需要的环境:@H_301_3@
(1) Windows系统机器
(2) ssh工具Xshell软件
(3) centos虚拟机
参考安装和下载地址:@H_301_3@
(1) http://liftoff.github.io/GateOne/About/prerequisites.html 官网
(2) http://www.90.vc/archives/1127 中文网站
(3) http://www.2cto.com/os/201411/349816.html 中文网站
安装pip
https://pip.pypa.io/en/latest/installing/#do-i-need-to-install-pip 官网
GateOne介绍
GateOne 是一款使用 HTML5 技术编写的网页版 SSH 终端模拟器。就是类似于Windows上远程ssh工具,例如Xshell等。
亮点有:
• 基于现代的 HTML5 技术,无需任何浏览器插件。
• 支持多个 SSH 进程。
• 可以嵌入到其他任意应用程序中。
• 支持使用 JavaScript,Python 甚至纯 CSS 编写的插件。
• 支持 SSH 进程副本,打开多个进程而无需重复输入密码。
• 支持各种服务器端的日志功能,支持 Keberos-based 单点登录甚至活动目录。
以上参考:https://linuxtoy.org/archives/gateone.html 可以看到外网的介绍视屏。
官网上介绍说在CentOS下安装GateOne的先决条件是:
(1) Python 版本为2.6+和3.2+
(2) Tornado Framework 框架2.2+
(3) 如果Python是2.6版本的需要安装ordereddict module
(4) tornado kerberos等模块
安装过程
(1) 下载必要的源
epel-release-6-8.noarch.rpm源的下载和安装
[root@localhost tools]# wget http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
--2016-08-08 05:26:07-- http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
Resolving dl.fedoraproject.org... 209.132.181.24,209.132.181.23,209.132.181.27,...
Connecting to dl.fedoraproject.org|209.132.181.24|:80... connected.
HTTP request sent,awaiting response... 200 OK
Length: 14540 (14K) [application/x-rpm]
Saving to: “epel-release-6-8.noarch.rpm”
100%[===========================================>] 14,540 60.8K/s in 0.2s
2016-08-08 05:26:08 (60.8 KB/s) - “epel-release-6-8.noarch.rpm” saved [14540/14540]
[root@localhost tools]# rpm -Uvh epel-release*rpm
warning: epel-release-6-8.noarch.rpm: Header V3 RSA/SHA256 Signature,key ID 0608b895: NOKEY
Preparing... ########################################### [100%]
1:epel-release ########################################### [100%]
[root@localhost tools]# yum install epel-release
Loaded plugins: fastestmirror
Setting up Install Process
Loading mirror speeds from cached hostfile
epel/Metalink | 4.7 kB 00:00
* base: mirrors.hust.edu.cn
* epel: mirrors.neusoft.edu.cn
* extras: mirrors.hust.edu.cn
* updates: mirrors.hust.edu.cn
base | 3.7 kB 00:00
epel | 4.3 kB 00:00
epel/primary_db | 5.9 MB 00:03
extras | 3.4 kB 00:00
updates | 3.4 kB 00:00
updates/primary_db | 1.4 MB 00:01
Package epel-release-6-8.noarch already installed and latest version
Nothing to do
[root@localhost tools]#
rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm源的下载和安装
[root@localhost tools]# wget http://apt.sw.be/redhat/el6/en/x86_64/rpmforge/RPMS/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
--2016-08-08 05:31:39-- http://apt.sw.be/redhat/el6/en/x86_64/rpmforge/RPMS/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
Resolving apt.sw.be... 193.1.193.67
Connecting to apt.sw.be|193.1.193.67|:80... connected.
HTTP request sent,awaiting response... 200 OK
Length: 12700 (12K) [application/x-redhat-package-manager]
Saving to: “rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm”
100%[===========================================>] 12,700 --.-K/s in 0s
2016-08-08 05:31:41 (475 MB/s) - “rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm” saved [12700/12700]
[root@localhost tools]# rpm -Uvh rpmforge-release*rpm
warning: rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm: Header V3 DSA/SHA1 Signature,key ID 6b8d79e6: NOKEY
Preparing... ########################################### [100%]
1:rpmforge-release ########################################### [100%]
[root@localhost tools]#
(2) 安装依赖包
[root@localhost tools]# yum install -y python python-pip gcc python-devel setuptool python-pam openssl openssl-devel wget make gcc-c++ patch pam_radius dtach pyOpenSSL perl
(3) 用pip命令安装tornado Kerberos
[root@localhost tools]# pip install tornado kerberos
(4) 安装tornado
[root@localhost tools]# wget https://github.com/downloads/liftoff/GateOne/tornado-2.4-1.noarch.rpm
--2016-08-08 16:33:37-- https://github.com/downloads/liftoff/GateOne/tornado-2.4-1.noarch.rpm
Resolving github.com... 192.30.253.113
Connecting to github.com|192.30.253.113|:443... connected.
HTTP request sent,awaiting response... 302 Found
Location: https://cloud.github.com/downloads/liftoff/GateOne/tornado-2.4-1.noarch.rpm [following]
--2016-08-08 16:33:39-- https://cloud.github.com/downloads/liftoff/GateOne/tornado-2.4-1.noarch.rpm
Resolving cloud.github.com... 54.182.5.40,54.182.5.69,54.182.5.230,...
Connecting to cloud.github.com|54.182.5.40|:443... connected.
HTTP request sent,awaiting response... 200 OK
Length: 577918 (564K) [audio/pn-realaudio-plugin]
Saving to: “tornado-2.4-1.noarch.rpm”
100%[===========================================>] 577,918 40.2K/s in 11s
2016-08-08 16:33:55 (51.1 KB/s) - “tornado-2.4-1.noarch.rpm” saved [577918/577918]
[root@localhost tools]# ls
epel-release-6-8.noarch.rpm tornado-2.4-1.noarch.rpm
rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
[root@localhost tools]# rpm -ivh tornado-2.4-1.noarch.rpm
Preparing... ########################################### [100%]
1:tornado ########################################### [100%]
[root@localhost tools]#
(5) 安装Imaging
[root@localhost tools]# rpm -ivh tornado-2.4-1.noarch.rpm
Preparing... ########################################### [100%]
1:tornado ########################################### [100%]
[root@localhost tools]# wget http://effbot.org/media/downloads/Imaging-1.1.7.tar.gz
--2016-08-08 16:35:14-- http://effbot.org/media/downloads/Imaging-1.1.7.tar.gz
Resolving effbot.org... 75.126.217.42
Connecting to effbot.org|75.126.217.42|:80... connected.
HTTP request sent,awaiting response... 200 OK
Length: 498749 (487K) [application/octet-stream]
Saving to: “Imaging-1.1.7.tar.gz”
100%[===========================================>] 498,749 67.4K/s in 6.6s
2016-08-08 16:35:25 (74.3 KB/s) - “Imaging-1.1.7.tar.gz” saved [498749/498749]
[root@localhost tools]# tar zxvf Imaging-1.1.7.tar.gz
[root@localhost tools]# cd Imaging-1.1.7
[root@localhost Imaging-1.1.7]# python setup.py install
(6) 安装ordereddict
[root@localhost Imaging-1.1.7]# wget https://pypi.python.org/packages/source/o/ordereddict/ordereddict-1.1.tar.gz
--2016-08-08 16:37:03-- https://pypi.python.org/packages/source/o/ordereddict/ordereddict-1.1.tar.gz
Resolving pypi.python.org... 151.101.16.223,2a04:4e42:4::223
Connecting to pypi.python.org|151.101.16.223|:443... connected.
HTTP request sent,awaiting response... 200 OK
Length: 2114 (2.1K) [application/octet-stream]
Saving to: “ordereddict-1.1.tar.gz”
100%[===========================================>] 2,114 --.-K/s in 0.001s
2016-08-08 16:37:05 (2.28 MB/s) - “ordereddict-1.1.tar.gz” saved [2114/2114]
[root@localhost Imaging-1.1.7]# tar -zxvf ordereddict-1.1.tar.gz
ordereddict-1.1/
ordereddict-1.1/LICENSE
ordereddict-1.1/ordereddict.py
ordereddict-1.1/PKG-INFO
ordereddict-1.1/setup.py
[root@localhost Imaging-1.1.7]# cd ordereddict-1.1
[root@localhost ordereddict-1.1]# python setup.py install
running install
running build
running build_py
creating build
creating build/lib
copying ordereddict.py -> build/lib
running install_lib
copying build/lib/ordereddict.py -> /usr/lib/python2.6/site-packages
byte-compiling /usr/lib/python2.6/site-packages/ordereddict.py to ordereddict.pyc
running install_egg_info
Writing /usr/lib/python2.6/site-packages/ordereddict-1.1-py2.6.egg-info
[root@localhost ordereddict-1.1]#
(7) 安装GateOne
[root@localhost ~]# wget https://github.com/downloads/liftoff/GateOne/gateone-1.1-1.noarch.rpm
--2016-08-08 17:03:56-- https://github.com/downloads/liftoff/GateOne/gateone-1.1-1.noarch.rpm
Resolving github.com... 192.30.253.112
Connecting to github.com|192.30.253.112|:443... connected.
HTTP request sent,awaiting response... No data received.
Retrying.
--2016-08-08 17:04:23-- (try: 2) https://github.com/downloads/liftoff/GateOne/gateone-1.1-1.noarch.rpm
Connecting to github.com|192.30.253.112|:443... connected.
HTTP request sent,awaiting response... 302 Found
Location: https://cloud.github.com/downloads/liftoff/GateOne/gateone-1.1-1.noarch.rpm [following]
--2016-08-08 17:04:25-- https://cloud.github.com/downloads/liftoff/GateOne/gateone-1.1-1.noarch.rpm
Resolving cloud.github.com... 54.182.5.219,54.182.5.245,54.182.5.247,...
Connecting to cloud.github.com|54.182.5.219|:443... Failed: Connection refused.
Connecting to cloud.github.com|54.182.5.245|:443... Failed: Connection refused.
Connecting to cloud.github.com|54.182.5.247|:443... connected.
HTTP request sent,awaiting response... 200 OK
Length: 11538671 (11M) [audio/pn-realaudio-plugin]
Saving to: “gateone-1.1-1.noarch.rpm.1”
100%[===========================================>] 11,538,671 21.1K/s in 9m 6s
2016-08-08 17:14:16 (20.6 KB/s) - “gateone-1.1-1.noarch.rpm.1” saved [11538671/11538671]
[root@localhost tools]# rpm -ivh gateone-1.1-1.noarch.rpm
Preparing... ########################################### [100%]
1:gateone ########################################### [100%]
[root@localhost tools]#
(8) 第一次开启服务
[root@localhost tools]# cd /opt/
[root@localhost opt]# ls
gateone
[root@localhost opt]# cd gateone/
[root@localhost gateone]# ls
authpam.py gateone.py plugins static tests
auth.py i18n README.rst templates utils.py
babel_gateone.cfg LICENSE.txt remote_syslog.py terminal.py
docs logviewer.py sso.py termio.py
[root@localhost gateone]# ./gateone.py
Traceback (most recent call last):
File "./gateone.py",line 289,in <module>
tornado.options.enable_pretty_logging()
AttributeError: 'module' object has no attribute 'enable_pretty_logging'
[root@localhost gateone]#
启动出现了问题,找了一下,原来是tornado版本不对
[root@localhost gateone]# python -c "import tornado; print(tornado.version)"
4.4.1
[root@localhost gateone]#
要求是2.4左右的才能运行GateOne的server
[root@localhost ~]# wget https://pypi.python.org/packages/2d/9a/38e855094bd11cba89cd2a50a54c31019ef4a45785fe12be6aa9a7c633de/tornado-2.4.tar.gz#md5=c738af97c31dd70f41f6726cf0968941
--2016-08-08 17:32:09-- https://pypi.python.org/packages/2d/9a/38e855094bd11cba89cd2a50a54c31019ef4a45785fe12be6aa9a7c633de/tornado-2.4.tar.gz
Resolving pypi.python.org... 151.101.16.223,awaiting response... 200 OK
Length: 347522 (339K) [application/octet-stream]
Saving to: “tornado-2.4.tar.gz”
100%[===========================================>] 347,522 8.51K/s in 34s
2016-08-08 17:32:44 (9.92 KB/s) - “tornado-2.4.tar.gz” saved [347522/347522]
[root@localhost ~]# tar zxvf tornado-2.4.tar.gz
[root@localhost ~]# cd tornado-2.4
[root@localhost tornado-2.4]# ls
demos PKG-INFO runtests.sh setup.py tornado.egg-info
MANIFEST.in README setup.cfg tornado
[root@localhost tornado-2.4]# python setup.py build
[root@localhost tornado-2.4]# python2 setup.py install
[root@localhost tornado-2.4]# python -c "import tornado; print(tornado.version)"
2.4
[root@localhost tornado-2.4]#
再次启动
[root@localhost gateone]# pwd
/opt/gateone
[root@localhost gateone]# ls
authpam.py gateone.py plugins static tests
auth.py i18n README.rst templates utils.py
babel_gateone.cfg LICENSE.txt remote_syslog.py terminal.py
docs logviewer.py sso.py termio.py
[root@localhost gateone]# ./gateone.py
[I 160808 17:40:22 gateone:2748] /opt/gateone/server.conf not found or missing cookie_secret. A new one will be generated.
[I 160808 17:40:22 gateone:2917] Connections to this server will be allowed from the following origins: 'http://localhost https://localhost http://127.0.0.1 https://127.0.0.1 https://localhost https://localhost.localdomain https://localhost4 https://localhost4.localdomain4 https://localhost.localdomain https://localhost6 https://localhost6.localdomain6 https://127.0.0.1 https://127.0.0.1'
[I 160808 17:40:22 gateone:2957] No SSL private key found. One will be generated.
[I 160808 17:40:22 gateone:2307] No authentication method configured. All users will be ANONYMOUS [I 160808 17:40:22 gateone:2404] Loaded plugins: bookmarks,convenience,example,help,logging,logging_plugin,mobile,notice,playback,ssh
[I 160808 17:40:22 gateone:3054] Listening on https://*:443/
[I 160808 17:40:22 gateone:3060] Process running with pid 3728
^C[I 160808 17:40:26 gateone:3084] Caught KeyboardInterrupt. Killing sessions...
[I 160808 17:40:26 gateone:3088] pid file removed.
[root@localhost gateone]#
(9) 配置文件
我们Ctrl + c,关闭服务器,然后配置一下配置文件
[root@localhost gateone]# pwd
/opt/gateone
[root@localhost gateone]# vi server.conf
# -*- coding: utf-8 -*-
locale = "en_US"
pam_service = "login"
syslog_facility = "daemon"
syslog_host = None
enable_unix_socket = False
port = 443
uid = "0"
url_prefix = "/"
user_dir = "/opt/gateone/users"
dtach = True
certificate = "certificate.pem"
log_to_stderr = False
session_logs_max_age = "30d"
gid = "0"
pid_file = "/var/run/gateone.pid"
sso_realm = None
cookie_secret = "YjM1NjZmNjhjZTY4NDcwZDljZjdhZTM5ZTJiMGRhNzI5Y"
pam_realm = "localhost.localdomain"
sso_service = "HTTP"
https_redirect = False
syslog_session_logging = False
disable_ssl = False
debug = False
session_dir = "/tmp/gateone"
auth = "none"
address = ""
api_timestamp_window = "30s"
log_file_num_backups = 10
logging = "info"
embedded = False
origins = "http://localhost;https://localhost;http://127.0.0.1;https://127.0.0.1;https://localhost;https://localhost.localdomain;https://localhost4;https://localhost4.localdomain4;https://localhost.localdomain;https://localhost6;https://localhost6.localdomain6;https://127.0.0.1;https://127.0.0.1"
session_logging = True
unix_socket_path = "/var/run/gateone.sock"
ssl_auth = "none"
log_file_max_size = 104857600
session_timeout = "5d"
command = "/opt/gateone/plugins/ssh/scripts/ssh_connect.py -S '/tmp/gateone/%SESSION%/%SHORT_SOCKET%' --sshfp -a '-oUserKnownHostsFile=%USERDIR%/%USER%/ssh/known_hosts'"
ca_certs = None
js_init = ""
keyfile = "keyfile.pem"
log_file_prefix = "/opt/gateone/logs/webserver.log"
我们一般修改是的允许访问的IP地址,或者是地址段
origins = " https://192.168.220.145;http://192.168.220.145;https://192.168.60.216; https://192.168.60.216;http://localhost;https://localhost;http://127.0.0.1;https://127.0.0.1;https://localhost;https://localhost.localdomain;https://localhost4;https://localhost4.localdomain4;https://localhost.localdomain;https://localhost6;https://localhost6.localdomain6;https://127.0.0.1;https://127.0.0.1"
(10) 启动访问
[root@localhost gateone]# ./gateone.py
[I 160809 04:30:16 gateone:2917] Connections to this server will be allowed from the following origins: 'https://192.168.220.145 http://192.168.220.145 https://192.168.60.216 http://192.168.60.216 http://localhost https://localhost http://127.0.0.1 https://127.0.0.1 https://localhost https://localhost.localdomain https://localhost4 https://localhost4.localdomain4 https://localhost.localdomain https://localhost6 https://localhost6.localdomain6 https://127.0.0.1 https://127.0.0.1'
[I 160809 04:30:16 gateone:2307] No authentication method configured. All users will be ANONYMOUS [I 160809 04:30:16 gateone:2404] Loaded plugins: bookmarks,ssh
[I 160809 04:30:16 gateone:3054] Listening on https://*:443/
[I 160809 04:30:16 gateone:3060] Process running with pid 5377
记得关防火墙和Selinux哦!
[root@localhost opt]# /etc/init.d/iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
5 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
[root@localhost opt]# /etc/init.d/iptables stop
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
[root@localhost opt]# chkconfig iptables off
[root@localhost opt]# getenforce
Enforcing
[root@localhost opt]# setenforce 0
[root@localhost opt]# vi /etc/selinux/config
SELINUX=disabled
本地Windows访问:
最好使用火狐浏览器、Google浏览器,在网址栏输入:https://192.168.220.145, ip地址是你的GateOne机器的地址。第一次登录需要添加例外,允许我们的远程主机访问
第一次连接需要证书,我们添加例外,然后将证书添加到网页中,然后确认登录即可。
(11) 登录操作
第一次登录需要登录我们的远程主机,输入ip,端口,登录用户名,密码,即可进行操作。
后台显示效果
[root@localhost gateone]# ./gateone.py
[I 160809 04:30:16 gateone:2917] Connections to this server will be allowed from the following origins: 'https://192.168.220.145 http://192.168.220.145 https://192.168.60.216 http://192.168.60.216 http://localhost https://localhost http://127.0.0.1 https://127.0.0.1 https://localhost https://localhost.localdomain https://localhost4 https://localhost4.localdomain4 https://localhost.localdomain https://localhost6 https://localhost6.localdomain6 https://127.0.0.1 https://127.0.0.1'
[I 160809 04:30:16 gateone:2307] No authentication method configured. All users will be ANONYMOUS [I 160809 04:30:16 gateone:2404] Loaded plugins: bookmarks,ssh
[I 160809 04:30:16 gateone:3054] Listening on https://*:443/
[I 160809 04:30:16 gateone:3060] Process running with pid 5377
[I 160809 04:30:19 web:1462] 304 GET / (192.168.220.1) 3.91ms
[I 160809 04:30:19 web:1462] 304 GET /combined_js (192.168.220.1) 3.50ms
[I 160809 04:30:19 web:1462] 304 GET /auth?check=True (192.168.220.1) 0.86ms
[I 160809 04:30:19 gateone:1063] WebSocket opened (ANONYMOUS).
[I 160809 04:30:21 web:1462] 200 GET /static/ubuntumono-normal.woff (192.168.220.1) 6.98ms
[I 160809 04:30:50 web:1462] 200 GET /static/ubuntumono-bold.woff (192.168.220.1) 3.26ms