Loading...
dushixiang / next-terminal Goto Github PK
View Code? Open in Web Editor NEWNext Terminal是一个简单好用安全的开源交互审计系统,支持RDP、SSH、VNC、Telnet、Kubernetes协议。
Home Page: https://next-terminal.typesafe.cn
License: Apache License 2.0
Next Terminal是一个简单好用安全的开源交互审计系统,支持RDP、SSH、VNC、Telnet、Kubernetes协议。
Home Page: https://next-terminal.typesafe.cn
License: Apache License 2.0
Loading...
只有RSA密钥可以正常登录,任何ED25519密钥都会登录失败。
docker部署,web界面的时间都是utc时间,能不能改为可修改时区
浏览器到next-terminal这一段是http的
请问有考虑加入https支持吗
demo上也是有https的
谢谢
「一行一个命令」实际上换行符会被忽略。
默认没开启,开启之后刷新rdp接口之后生效了,但是一滚动就糊了,点击其他窗口后糊的窗口会恢复平滑,还没发现其他恢复方法。
问题挺简单的我就不截图了。
客户端时chrome,服务器是windows server 2016.
next-terminal运行环境:Docker
next-terminal运行参数:
docker run -d \
--name next-terminal \
--restart always dushixiang/next-terminal:latest
Caddy v1运行环境:Docker
Caddy配置文件:
terminal.example.example {
tls {
dns cloudflare
}
proxy / 172.18.0.5:8088 {
transparent
websocket
header_upstream -Origin
}
}
之后访问http://terminal.example.example,出现"Rejected request from RFC1918 IP to public server address"错误,访问https://terminal.example.example,则为拒绝连接。
关闭在线连接页面后,在线会话还是一直显示在线,但此时点监控是监控不到的
更改密码不能用
按照文档docker 拉的lastest,但是是0.8.0版本,里边的设备无法批量编辑。。。而且用户组好像也没有实际的功能,设备授权的时候没有选择用户组的地方,还是只能单个用户选择
[root@instance-20200301-1311 /]# yum install -y gcc cairo-devel libjpeg-turbo-devel libpng-devel uuid-devel freerdp-devel pango-devel libssh2-devel libtelnet-devel libvncserver-devel pulseaudio-libs-devel openssl-devel libvorbis-devel libwebp-devel libwebsockets-devel libtool
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
[root@instance-20200301-1311 /]# tar -xzf guacamole-server-1.2.0.tar.gz
[root@instance-20200301-1311 /]# cd guacamole-server-1.2.0
[root@instance-20200301-1311 guacamole-server-1.2.0]# ./configure --with-init-dir=/etc/init.d
checking for a BSD-compatible install... /bin/install -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... /bin/mkdir -p
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking whether make supports nested variables... yes
checking whether make supports nested variables... (cached) yes
checking build system type... x86_64-pc-linux-gnu
checking host system type... x86_64-pc-linux-gnu
checking how to print strings... printf
checking for style of include used by make... GNU
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking whether gcc understands -c and -o together... yes
checking dependency style of gcc... gcc3
checking for a sed that does not truncate output... /bin/sed
checking for grep that handles long lines and -e... /bin/grep
checking for egrep... /bin/grep -E
checking for fgrep... /bin/grep -F
checking for ld used by gcc... /bin/ld
checking if the linker (/bin/ld) is GNU ld... yes
checking for BSD- or MS-compatible name lister (nm)... /bin/nm -B
checking the name lister (/bin/nm -B) interface... BSD nm
checking whether ln -s works... yes
checking the maximum length of command line arguments... 1572864
checking how to convert x86_64-pc-linux-gnu file names to x86_64-pc-linux-gnu format... func_convert_file_noop
checking how to convert x86_64-pc-linux-gnu file names to toolchain format... func_convert_file_noop
checking for /bin/ld option to reload object files... -r
checking for objdump... objdump
checking how to recognize dependent libraries... pass_all
checking for dlltool... no
checking how to associate runtime and link libraries... printf %s\n
checking for ar... ar
checking for archiver @file support... @
checking for strip... strip
checking for ranlib... ranlib
checking command to parse /bin/nm -B output from gcc object... ok
checking for sysroot... no
checking for a working dd... /bin/dd
checking how to truncate binary pipes... /bin/dd bs=4096 count=1
checking for mt... no
checking if : is a manifest tool... no
checking how to run the C preprocessor... /lib/cpp
configure: error: in /guacamole-server-1.2.0': configure: error: C preprocessor "/lib/cpp" fails sanity check See
config.log' for more details
以上为提示,看不懂哪里有问题
方便使用watchtower自动更新
使用admin
账号添加新用户,新用户无法登录,报Request failed with status code 500
错误,望修复。
安装使用过程中发现如果是在企业域中想用域账户管理员对服务器发起RDP连接都是失败的
不知道后续是否能加入域功能
期待去掉 MySQL 依赖
在国内国外都有机器的话,墙就是个问题了... 有时候无法做到保证都能联通(单向墙 双向墙等情况)
因此请求添加 通过代理连接 或类似的功能 保证通联性同时也能起到一定的加速功能。
希望可以对每个资产单独配置一个代理,防止代理起到绕全球减速作用。
SSH 秘钥无法正常登陆,
你好,我登录华为交换机出现无法使用退格的情况,测试环境如下:
centos 7.2
docker
Next Terminal ©2021 dushixiang Version:0.1.0
Next Terminal ©2021 dushixiang Version:0.0.8
测试设备:
debian64 arm版,提示“可执行文件格式错误”
期待编译支持arm版本
主机是树莓派4b
原生安装好程序后,试图将程序写入Systemd,配置文件如下:
[Unit]
Description=next-terminal service
After=network.target
[Service]
User=root
ExecStart=/usr/bin/next-terminal/next-terminal --server.addr '0.0.0.0:8088' --sqlite.file /usr/bin/next-terminal/next-terminal.db
Restart=always
[Install]
WantedBy=multi-user.target
如果直接执行Exec行的命令的话,是可以正常显示网页界面的;但通过Systemd启动则直接显示404。
系统是Debian 10,内核5.9.10
Linux Gateway 5.9.10-050910-generic #202011221708 SMP Sun Nov 22 18:07:21 UTC 2020 x86_64 GNU/Linux
如果不是程序的问题的话,麻烦您指路一个解决方向就可以了,十分感谢
新版本引入golang ssh库后可以选择使用哪种方式来连接,但新建资产时右边的选择是无效的,选什么都是默认。
必须在确定后重新编辑,然后再选择原生才能使用golang连接。
比如我想执行 win+r,目前没法做到
更新「资产」时,不更改「标签」字段,保存后会清空该「资产」的所有标签。
演示站点可复现。
今天试着部署 Next Terminal,体验非常棒,谢谢作者的无私奉献。
部署使用了数据库,浏览数据看到所有授权凭证都是明文储存的,是否可以考虑 Hash 后储存呢,这样多少能提高一点安全性,您觉得呢?
在设置中设置了ssh字体之后变得很奇怪,部署方式是docker部署,是必须在docker中增加字体嘛?
首先这个工具是真的强大。
希望再支持一下MacOS
你好,目前没有强制启用二次验证。
在管理员新增用户时,可否强制指定用户第一次登录后,就强制增加二次验证。
另外,有些快捷键对部分设备可能会有问题,为了防止误操作,可否设置粘贴板、发送快捷按键的开关,全局禁用或者是新增设备时,对指定设备禁用。
@dushixiang
如题,希望开发者能增加谷歌二步验证增加安全性。还有就是vnc模式下,在使用vmware自带的vnc无法连接,vmware自带vnc无用户名,且无法设置,希望开发者帮忙做个兼容该类vnc联系,谢谢,顺颂商祺。
利用Docker Hub拉取建置環境,新增使用者並給予部分連線的資產列表,但進入後會出現「RIGHT and FULL OUTER JOINs are not currently supported」,請問這是設定上有錯誤還是系統有問題?
资产列表
能写个在群晖docker上安装的教程不
DOMException: Failed to construct 'WebSocket': The URL '/ssh?X-Auth-Token=xxxxxxxx' is invalid
mysql容器启动命令:
@echo off
setlocal
for %%I in ("%~dp0.") do for %%J in ("%%~dpI.") do set PRJ_PATH=%%~dpnxJ
set DATA_PATH=%PRJ_PATH%\data
docker rm -f -v mysql
docker run --name mysql --privileged=true -e MYSQL_ROOT_PASSWORD=root -d --rm -v %DATA_PATH%\mysql:/var/lib/mysql -v %DATA_PATH%\etc\mysql\mysql.conf.d:/etc/mysql/mysql.conf.d -p 3306:3306 mysql:5.7
本地连接docker的mysql服务其他的使用都没问题
next-terminal容器启动命令:
@echo off
docker rm -f -v next-terminal
docker run -d ^
-p 8088:8088 ^
--link mysql ^
-e DB=mysql ^
-e MYSQL_HOSTNAME=mysql ^
-e MYSQL_PORT=3306 ^
-e MYSQL_USERNAME=root ^
-e MYSQL_PASSWORD=root ^
-e MYSQL_DATABASE=next_terminal ^
--name next-terminal ^
--restart always dushixiang/next-terminal:latest
启动运行日志:
/usr/lib/python2.7/dist-packages/supervisor/options.py:461: UserWarning: Supervisord is running as root and it is searching for its configuration file in default locations (including its current working directory); you probably want to specify a "-c" argument specifying an absolute path to a configuration file for improved security.
'Supervisord is running as root and it is searching '
2020-12-29 06:23:51,796 CRIT Supervisor is running as root. Privileges were not dropped because no user is specified in the config file. If you intend to run as root, you can set user=root in the config file to avoid this message.
2020-12-29 06:23:51,797 INFO Included extra file "/etc/supervisor/conf.d/supervisord.conf" during parsing
2020-12-29 06:23:51,817 INFO RPC interface 'supervisor' initialized
2020-12-29 06:23:51,817 CRIT Server 'unix_http_server' running without any HTTP authentication checking
2020-12-29 06:23:51,818 INFO supervisord started with pid 7
2020-12-29 06:23:52,821 INFO spawned: 'guacd' with pid 10
2020-12-29 06:23:52,823 INFO spawned: 'next-terminal' with pid 11
2020-12-29 06:23:52,838 INFO exited: next-terminal (exit status 1; not expected)
2020-12-29 06:23:53,840 INFO success: guacd entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2020-12-29 06:23:53,841 INFO spawned: 'next-terminal' with pid 17
2020-12-29 06:23:53,852 INFO exited: next-terminal (exit status 1; not expected)
2020-12-29 06:23:55,856 INFO spawned: 'next-terminal' with pid 23
2020-12-29 06:23:55,867 INFO exited: next-terminal (exit status 1; not expected)
2020-12-29 06:23:58,873 INFO spawned: 'next-terminal' with pid 30
2020-12-29 06:23:58,892 INFO exited: next-terminal (exit status 1; not expected)
2020-12-29 06:23:59,894 INFO gave up: next-terminal entered FATAL state, too many start retries too quickly
「资产列表」页面,尝试通过「资产标签」过滤,返回结果总是空。
确认是:使用默认 sqlite
时才会出现,mysql
正常。
docker-compose.yml
version: '3.3'
services:
mariadb:
image: mariadb:10.1
environment:
- MYSQL_ROOT_PASSWORD=mariadb
- MYSQL_DATABASE=next_terminal
- MYSQL_USER=next_terminal
- MYSQL_PASSWORD=next_terminal
next-terminal:
image: ghcr.io/dushixiang/next-terminal:latest
ports:
- 8088:8088
environment:
- DB=mysql
- MYSQL_HOSTNAME=mariadb
- MYSQL_USERNAME=next_terminal
- MYSQL_PASSWORD=next_terminal
- MYSQL_DATABASE=next_terminal
日志也没有任何提示
能否让其支持通过API直接免登录特定的主机
使用"资产"的"授权账户"来覆盖"授权凭证"中的字段。
现在使用nginx localtion /test/ { ………………} 反向代理 点击页面 报错404 。小白猜测 页面上写的是绝对路径,是否可以修改为相对路径?
例如访问地址为:http://172.15.35.23:8081/next-terminal/
nginx配置为
前端报错为:
如题,希望增加对各种配色主题的支持
部分资产没有固定的公网ip,使用 ddns 服务来动态映射。
因此希望资产 ip 一栏允许填写域名,实时解析出 ip 再来连接(或者测试在线状态)
Docker部署,连接服务器时一直提示“正在等待服务器响应...“
版本0.1.1,ssh连接
supervisor日志:
_______ __ ___________ .__ .__
\ \ ____ ___ ____/ |_ \__ ___/__________ _____ |__| ____ _____ | |
/ | \_/ __ \\ \/ /\ __\ | |_/ __ \_ __ \/ \| |/ \\__ \ | |
/ | \ ___/ > < | | | |\ ___/| | \/ Y Y \ | | \/ __ \| |__
\____|__ /\___ >__/\_ \ |__| |____| \___ >__| |__|_| /__|___| (____ /____/
\/ \/ \/ \/ \/ \/ \/ v0.1.1
当前数据库模式为:sqlite
Jan 30 12:15:49.353 [INFO] 初始用户创建成功,账号:「admin」密码:「admin」
⇨ http server started on [::]:8088
2021/01/30 12:16:02 /app/pkg/model/session.go:178 unrecognized token: ":"; unrecognized token: ":"
[0.050ms] [rows:-] select t1.`day`, count(t2.id) as count
from (
SELECT @date := DATE_ADD(@date, INTERVAL - 1 DAY) day
FROM (SELECT @date := DATE_ADD('20210130', INTERVAL + 1 DAY) FROM nums) as t0
LIMIT 7
)
as t1
left join
(
select DATE(s.connected_time) as day, s.id
from sessions as s
WHERE protocol = "rdp" and DATE(connected_time) <= '20210130'
AND DATE(connected_time) > DATE_SUB('20210130', INTERVAL 7 DAY)
) as t2 on t1.day = t2.day
group by t1.day
Jan 30 12:16:45.929 [DEBU] 创建新会话 $2049135b-a6b4-4dce-8fd8-1e4b1efaa8fb
Jan 30 12:17:52.425 [DEBU] 会话$2049135b-a6b4-4dce-8fd8-1e4b1efaa8fb创建者退出
2021/01/30 12:17:52 /app/pkg/model/session.go:128 record not found
[0.162ms] [rows:0] SELECT * FROM `sessions` WHERE id = "14a84bbc-fd40-4a21-8f90-b67c09344a63" ORDER BY `sessions`.`id` LIMIT 1
2021/01/30 12:17:53 /app/pkg/model/session.go:128 record not found
[0.166ms] [rows:0] SELECT * FROM `sessions` WHERE id = "14a84bbc-fd40-4a21-8f90-b67c09344a63" ORDER BY `sessions`.`id` LIMIT 1
Jan 30 12:19:01.005 [DEBU] 创建新会话 $4b265473-fcc4-4f8b-acdd-bbb8d91162e5
Jan 30 12:20:02.140 [DEBU] 会话$4b265473-fcc4-4f8b-acdd-bbb8d91162e5创建者退出
2021/01/30 12:20:02 /app/pkg/model/session.go:128 record not found
[0.231ms] [rows:0] SELECT * FROM `sessions` WHERE id = "f51a8e05-131e-4d29-ae35-1600cb271a00" ORDER BY `sessions`.`id` LIMIT 1
Jan 30 12:20:02.307 [DEBU] 创建新会话 $3272f2f2-c87a-4859-895b-b259f3c8ebec
Jan 30 12:21:50.205 [DEBU] 会话$3272f2f2-c87a-4859-895b-b259f3c8ebec创建者退出
2021/01/30 12:21:50 /app/pkg/model/session.go:128 record not found
[0.190ms] [rows:0] SELECT * FROM `sessions` WHERE id = "98d26f80-863d-4ad3-b299-04fba573a333" ORDER BY `sessions`.`id` LIMIT 1
2021/01/30 12:21:51 /app/pkg/model/session.go:128 record not found
[0.143ms] [rows:0] SELECT * FROM `sessions` WHERE id = "98d26f80-863d-4ad3-b299-04fba573a333" ORDER BY `sessions`.`id` LIMIT 1
Jan 30 12:23:55.259 [DEBU] 创建新会话 $d9024ef2-4f56-495c-9eba-2e0e92281789
Jan 30 12:24:00.357 [DEBU] 会话$d9024ef2-4f56-495c-9eba-2e0e92281789创建者退出
2021/01/30 12:24:00 /app/pkg/model/session.go:128 record not found
[0.136ms] [rows:0] SELECT * FROM `sessions` WHERE id = "da208eb1-8f85-4559-b360-5a3fbacfbc9c" ORDER BY `sessions`.`id` LIMIT 1
2021/01/30 12:24:01 /app/pkg/model/session.go:128 record not found
[0.131ms] [rows:0] SELECT * FROM `sessions` WHERE id = "da208eb1-8f85-4559-b360-5a3fbacfbc9c" ORDER BY `sessions`.`id` LIMIT 1
使用docker安装next-terminal,已开启host的IPv6,并在docker容器中测试可以成功ping通IPv6资产及www.google.com的ipv6地址,但next-terminal中IPv6资产的状态为“不可用“,是目前还不支持IPv6吗?
root@f946822d0084:/usr/local/next-terminal# ping6 www.google.com
PING www.google.com (2607:f8b0:4001:c18::67): 56 data bytes
64 bytes from 2607:f8b0:4001:c18::67: icmp_seq=0 ttl=104 time=50.834 ms
64 bytes from 2607:f8b0:4001:c18::67: icmp_seq=1 ttl=104 time=49.313 ms
64 bytes from 2607:f8b0:4001:c18::67: icmp_seq=2 ttl=104 time=52.028 ms
^C--- www.google.com ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 49.313/50.725/52.028/1.111 ms
root@f946822d0084:/usr/local/next-terminal# ssh 2001xxxxxx::1
The authenticity of host '2001:xxxx::1 (2001:xxxx::1)' can't be established.
ECDSA key fingerprint is SHA256:xxxxxxxxxxxxxxxxxxxxxxx.
Are you sure you want to continue connecting (yes/no)?
感谢作者开发出这么好的工具,如果能有跳板机功能,直接通过终端就能登录不同的服务器,不用打开浏览器就更好了,例如这个项目 https://github.com/TNK-Studio/gortal
部署完成,终端默认地址和端口是什么?
试了80,8088,均不能访问。
目前用户通过数据库管理,不好融入其它用户认证体系。
希望能增加ldap支持,可通过ldap认证外部用户
希望能改某个用户分配某几个资产;
希望能隐藏授权账户信息,否则只要是个用户就能看到机器的ssh密码或私钥
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.