --- English / [中文](README_cn.md) @@ -40,58 +40,22 @@ docker-compose up -d - password: 123456 -## SSH -### View - -### Login -```shell -ssh -p12229 admin@127.0.0.1 # Note that the port, user, and address need to be replaced with your current environment -``` -### Passwordless Login Configuration -> Terminal passwordless login is designed for enhanced security and convenience. -1. Generate and retrieve the public key, get the MAC address -```shell -ssh-keygen -t ed25519 # Generate the key following the prompts -cat /root/.ssh/id_ed25519.pub # Copy the public key. The public key address is obtained from the generation process as shown in the previous step -ifconfig | grep -B1 "xxx.xxx.xxx.xxx" | awk '/ether/{print $2}' # Get the MAC address, replace xxx.xxx.xxx.xxx with your local IP -``` - +## 🎯Features -2. Place the public key and MAC on the platform -  +- Asset Managent (SSH RDP VNC) +- Account Management +- Authorization +- Session Management + - Online Session: Monitor, Force Kill + - Offline Session: Replay, Download +- SSH Server +- Asset & Account Auto Discovery -### More Streamlined Login Method -```shell -ssh oneterm -``` -> To achieve this effect, you can configure as follows: -1. Create the ssh config file -```shell -touch ~/.ssh/config -``` -2. Add the following content to **`~/.ssh/config`** -```shell -Host oneterm - HostName 127.0.0.1 # Replace with the address of your oneterm's ssh server - Port 12229 # Replace with the port of your oneterm's ssh server - User admin # Replace with your platform user on oneterm -``` - -## VNC/RDP - - -## 🎯TODO -- [ ] The asset list is associated with the CMDB authorization service tree. -- [ ] The web terminal page supports multiple sessions with tabs, etc. ## 📚Docs doc link:https://veops.cn/docs/docs/oneterm/onterm_design -## 🔗Releated Projects - -[go-ansiterm](https://github.com/veops/go-ansiterm):Linux terminal emulator - ## Contributing diff --git a/README_cn.md b/README_cn.md index e66f466..551c542 100644 --- a/README_cn.md +++ b/README_cn.md @@ -8,11 +8,9 @@
-**`OneTerm`** 堡垒机,基于4A理念,即认证(Authen)、授权(Authorize)、账号(Account)、审计(Audit)设计开发。
-
-`主要用途`:主要用于企业通过实现对IT人员操作行为的控制和审计来提升IT内部控制、合规安全性的产品。
-
-`主要功能`:角色管理、授权审批、资源访问控制、会话审计等。
++ 一款简单、轻量、灵活的堡垒机服务. +
--- [English](README.md) / 中文 @@ -23,8 +21,6 @@ > **重要提示**: **`main`** 分支在开发过程中可能处于不稳定的状态,请通过[release](https://github.com/veops/oneterm/releases)获取,或者直接通过镜像部署 - - ## 🚀安装 ### docker-compose @@ -36,64 +32,26 @@ docker-compose up -d ``` ## ✅验证 -- 浏览器打开: [http://127.0.0.1:8000](http://127.0.0.1:8000) -- username: admin -- password: 123456 +- 浏览器: [http://127.0.0.1:8666](http://127.0.0.1:8666) +- 账号: admin +- 密码: 123456 -## SSH终端 -### 效果 - -### 登录 -```shell -ssh -p12229 admin@127.0.0.1 # 注意这里端口,用户,地址需要换成您当前环境的 -``` -### 免密登录配置 -> 终端免密登录是为了增加安全性以及便捷性而设计 -1. 生成并获取公钥, 获取mac地址 -```shell -ssh-keygen -t ed25519 # 根据提示生成key -cat /root/.ssh/id_ed25519.pub # 拷贝公钥, 公钥地址从上一步生成的过程中获取,如下图所示 -ifconfig | grep -B1 "xxx.xxx.xxx.xxx" | awk '/ether/{print $2}' # 获取mac地址, 其中xxx.xxx.xxx.xxx换成您本机的IP -``` +## 🎯功能 - - -2. 将公钥和mac放在平台上 - - -### 更精简的的登录方式 -```shell -ssh oneterm -``` -> 要达到这种效果,可进行如下配置 -1. 创建ssh config文件 -```shell -touch ~/.ssh/config -``` -2. 将以下内容添加到 **`~/.ssh/config`** -```shell -Host oneterm - HostName 127.0.0.1 # 此处替换为您oneterm的ssh server的地址 - Port 12229 # 此处替换为您oneterm的ssh server的端口 - User admin # 此处替换为您oneterm上的平台用户 -``` - -## VNC/RDP - - -## 🎯下一步计划 -- [ ] 资产列表关联CMDB授权服务树 -- [ ] web终端页面多个session支持tab等 +- 资产管理 (SSH RDP VNC) +- 账号管理 +- 权限认证 +- 会话管理 + - 在线会话: 监控、强制关闭 + - 离线会话: 回放, 下载 +- SSH服务 +- 资产账号自动发现 ## 📚产品文档 文档地址:https://veops.cn/docs/docs/oneterm/onterm_design -## 🔗相关项目 - -[go-ansiterm](https://github.com/veops/go-ansiterm):linux终端仿真器,主要是根据终端输入和服务器回显解析命令 - ## 如何贡献 diff --git a/deploy/docker-compose.yaml b/deploy/docker-compose.yaml index 852433d..3bf9959 100644 --- a/deploy/docker-compose.yaml +++ b/deploy/docker-compose.yaml @@ -16,6 +16,9 @@ services: new: aliases: - oneterm-api + tty: true + ports: + - "2222:2222" oneterm-guacd: image: registry.cn-hangzhou.aliyuncs.com/veops/oneterm-guacd:latest @@ -100,6 +103,7 @@ services: - | sleep 2 flask db-setup + flask common-check-new-columns flask init-acl flask init-department diff --git a/docs/images/img.png b/docs/images/img.png deleted file mode 100644 index 30d957c..0000000 Binary files a/docs/images/img.png and /dev/null differ diff --git a/docs/images/img_1.png b/docs/images/img_1.png deleted file mode 100644 index 0ff011e..0000000 Binary files a/docs/images/img_1.png and /dev/null differ diff --git a/docs/images/img_2.png b/docs/images/img_2.png deleted file mode 100644 index 675ab3a..0000000 Binary files a/docs/images/img_2.png and /dev/null differ diff --git a/docs/images/img_3.png b/docs/images/img_3.png deleted file mode 100644 index 675ab3a..0000000 Binary files a/docs/images/img_3.png and /dev/null differ diff --git a/docs/images/rdp.png b/docs/images/rdp.png deleted file mode 100644 index f51c968..0000000 Binary files a/docs/images/rdp.png and /dev/null differ diff --git a/docs/images/ssh-client.gif b/docs/images/ssh-client.gif deleted file mode 100644 index fa37fcd..0000000 Binary files a/docs/images/ssh-client.gif and /dev/null differ diff --git a/docs/images/vnc.png b/docs/images/vnc.png deleted file mode 100644 index e92a41a..0000000 Binary files a/docs/images/vnc.png and /dev/null differ diff --git a/docs/images/wechat.jpg b/docs/images/wechat.jpg deleted file mode 100644 index 9c5f663..0000000 Binary files a/docs/images/wechat.jpg and /dev/null differ