jinql
/
webssh
mirror of https://github.com/huashengdun/webssh
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Updated README

pull/38/head
Sheng 6 years ago
parent
430c785feb
commit
0c6f740e39
2 changed files with 43 additions and 16 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 25
      README.md
  2. 34
      README.rst

25
README.md
Unescape View File

@ -51,10 +51,10 @@ A simple web application to be used as an ssh client to connect to your ssh serv
```bash
# start a http server with specified listen address and listen port
wssh --address='0.0.0.0' --port=8000
wssh --address='2.2.2.2' --port=8000
# start a https server
wssh --certfile='cert.crt' --keyfile='cert.key'
# start a https server, certfile and keyfile must be passed
wssh --certfile='/path/to/cert.crt' --keyfile='/path/to/cert.key'
# missing host key policy
wssh --policy=reject
@ -110,9 +110,15 @@ Use pytest to run all tests
python -m pytest tests
```
### An example of config for running this app behind an Nginx server
### Deployment
Running behind an Nginx server
```bash
wssh --address='127.0.0.1' --port=8888 --policy=reject
```
```nginx
# Nginx config example
location / {
proxy_pass http://127.0.0.1:8888;
proxy_http_version 1.1;
@ -125,7 +131,14 @@ location / {
}
```
Running as a standalone server
```bash
wssh --port=8080 --sslport=4433 --certfile='/path/to/cert.crt' --keyfile='/path/to/cert.key' --xheaders=False --policy=reject
```
## Tips
* Try to use Nginx as a front web server (see config example above) and enable SSL, this will prevent your ssh credentials from being uncovered. Also afterwards the communication between your browser and the web server will be encrypted as they use secured websockets.
* Try to use reject policy as the missing host key policy along with your verified known_hosts, this will prevent man-in-the-middle attacks. The idea is that it checks the system host keys file("~/.ssh/known_hosts") and the application host keys file("./known_hosts") in order, if the ssh server's hostname is not found or the key is not matched, the connection will be aborted.
* For whatever deployment choice you choose, don't forget to enable SSL.
* If you choose running this app as a standalone server, redirecting http to https is enabled by default, and only http requests from a public network will be redirected.
* Try to use reject policy as the missing host key policy along with your verified known_hosts, this will prevent man-in-the-middle attacks. The idea is that it checks the system host keys file("~/.ssh/known_hosts") and the application host keys file("./known_hosts") in order, if the ssh server's hostname is not found or the key is not matched, the connection will be ab

34
README.rst
Unescape View File

@ -56,10 +56,10 @@ Server options
.. code:: bash
# start a http server with specified listen address and listen port
wssh --address='0.0.0.0' --port=8000
wssh --address='2.2.2.2' --port=8000
# start a https server
wssh --certfile='cert.crt' --keyfile='cert.key'
# start a https server, certfile and keyfile must be passed
wssh --certfile='/path/to/cert.crt' --keyfile='/path/to/cert.key'
# missing host key policy
wssh --policy=reject
@ -118,11 +118,18 @@ Use pytest to run all tests
python -m pytest tests
An example of config for running this app behind an Nginx server
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Deployment
~~~~~~~~~~
Running behind an Nginx server
.. code:: bash
wssh --address='127.0.0.1' --port=8888 --policy=reject
.. code:: nginx
# Nginx config example
location / {
proxy_pass http://127.0.0.1:8888;
proxy_http_version 1.1;
@ -134,19 +141,26 @@ An example of config for running this app behind an Nginx server
proxy_set_header X-Real-PORT $remote_port;
}
Running as a standalone server
.. code:: bash
wssh --port=8080 --sslport=4433 --certfile='/path/to/cert.crt' --keyfile='/path/to/cert.key' --xheaders=False --policy=reject
Tips
----
- Try to use Nginx as a front web server (see config example above) and
enable SSL, this will prevent your ssh credentials from being
uncovered. Also afterwards the communication between your browser and
the web server will be encrypted as they use secured websockets.
- For whatever deployment choice you choose, don't forget to enable
SSL.
- If you choose running this app as a standalone server, redirecting
http to https is enabled by default, and only http requests from a
public network will be redirected.
- Try to use reject policy as the missing host key policy along with
your verified known\_hosts, this will prevent man-in-the-middle
attacks. The idea is that it checks the system host keys
file("~/.ssh/known\_hosts") and the application host keys
file("./known\_hosts") in order, if the ssh server's hostname is not
found or the key is not matched, the connection will be aborted.
found or the key is not matched, the connection will be ab
.. |Build Status| image:: https://travis-ci.org/huashengdun/webssh.svg?branch=master
:target: https://travis-ci.org/huashengdun/webssh

Write Preview
Loading…
Cancel
Save