jinql
/
webssh
mirror of https://github.com/huashengdun/webssh
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
489 Commits
4 Branches
43 Tags
1.8 MiB
Python 81%
JavaScript 16.1%
HTML 2.6%
Dockerfile 0.3%
 
 
 
 
Go to file
Shengdun Hua bf76954874
Merge pull request #341 from cclauss/patch-1 
GitHub Action to lint and test Python code
 		2023-04-05 16:34:40 +08:00
.github Comment out PyPy for now 2023-04-05 09:46:26 +02:00
preview Updated README 2019-07-07 15:19:39 +08:00
tests handle invalid characeters in encoding 2023-03-30 10:52:53 -04:00
webssh handle invalid characeters in encoding 2023-03-30 10:52:53 -04:00
.coveragerc Prepare to write unit tests 2018-04-22 20:11:36 +08:00
.dockerignore Change the Docker base image from python:3-slim to python:3-alpine. 2022-05-27 12:47:19 +01:00
.gitignore Prepare to write unit tests 2018-04-22 20:11:36 +08:00
Dockerfile Change the Docker base image from python:3-slim to python:3-alpine. 2022-05-27 12:47:19 +01:00
LICENSE Initialize 2017-11-08 22:33:05 +08:00
MANIFEST.in Updated setup.py MANIFEST.in 2018-04-27 17:58:22 +08:00
README.md Support for Python 3.8+ 2023-03-08 11:34:26 +08:00
README.rst Support for Python 3.8+ 2023-03-08 11:34:26 +08:00
docker-compose.yml Added docker support 2019-04-18 19:39:14 +08:00
requirements.txt Drop support for Python version below 3.8 2023-02-27 22:13:24 +08:00
run.py Added docker support 2019-04-18 19:39:14 +08:00
setup.cfg Removed a blank line 2018-05-30 21:37:45 +08:00
setup.py Support for Python 3.8+ 2023-03-08 11:34:26 +08:00

README.md

WebSSH

Build Status codecov PyPI - Python Version PyPI

Introduction

A simple web application to be used as an ssh client to connect to your ssh servers. It is written in Python, base on tornado, paramiko and xterm.js.

Features

  • SSH password authentication supported, including empty password.
  • SSH public-key authentication supported, including DSA RSA ECDSA Ed25519 keys.
  • Encrypted keys supported.
  • Two-Factor Authentication (time-based one-time password) supported.
  • Fullscreen terminal supported.
  • Terminal window resizable.
  • Auto detect the ssh server's default encoding.
  • Modern browsers including Chrome, Firefox, Safari, Edge, Opera supported.

Preview

Login Terminal

How it works

+---------+     http     +--------+    ssh    +-----------+
| browser | <==========> | webssh | <=======> | ssh server|
+---------+   websocket  +--------+    ssh    +-----------+

Requirements

  • Python 3.8+

Quickstart

  1. Install this app, run command pip install webssh
  2. Start a webserver, run command wssh
  3. Open your browser, navigate to 127.0.0.1:8888
  4. Input your data, submit the form.

Server options

# start a http server with specified listen address and listen port
wssh --address='2.2.2.2' --port=8000

# start a https server, certfile and keyfile must be passed
wssh --certfile='/path/to/cert.crt' --keyfile='/path/to/cert.key'

# missing host key policy
wssh --policy=reject

# logging level
wssh --logging=debug

# log to file
wssh --log-file-prefix=main.log

# more options
wssh --help

Browser console

// connect to your ssh server
wssh.connect(hostname, port, username, password, privatekey, passphrase, totp);

// pass an object to wssh.connect
var opts = {
  hostname: 'hostname',
  port: 'port',
  username: 'username',
  password: 'password',
  privatekey: 'the private key text',
  passphrase: 'passphrase',
  totp: 'totp'
};
wssh.connect(opts);

// without an argument, wssh will use the form data to connect
wssh.connect();

// set a new encoding for client to use
wssh.set_encoding(encoding);

// reset encoding to use the default one
wssh.reset_encoding();

// send a command to the server
wssh.send('ls -l');

Custom Font

To use custom font, put your font file in the directory webssh/static/css/fonts/ and restart the server.

URL Arguments

Support passing arguments by url (query or fragment) like following examples:

Passing form data (password must be encoded in base64, privatekey not supported)

http://localhost:8888/?hostname=xx&username=yy&password=str_base64_encoded

Passing a terminal background color

http://localhost:8888/#bgcolor=green

Passing a terminal font color

http://localhost:8888/#fontcolor=red

Passing a user defined title

http://localhost:8888/?title=my-ssh-server

Passing an encoding

http://localhost:8888/#encoding=gbk

Passing a font size

http://localhost:8888/#fontsize=24

Passing a command executed right after login

http://localhost:8888/?command=pwd

Passing a terminal type

http://localhost:8888/?term=xterm-256color

Use Docker

Start up the app

docker-compose up

Tear down the app

docker-compose down

Tests

Requirements

pip install pytest pytest-cov codecov flake8 mock

Use unittest to run all tests

python -m unittest discover tests

Use pytest to run all tests

python -m pytest tests

Deployment

Running behind an Nginx server

wssh --address='127.0.0.1' --port=8888 --policy=reject

# Nginx config example
location / {
    proxy_pass http://127.0.0.1:8888;
    proxy_http_version 1.1;
    proxy_read_timeout 300;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Real-PORT $remote_port;
}

Running as a standalone server

wssh --port=8080 --sslport=4433 --certfile='cert.crt' --keyfile='cert.key' --xheaders=False --policy=reject

Tips

  • For whatever deployment choice you choose, don't forget to enable SSL.
  • By default plain http requests from a public network will be either redirected or blocked and being redirected takes precedence over being blocked.
  • Try to use reject policy as the missing host key policy along with your verified known_hosts, this will prevent man-in-the-middle attacks. The idea is that it checks the system host keys file("~/.ssh/known_hosts") and the application host keys file("./known_hosts") in order, if the ssh server's hostname is not found or the key is not matched, the connection will be aborted.