jinql
/
webssh
mirror of https://github.com/huashengdun/webssh
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Updated README

pull/38/head
Sheng 6 years ago
parent
430c785feb
commit
0c6f740e39
2 changed files with 43 additions and 16 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 25
      README.md
  2. 34
      README.rst

25
README.md
Unescape View File

@ -51,10 +51,10 @@ A simple web application to be used as an ssh client to connect to your ssh serv
```bash ```bash
# start a http server with specified listen address and listen port # start a http server with specified listen address and listen port
wssh --address='0.0.0.0' --port=8000 wssh --address='2.2.2.2' --port=8000
# start a https server # start a https server, certfile and keyfile must be passed
wssh --certfile='cert.crt' --keyfile='cert.key' wssh --certfile='/path/to/cert.crt' --keyfile='/path/to/cert.key'
# missing host key policy # missing host key policy
wssh --policy=reject wssh --policy=reject
@ -110,9 +110,15 @@ Use pytest to run all tests
python -m pytest tests python -m pytest tests
``` ```
### An example of config for running this app behind an Nginx server ### Deployment
Running behind an Nginx server
```bash
wssh --address='127.0.0.1' --port=8888 --policy=reject
```
```nginx ```nginx
# Nginx config example
location / { location / {
proxy_pass http://127.0.0.1:8888; proxy_pass http://127.0.0.1:8888;
proxy_http_version 1.1; proxy_http_version 1.1;
@ -125,7 +131,14 @@ location / {
} }
``` ```
Running as a standalone server
```bash
wssh --port=8080 --sslport=4433 --certfile='/path/to/cert.crt' --keyfile='/path/to/cert.key' --xheaders=False --policy=reject
```
## Tips ## Tips
* Try to use Nginx as a front web server (see config example above) and enable SSL, this will prevent your ssh credentials from being uncovered. Also afterwards the communication between your browser and the web server will be encrypted as they use secured websockets. * For whatever deployment choice you choose, don't forget to enable SSL.
* Try to use reject policy as the missing host key policy along with your verified known_hosts, this will prevent man-in-the-middle attacks. The idea is that it checks the system host keys file("~/.ssh/known_hosts") and the application host keys file("./known_hosts") in order, if the ssh server's hostname is not found or the key is not matched, the connection will be aborted. * If you choose running this app as a standalone server, redirecting http to https is enabled by default, and only http requests from a public network will be redirected.
* Try to use reject policy as the missing host key policy along with your verified known_hosts, this will prevent man-in-the-middle attacks. The idea is that it checks the system host keys file("~/.ssh/known_hosts") and the application host keys file("./known_hosts") in order, if the ssh server's hostname is not found or the key is not matched, the connection will be ab

34
README.rst
Unescape View File

@ -56,10 +56,10 @@ Server options
.. code:: bash .. code:: bash
# start a http server with specified listen address and listen port # start a http server with specified listen address and listen port
wssh --address='0.0.0.0' --port=8000 wssh --address='2.2.2.2' --port=8000
# start a https server # start a https server, certfile and keyfile must be passed
wssh --certfile='cert.crt' --keyfile='cert.key' wssh --certfile='/path/to/cert.crt' --keyfile='/path/to/cert.key'
# missing host key policy # missing host key policy
wssh --policy=reject wssh --policy=reject
@ -118,11 +118,18 @@ Use pytest to run all tests
python -m pytest tests python -m pytest tests
An example of config for running this app behind an Nginx server Deployment
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~
Running behind an Nginx server
.. code:: bash
wssh --address='127.0.0.1' --port=8888 --policy=reject
.. code:: nginx .. code:: nginx
# Nginx config example
location / { location / {
proxy_pass http://127.0.0.1:8888; proxy_pass http://127.0.0.1:8888;
proxy_http_version 1.1; proxy_http_version 1.1;
@ -134,19 +141,26 @@ An example of config for running this app behind an Nginx server
proxy_set_header X-Real-PORT $remote_port; proxy_set_header X-Real-PORT $remote_port;
} }
Running as a standalone server
.. code:: bash
wssh --port=8080 --sslport=4433 --certfile='/path/to/cert.crt' --keyfile='/path/to/cert.key' --xheaders=False --policy=reject
Tips Tips
---- ----
- Try to use Nginx as a front web server (see config example above) and - For whatever deployment choice you choose, don't forget to enable
enable SSL, this will prevent your ssh credentials from being SSL.
uncovered. Also afterwards the communication between your browser and - If you choose running this app as a standalone server, redirecting
the web server will be encrypted as they use secured websockets. http to https is enabled by default, and only http requests from a
public network will be redirected.
- Try to use reject policy as the missing host key policy along with - Try to use reject policy as the missing host key policy along with
your verified known\_hosts, this will prevent man-in-the-middle your verified known\_hosts, this will prevent man-in-the-middle
attacks. The idea is that it checks the system host keys attacks. The idea is that it checks the system host keys
file("~/.ssh/known\_hosts") and the application host keys file("~/.ssh/known\_hosts") and the application host keys
file("./known\_hosts") in order, if the ssh server's hostname is not file("./known\_hosts") in order, if the ssh server's hostname is not
found or the key is not matched, the connection will be aborted. found or the key is not matched, the connection will be ab
.. |Build Status| image:: https://travis-ci.org/huashengdun/webssh.svg?branch=master .. |Build Status| image:: https://travis-ci.org/huashengdun/webssh.svg?branch=master
:target: https://travis-ci.org/huashengdun/webssh :target: https://travis-ci.org/huashengdun/webssh

Write Preview
Loading…
Cancel
Save