jinql
/
webssh
mirror of https://github.com/huashengdun/webssh
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
89 Commits
4 Branches
43 Tags
1.8 MiB
Python 81%
JavaScript 16.1%
HTML 2.6%
Dockerfile 0.3%
 
 
 
 
Go to file
Sheng b88a159fbb Added a parameter for worker to close with a reason 2018-04-14 17:13:40 +08:00
preview Added terminal.png 2017-11-09 16:02:14 +08:00
static Changed quotes 2018-04-09 09:40:07 +08:00
templates Added static files back 2018-03-08 20:01:10 +08:00
.gitignore Added missing host key policy option 2018-03-14 22:09:17 +08:00
LICENSE Initialize 2017-11-08 22:33:05 +08:00
README.md Changed default policy to warning policy 2018-03-17 18:37:12 +08:00
handler.py Added a parameter for worker to close with a reason 2018-04-14 17:13:40 +08:00
main.py Removed module unused 2018-04-11 21:27:03 +08:00
policy.py Renamed get_host_keys to load_host_keys 2018-04-11 20:19:49 +08:00
requirements.txt Updated requirements.txt 2018-04-05 13:51:53 +08:00
settings.py Modified help text 2018-04-11 21:32:00 +08:00
worker.py Added a parameter for worker to close with a reason 2018-04-14 17:13:40 +08:00

README.md

WebSSH

A simple web application to be used as an ssh client to connect to your ssh servers. It is written in Python, base on Tornado and Paramiko.

Preview

Login Terminal

Features

  • SSH password authentication supported, including empty password.
  • SSH public-key authentication supported, including DSA RSA ECDSA Ed25519 keys.
  • Encrypted keys supported.
  • Fullscreen terminal supported.
  • Terminal window resizable.
  • Compatible with Python 2.7-3.6.

Instructions

git clone https://github.com/huashengdun/webssh.git
cd webssh
pip install -r requirements.txt
python main.py

Options

# configure listen address and port
python main.py --address='0.0.0.0' --port=8000

# configure missing host key policy
python main.py --policy=reject

# configure logging level
python main.py --logging=debug

# log to file
python main.py --log-file-prefix=main.log

# more options
python main.py --help

Nginx config example for running this app behind an nginx server

location / { 
    proxy_pass http://127.0.0.1:8888;
    proxy_http_version 1.1;
    proxy_read_timeout 300;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Real-PORT $remote_port;
}

Tips

  • Try to use Nginx as a front web server (see config example above) and enable SSL, this will prevent your ssh credentials from being uncovered. Also afterwards the communication between your browser and the web server will be encrypted as they use secured websockets.
  • Try to use reject policy as the missing host key policy along with your verified known_hosts, this will prevent man-in-the-middle attacks. The idea is that it checks the system host keys file("~/.ssh/known_hosts") and the application host keys file("./known_hosts") in order, if the ssh server's hostname is not found or the key is not matched, the connection will be aborted.