需要的环境:
(1) Windows系统机器
(2) ssh工具Xshell软件
(3) centos虚拟机
参考安装和下载地址:
(1) http://liftoff.github.io/GateOne/About/prerequisites.html 官网
(2) http://www.90.vc/archives/1127 中文网站
(3) http://www.2cto.com/os/201411/349816.html 中文网站
安装pip
https://pip.pypa.io/en/latest/installing/#do-i-need-to-install-pip 官网
GateOne介绍
GateOne 是一款使用 HTML5 技术编写的网页版 SSH 终端模拟器。就是类似于Windows上远程ssh工具,例如Xshell等。
亮点有:
• 基于现代的 HTML5 技术,无需任何浏览器插件。
• 支持多个 SSH 进程。
• 可以嵌入到其他任意应用程序中。
• 支持使用 JavaScript,Python 甚至纯 CSS 编写的插件。
• 支持 SSH 进程副本,打开多个进程而无需重复输入密码。
• 支持各种服务器端的日志功能,支持 Keberos-based 单点登录甚至活动目录。
以上参考:https://linuxtoy.org/archives/gateone.html 可以看到外网的介绍视屏。
官网上介绍说在CentOS下安装GateOne的先决条件是:
(1) Python 版本为2.6+和3.2+
(2) Tornado Framework 框架2.2+
(3) 如果Python是2.6版本的需要安装ordereddict module
(4) tornado kerberos等模块
安装过程
(1) 下载必要的源
epel-release-6-8.noarch.rpm源的下载和安装
- [root@localhost tools]# wget http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
- --2016-08-08 05:26:07-- http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
- Resolving dl.fedoraproject.org... 209.132.181.24,209.132.181.23,209.132.181.27,...
- Connecting to dl.fedoraproject.org|209.132.181.24|:80... connected.
- HTTP request sent,awaiting response... 200 OK
- Length: 14540 (14K) [application/x-rpm]
- Saving to: “epel-release-6-8.noarch.rpm”
-
- 100%[===========================================>] 14,540 60.8K/s in 0.2s
-
- 2016-08-08 05:26:08 (60.8 KB/s) - “epel-release-6-8.noarch.rpm” saved [14540/14540]
-
- [root@localhost tools]# rpm -Uvh epel-release*rpm
- warning: epel-release-6-8.noarch.rpm: Header V3 RSA/SHA256 Signature,key ID 0608b895: NOKEY
- Preparing... ########################################### [100%]
- 1:epel-release ########################################### [100%]
- [root@localhost tools]# yum install epel-release
- Loaded plugins: fastestmirror
- Setting up Install Process
- Loading mirror speeds from cached hostfile
- epel/Metalink | 4.7 kB 00:00
- * base: mirrors.hust.edu.cn
- * epel: mirrors.neusoft.edu.cn
- * extras: mirrors.hust.edu.cn
- * updates: mirrors.hust.edu.cn
- base | 3.7 kB 00:00
- epel | 4.3 kB 00:00
- epel/primary_db | 5.9 MB 00:03
- extras | 3.4 kB 00:00
- updates | 3.4 kB 00:00
- updates/primary_db | 1.4 MB 00:01
- Package epel-release-6-8.noarch already installed and latest version
- Nothing to do
- [root@localhost tools]#
rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm源的下载和安装
- [root@localhost tools]# wget http://apt.sw.be/redhat/el6/en/x86_64/rpmforge/RPMS/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
- --2016-08-08 05:31:39-- http://apt.sw.be/redhat/el6/en/x86_64/rpmforge/RPMS/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
- Resolving apt.sw.be... 193.1.193.67
- Connecting to apt.sw.be|193.1.193.67|:80... connected.
- HTTP request sent,awaiting response... 200 OK
- Length: 12700 (12K) [application/x-redhat-package-manager]
- Saving to: “rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm”
-
- 100%[===========================================>] 12,700 --.-K/s in 0s
-
- 2016-08-08 05:31:41 (475 MB/s) - “rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm” saved [12700/12700]
-
- [root@localhost tools]# rpm -Uvh rpmforge-release*rpm
- warning: rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm: Header V3 DSA/SHA1 Signature,key ID 6b8d79e6: NOKEY
- Preparing... ########################################### [100%]
- 1:rpmforge-release ########################################### [100%]
- [root@localhost tools]#
(2) 安装依赖包
- [root@localhost tools]# yum install -y python python-pip gcc python-devel setuptool python-pam openssl openssl-devel wget make gcc-c++ patch pam_radius dtach pyOpenSSL perl
(3) 用pip命令安装tornado Kerberos
- [root@localhost tools]# pip install tornado kerberos
(4) 安装tornado
- [root@localhost tools]# wget https://github.com/downloads/liftoff/GateOne/tornado-2.4-1.noarch.rpm
- --2016-08-08 16:33:37-- https://github.com/downloads/liftoff/GateOne/tornado-2.4-1.noarch.rpm
- Resolving github.com... 192.30.253.113
- Connecting to github.com|192.30.253.113|:443... connected.
- HTTP request sent,awaiting response... 302 Found
- Location: https://cloud.github.com/downloads/liftoff/GateOne/tornado-2.4-1.noarch.rpm [following]
- --2016-08-08 16:33:39-- https://cloud.github.com/downloads/liftoff/GateOne/tornado-2.4-1.noarch.rpm
- Resolving cloud.github.com... 54.182.5.40,54.182.5.69,54.182.5.230,...
- Connecting to cloud.github.com|54.182.5.40|:443... connected.
- HTTP request sent,awaiting response... 200 OK
- Length: 577918 (564K) [audio/pn-realaudio-plugin]
- Saving to: “tornado-2.4-1.noarch.rpm”
-
- 100%[===========================================>] 577,918 40.2K/s in 11s
-
- 2016-08-08 16:33:55 (51.1 KB/s) - “tornado-2.4-1.noarch.rpm” saved [577918/577918]
-
- [root@localhost tools]# ls
- epel-release-6-8.noarch.rpm tornado-2.4-1.noarch.rpm
- rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
- [root@localhost tools]# rpm -ivh tornado-2.4-1.noarch.rpm
- Preparing... ########################################### [100%]
- 1:tornado ########################################### [100%]
- [root@localhost tools]#
(5) 安装Imaging
- [root@localhost tools]# rpm -ivh tornado-2.4-1.noarch.rpm
- Preparing... ########################################### [100%]
- 1:tornado ########################################### [100%]
- [root@localhost tools]# wget http://effbot.org/media/downloads/Imaging-1.1.7.tar.gz
- --2016-08-08 16:35:14-- http://effbot.org/media/downloads/Imaging-1.1.7.tar.gz
- Resolving effbot.org... 75.126.217.42
- Connecting to effbot.org|75.126.217.42|:80... connected.
- HTTP request sent,awaiting response... 200 OK
- Length: 498749 (487K) [application/octet-stream]
- Saving to: “Imaging-1.1.7.tar.gz”
-
- 100%[===========================================>] 498,749 67.4K/s in 6.6s
-
- 2016-08-08 16:35:25 (74.3 KB/s) - “Imaging-1.1.7.tar.gz” saved [498749/498749]
-
- [root@localhost tools]# tar zxvf Imaging-1.1.7.tar.gz
- [root@localhost tools]# cd Imaging-1.1.7
- [root@localhost Imaging-1.1.7]# python setup.py install
(6) 安装ordereddict
- [root@localhost Imaging-1.1.7]# wget https://pypi.python.org/packages/source/o/ordereddict/ordereddict-1.1.tar.gz
- --2016-08-08 16:37:03-- https://pypi.python.org/packages/source/o/ordereddict/ordereddict-1.1.tar.gz
- Resolving pypi.python.org... 151.101.16.223,2a04:4e42:4::223
- Connecting to pypi.python.org|151.101.16.223|:443... connected.
- HTTP request sent,awaiting response... 200 OK
- Length: 2114 (2.1K) [application/octet-stream]
- Saving to: “ordereddict-1.1.tar.gz”
-
- 100%[===========================================>] 2,114 --.-K/s in 0.001s
-
- 2016-08-08 16:37:05 (2.28 MB/s) - “ordereddict-1.1.tar.gz” saved [2114/2114]
-
- [root@localhost Imaging-1.1.7]# tar -zxvf ordereddict-1.1.tar.gz
- ordereddict-1.1/
- ordereddict-1.1/LICENSE
- ordereddict-1.1/ordereddict.py
- ordereddict-1.1/PKG-INFO
- ordereddict-1.1/setup.py
- [root@localhost Imaging-1.1.7]# cd ordereddict-1.1
- [root@localhost ordereddict-1.1]# python setup.py install
- running install
- running build
- running build_py
- creating build
- creating build/lib
- copying ordereddict.py -> build/lib
- running install_lib
- copying build/lib/ordereddict.py -> /usr/lib/python2.6/site-packages
- byte-compiling /usr/lib/python2.6/site-packages/ordereddict.py to ordereddict.pyc
- running install_egg_info
- Writing /usr/lib/python2.6/site-packages/ordereddict-1.1-py2.6.egg-info
- [root@localhost ordereddict-1.1]#
(7) 安装GateOne
- [root@localhost ~]# wget https://github.com/downloads/liftoff/GateOne/gateone-1.1-1.noarch.rpm
- --2016-08-08 17:03:56-- https://github.com/downloads/liftoff/GateOne/gateone-1.1-1.noarch.rpm
- Resolving github.com... 192.30.253.112
- Connecting to github.com|192.30.253.112|:443... connected.
- HTTP request sent,awaiting response... No data received.
- Retrying.
-
- --2016-08-08 17:04:23-- (try: 2) https://github.com/downloads/liftoff/GateOne/gateone-1.1-1.noarch.rpm
- Connecting to github.com|192.30.253.112|:443... connected.
- HTTP request sent,awaiting response... 302 Found
- Location: https://cloud.github.com/downloads/liftoff/GateOne/gateone-1.1-1.noarch.rpm [following]
- --2016-08-08 17:04:25-- https://cloud.github.com/downloads/liftoff/GateOne/gateone-1.1-1.noarch.rpm
- Resolving cloud.github.com... 54.182.5.219,54.182.5.245,54.182.5.247,...
- Connecting to cloud.github.com|54.182.5.219|:443... Failed: Connection refused.
- Connecting to cloud.github.com|54.182.5.245|:443... Failed: Connection refused.
- Connecting to cloud.github.com|54.182.5.247|:443... connected.
- HTTP request sent,awaiting response... 200 OK
- Length: 11538671 (11M) [audio/pn-realaudio-plugin]
- Saving to: “gateone-1.1-1.noarch.rpm.1”
-
- 100%[===========================================>] 11,538,671 21.1K/s in 9m 6s
-
- 2016-08-08 17:14:16 (20.6 KB/s) - “gateone-1.1-1.noarch.rpm.1” saved [11538671/11538671]
- [root@localhost tools]# rpm -ivh gateone-1.1-1.noarch.rpm
- Preparing... ########################################### [100%]
- 1:gateone ########################################### [100%]
- [root@localhost tools]#
(8) 第一次开启服务
- [root@localhost tools]# cd /opt/
- [root@localhost opt]# ls
- gateone
- [root@localhost opt]# cd gateone/
- [root@localhost gateone]# ls
- authpam.py gateone.py plugins static tests
- auth.py i18n README.rst templates utils.py
- babel_gateone.cfg LICENSE.txt remote_syslog.py terminal.py
- docs logviewer.py sso.py termio.py
- [root@localhost gateone]# ./gateone.py
- Traceback (most recent call last):
- File "./gateone.py",line 289,in <module>
- tornado.options.enable_pretty_logging()
- AttributeError: 'module' object has no attribute 'enable_pretty_logging'
- [root@localhost gateone]#
启动出现了问题,找了一下,原来是tornado版本不对
- [root@localhost gateone]# python -c "import tornado; print(tornado.version)"
- 4.4.1
- [root@localhost gateone]#
要求是2.4左右的才能运行GateOne的server
- [root@localhost ~]# wget https://pypi.python.org/packages/2d/9a/38e855094bd11cba89cd2a50a54c31019ef4a45785fe12be6aa9a7c633de/tornado-2.4.tar.gz#md5=c738af97c31dd70f41f6726cf0968941
- --2016-08-08 17:32:09-- https://pypi.python.org/packages/2d/9a/38e855094bd11cba89cd2a50a54c31019ef4a45785fe12be6aa9a7c633de/tornado-2.4.tar.gz
- Resolving pypi.python.org... 151.101.16.223,awaiting response... 200 OK
- Length: 347522 (339K) [application/octet-stream]
- Saving to: “tornado-2.4.tar.gz”
-
- 100%[===========================================>] 347,522 8.51K/s in 34s
-
- 2016-08-08 17:32:44 (9.92 KB/s) - “tornado-2.4.tar.gz” saved [347522/347522]
- [root@localhost ~]# tar zxvf tornado-2.4.tar.gz
- [root@localhost ~]# cd tornado-2.4
- [root@localhost tornado-2.4]# ls
- demos PKG-INFO runtests.sh setup.py tornado.egg-info
- MANIFEST.in README setup.cfg tornado
- [root@localhost tornado-2.4]# python setup.py build
- [root@localhost tornado-2.4]# python2 setup.py install
- [root@localhost tornado-2.4]# python -c "import tornado; print(tornado.version)"
- 2.4
- [root@localhost tornado-2.4]#
再次启动
- [root@localhost gateone]# pwd
- /opt/gateone
- [root@localhost gateone]# ls
- authpam.py gateone.py plugins static tests
- auth.py i18n README.rst templates utils.py
- babel_gateone.cfg LICENSE.txt remote_syslog.py terminal.py
- docs logviewer.py sso.py termio.py
- [root@localhost gateone]# ./gateone.py
- [I 160808 17:40:22 gateone:2748] /opt/gateone/server.conf not found or missing cookie_secret. A new one will be generated.
- [I 160808 17:40:22 gateone:2917] Connections to this server will be allowed from the following origins: 'http://localhost https://localhost http://127.0.0.1 https://127.0.0.1 https://localhost https://localhost.localdomain https://localhost4 https://localhost4.localdomain4 https://localhost.localdomain https://localhost6 https://localhost6.localdomain6 https://127.0.0.1 https://127.0.0.1'
- [I 160808 17:40:22 gateone:2957] No SSL private key found. One will be generated.
- [I 160808 17:40:22 gateone:2307] No authentication method configured. All users will be ANONYMOUS [I 160808 17:40:22 gateone:2404] Loaded plugins: bookmarks,convenience,example,help,logging,logging_plugin,mobile,notice,playback,ssh
- [I 160808 17:40:22 gateone:3054] Listening on https://*:443/
- [I 160808 17:40:22 gateone:3060] Process running with pid 3728
- ^C[I 160808 17:40:26 gateone:3084] Caught KeyboardInterrupt. Killing sessions...
- [I 160808 17:40:26 gateone:3088] pid file removed.
- [root@localhost gateone]#
(9) 配置文件
我们Ctrl + c,关闭服务器,然后配置一下配置文件
- [root@localhost gateone]# pwd
- /opt/gateone
- [root@localhost gateone]# vi server.conf
-
- # -*- coding: utf-8 -*-
- locale = "en_US"
- pam_service = "login"
- syslog_facility = "daemon"
- syslog_host = None
- enable_unix_socket = False
- port = 443
- uid = "0"
- url_prefix = "/"
- user_dir = "/opt/gateone/users"
- dtach = True
- certificate = "certificate.pem"
- log_to_stderr = False
- session_logs_max_age = "30d"
- gid = "0"
- pid_file = "/var/run/gateone.pid"
- sso_realm = None
- cookie_secret = "YjM1NjZmNjhjZTY4NDcwZDljZjdhZTM5ZTJiMGRhNzI5Y"
- pam_realm = "localhost.localdomain"
- sso_service = "HTTP"
- https_redirect = False
- syslog_session_logging = False
- disable_ssl = False
- debug = False
- session_dir = "/tmp/gateone"
- auth = "none"
- address = ""
- api_timestamp_window = "30s"
- log_file_num_backups = 10
- logging = "info"
- embedded = False
- origins = "http://localhost;https://localhost;http://127.0.0.1;https://127.0.0.1;https://localhost;https://localhost.localdomain;https://localhost4;https://localhost4.localdomain4;https://localhost.localdomain;https://localhost6;https://localhost6.localdomain6;https://127.0.0.1;https://127.0.0.1"
- session_logging = True
- unix_socket_path = "/var/run/gateone.sock"
- ssl_auth = "none"
- log_file_max_size = 104857600
- session_timeout = "5d"
- command = "/opt/gateone/plugins/ssh/scripts/ssh_connect.py -S '/tmp/gateone/%SESSION%/%SHORT_SOCKET%' --sshfp -a '-oUserKnownHostsFile=%USERDIR%/%USER%/ssh/known_hosts'"
- ca_certs = None
- js_init = ""
- keyfile = "keyfile.pem"
- log_file_prefix = "/opt/gateone/logs/webserver.log"
我们一般修改是的允许访问的IP地址,或者是地址段
- origins = " https://192.168.220.145;http://192.168.220.145;https://192.168.60.216; https://192.168.60.216;http://localhost;https://localhost;http://127.0.0.1;https://127.0.0.1;https://localhost;https://localhost.localdomain;https://localhost4;https://localhost4.localdomain4;https://localhost.localdomain;https://localhost6;https://localhost6.localdomain6;https://127.0.0.1;https://127.0.0.1"
(10) 启动访问
- [root@localhost gateone]# ./gateone.py
- [I 160809 04:30:16 gateone:2917] Connections to this server will be allowed from the following origins: 'https://192.168.220.145 http://192.168.220.145 https://192.168.60.216 http://192.168.60.216 http://localhost https://localhost http://127.0.0.1 https://127.0.0.1 https://localhost https://localhost.localdomain https://localhost4 https://localhost4.localdomain4 https://localhost.localdomain https://localhost6 https://localhost6.localdomain6 https://127.0.0.1 https://127.0.0.1'
- [I 160809 04:30:16 gateone:2307] No authentication method configured. All users will be ANONYMOUS [I 160809 04:30:16 gateone:2404] Loaded plugins: bookmarks,ssh
- [I 160809 04:30:16 gateone:3054] Listening on https://*:443/
- [I 160809 04:30:16 gateone:3060] Process running with pid 5377
记得关防火墙和Selinux哦!
- [root@localhost opt]# /etc/init.d/iptables status
- Table: filter
- Chain INPUT (policy ACCEPT)
- num target prot opt source destination
- 1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
- 2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
- 3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
- 4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
- 5 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
-
- Chain FORWARD (policy ACCEPT)
- num target prot opt source destination
- 1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
-
- Chain OUTPUT (policy ACCEPT)
- num target prot opt source destination
-
- [root@localhost opt]# /etc/init.d/iptables stop
- iptables: Setting chains to policy ACCEPT: filter [ OK ]
- iptables: Flushing firewall rules: [ OK ]
- iptables: Unloading modules: [ OK ]
- [root@localhost opt]# chkconfig iptables off
-
- [root@localhost opt]# getenforce
- Enforcing
- [root@localhost opt]# setenforce 0
- [root@localhost opt]# vi /etc/selinux/config
- SELINUX=disabled
本地Windows访问:
最好使用火狐浏览器、Google浏览器,在网址栏输入:https://192.168.220.145, ip地址是你的GateOne机器的地址。第一次登录需要添加例外,允许我们的远程主机访问
第一次连接需要证书,我们添加例外,然后将证书添加到网页中,然后确认登录即可。
(11) 登录操作
第一次登录需要登录我们的远程主机,输入ip,端口,登录用户名,密码,即可进行操作。
后台显示效果
- [root@localhost gateone]# ./gateone.py
- [I 160809 04:30:16 gateone:2917] Connections to this server will be allowed from the following origins: 'https://192.168.220.145 http://192.168.220.145 https://192.168.60.216 http://192.168.60.216 http://localhost https://localhost http://127.0.0.1 https://127.0.0.1 https://localhost https://localhost.localdomain https://localhost4 https://localhost4.localdomain4 https://localhost.localdomain https://localhost6 https://localhost6.localdomain6 https://127.0.0.1 https://127.0.0.1'
- [I 160809 04:30:16 gateone:2307] No authentication method configured. All users will be ANONYMOUS [I 160809 04:30:16 gateone:2404] Loaded plugins: bookmarks,ssh
- [I 160809 04:30:16 gateone:3054] Listening on https://*:443/
- [I 160809 04:30:16 gateone:3060] Process running with pid 5377
- [I 160809 04:30:19 web:1462] 304 GET / (192.168.220.1) 3.91ms
- [I 160809 04:30:19 web:1462] 304 GET /combined_js (192.168.220.1) 3.50ms
- [I 160809 04:30:19 web:1462] 304 GET /auth?check=True (192.168.220.1) 0.86ms
- [I 160809 04:30:19 gateone:1063] WebSocket opened (ANONYMOUS).
- [I 160809 04:30:21 web:1462] 200 GET /static/ubuntumono-normal.woff (192.168.220.1) 6.98ms
- [I 160809 04:30:50 web:1462] 200 GET /static/ubuntumono-bold.woff (192.168.220.1) 3.26ms
@H_502_2040@