1.ssh服务
安装软件:
openssh-server 提供服务
openssh-clients 客户端
openssh
安装:yum install -y openssh*
ssh 端口22服务器段:
启动服务:systemctl start sshd
查看:lsof -i:22
关闭防火墙和selinux客户端:
远程登陆管理:
ssh user@ip 无密码登录(ssh密钥认证)
cilent:
产生公钥和私钥:
ssh-keygen //一路回车
拷贝公钥给对方:
ssh-copy-id -i IP直接执行远程命令:
ssh IP "command"远程拷贝命令:
谁是远程谁加ip
scp 源文件 ip:路径 //把本机的文件拷贝给远程主机
scp ip:路径 路径 //把远程主机的文件拷贝到本机路径下
修改端口号:
[root@localhost ~]# vim /etc/ssh/sshd_config
Port 22
ListenAddress IP
PermitRootLogin yes
MaxSessions 10 最大并发量
PermitEmptyPasswords no2.rz sz 命令
安装:
root账号登陆后执行以下命令:
[root@localhost ~]# yum install -y lrzsz使用:
sz命令发送文件到本地
[root@localhost ~]# sz filename
rz命令本地上转文件到服务器
[root@localhost ~]# rz
执行命令后,在弹出框中选择要上传的文件即可3.Jumpserver
环境配置:
[root@localhost ~]# getenforce
Disabled
修改字符集,否则可能报input/output error的问题,因为日志里打印了中文
[root@localhost ~]# localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8
[root@localhost ~]# export LC_ALL=zh_CN.UTF-8
[root@localhost ~]# echo 'LANG="zh_CN.UTF-8"' > /etc/locale.conf
[root@localhost ~]# yum -y install wget sqlite-devel xz gcc automake zlib-devel openssl-devel epel-release git
[root@localhost ~]# wget https://www.python.org/ftp/python/3.6.1/Python-3.6.1.tar.xz
[root@localhost ~]# tar xf Python-3.6.1.tar.xz && cd Python-3.12.5
[root@localhost Python-3.6.1]# ./configure && make && make install
这里必须执行编译安装,否则在安装python库依赖时会有麻烦...
[root@localhost Python-3.12.5]# cd /opt
[root@localhost opt]# python3 -m venv py3
[root@localhost opt]# source /opt/py3/bin/activate
(py3) [root@localhost opt]#
(py3) [root@localhost opt]# git clone https://github.com/kennethreitz/autoenv.git
正克隆到 'autoenv'...
remote: Enumerating objects: 1029, done.
remote: Counting objects: 100% (341/341), done.
remote: Compressing objects: 100% (160/160), done.
remote: Total 1029 (delta 168), reused 328 (delta 162), pack-reused 688 (from 1)
接收对象中: 100% (1029/1029), 199.18 KiB | 741.00 KiB/s, 完成.
处理 delta 中: 100% (533/533), 完成.
(py3) [root@localhost opt]# echo 'source /opt/autoenv/activate.sh' >> ~/.bashrc
(py3) [root@localhost opt]# source ~/.bashrc
使用git命令克隆时容易出现报错,以下为解决方案
问题一:
(py3) [root@localhost opt]# git clone git://github.com/kennethreitz/autoenv.git
正克隆到 'autoenv'...
fatal: 无法连接到 github.com:
github.com[0: 20.205.243.166]: errno=拒绝连接
这是因为有些网络环境可能会限制Git 协议默认使用端口的访问,或者直接阻止使用Git协议。因此,我们需要将git://github.com/替换为https://github.com/,这样可以确保与GitHub进行通信
(py3) [root@localhost opt]# git clone https://github.com/kennethreitz/autoenv.git
问题二:
(py3) [root@localhost opt]# git clone https://github.com/kennethreitz/autoenv.git
正克隆到 'autoenv'...
fatal: 无法访问 'https://github.com/kennethreitz/autoenv.git/':TCP connection reset by peer
我们需要取消http和https代理
git config --global --unset http.proxy
git config --global --unset https.proxy
下载Jumpserver
在这里事先说明一下,小编之前遇到了很大的一个问题就是目前大部分的jumpserver的源码安装使用的都是从github直接克隆的,但是这样你们在jumpserver/requirements目录下没有看到其他文章对应的requirements.txt和rpm_requirements.txt这两个文件,小编查看了大量的GitHub的jumpserver的项目代码,在3.5版本之前这两个文件是有的(有些版本不是相同的名字但是文件类型是一样的,但是在3.5版本之后jumpserver就开始执行自动化安装脚本了,为了确保大家的体验,建议选择低版本的,不容易出错)
本次使用的是2.0.2版本,该版本是在GitHub上下载的压缩包,自行解压在/opt即可
(py3) [root@localhost opt]# tar xf jumpserver-v2.0.2.tar.gz
(py3) [root@localhost opt]# mv jumpserver-v2.0.2 jumpserver //这一步是方便复制
(py3) [root@localhost opt]# cd jumpserver安装所需的python modules
(py3) [root@localhost jumpserver]# echo "source /opt/py3/bin/activate" > /opt/jumpserver/.env
(py3) [root@localhost jumpserver]# cd requirements/
[autoenv] New or modified env file detected:
--- .env contents ------------------------------------------------------------------
source /opt/py3/bin/activate
------------------------------------------------------------------------------------
[autoenv] Authorize this file? (y/N/D) y
(py3) [root@localhost requirements]# yum -y install $(cat rpm_requirements.txt)
(py3) [root@localhost requirements]# pip install --upgrade pip
这里易遇到pip的ssl问题,如果遇到可以使用
pip install --upgrade pip -i http://mirrors.aliyun.com/pypi/simple/ --trusted-host mirrors.aliyun.com
(py3) [root@localhost requirements]# pip install -r requirements.txt -i http://mirrors.aliyun.com/pypi/simple/
遇见不能安装的可以先在requirements.txt文件中先注释,随后安装
huaweicloud-sdk-python安装Redis
(py3) [root@localhost requirements]# yum -y install redis
(py3) [root@localhost requirements]# systemctl enable redis
Created symlink /etc/systemd/system/multi-user.target.wants/redis.service → /usr/lib/systemd/system/redis.service.
(py3) [root@localhost requirements]# systemctl start redis
安装MySQL
(py3) [root@localhost requirements]# yum -y install mariadb mariadb-devel mariadb-server
(py3) [root@localhost requirements]# systemctl enable mariadb
(py3) [root@localhost requirements]# systemctl start mariadb
进入数据库
(py3) [root@localhost requirements]# mysql
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 8
Server version: 10.3.28-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> create database jumpserver default charset 'utf8'; //创建jumpserver数据库默认使用utf8字符集
Query OK, 1 row affected (0.000 sec)
MariaDB [(none)]> grant all on jumpserver.* to 'jumpserveradmin'@'127.0.0.1' identified by 'jumpserverpwd'; //给本机授权
Query OK, 0 rows affected (0.001 sec)
MariaDB [(none)]> flush privileges; //刷新数据库
Query OK, 0 rows affected (0.001 sec)
MariaDB [(none)]> \q //退出
Bye
配置Jumpserver
(py3) [root@localhost requirements]# pwd
/opt/jumpserver/requirements
(py3) [root@localhost requirements]# cd ..
(py3) [root@localhost jumpserver]# ls
apps Dockerfile jms README.zh-CN.md ui
CODE_OF_CONDUCT.md Dockerfile-base LICENSE receptor utils
config_example.yml Dockerfile-ee poetry.lock requirements
CONTRIBUTING.md docs pyproject.toml SECURITY.md
data entrypoint.sh README.md tmp
(py3) [root@localhost jumpserver]# cp config_example.yml config.yml
(py3) [root@localhost jumpserver]# SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`
(py3) [root@localhost jumpserver]# echo $SECRET_KEY
05jDkKRtu0zWAS1hfObTz6IV7wg44c2wRrjAQWWpQNPr9iV2yQ
(py3) [root@localhost jumpserver]# echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc
(py3) [root@localhost jumpserver]# BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`
(py3) [root@localhost jumpserver]# echo $BOOTSTRAP_TOKEN
9tsIp3RDRxhLcwUB
(py3) [root@localhost jumpserver]# echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc
把配置写入config.yml文件
(py3) [root@localhost requirements]# sed -i "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g" /opt/jumpserver/config.yml
(py3) [root@localhost requirements]# sed -i "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /opt/jumpserver/config.yml
(py3) [root@localhost requirements]# sed -i "s/# DEBUG: true/DEBUG: false/g" /opt/jumpserver/config.yml
(py3) [root@localhost requirements]# sed -i "s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" /opt/jumpserver/config.yml
(py3) [root@localhost requirements]# sed -i "s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" /opt/jumpserver/config.yml
(py3) [root@localhost requirements]# sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: false/SESSION_EXPIRE_AT_BROWSER_CLOSE: true/g" /opt/jumpserver/config.yml
(py3) [root@localhost requirements]# sed -i "s/DB_PASSWORD: /DB_PASSWORD: $DB_PASSWORD/g" /opt/jumpserver/config.yml
(py3) [root@localhost requirements]# echo -e "\033[31m 你的SECRET_KEY是 $SECRET_KEY \033[0m"
你的SECRET_KEY是 05jDkKRtu0zWAS1hfObTz6IV7wg44c2wRrjAQWWpQNPr9iV2yQ
(py3) [root@localhost requirements]# echo -e "\033[31m 你的BOOTSTRAP_TOKEN是 $BOOTSTRAP_TOKEN \033[0m"
你的BOOTSTRAP_TOKEN是 9tsIp3RDRxhLcwUB
修改数据库配置
(py3) [root@localhost jumpserver]# vi config.yml
找到数据库配置并修改内容如下:
# 使用 MySQL 作为数据库
DB_ENGINE: mysql
DB_HOST: 127.0.0.1
DB_PORT: 3306
DB_USER: jumpserveradmin
DB_PASSWORD: jumpserverpwd
DB_NAME: jumpserver
启动jumpserver
要在/opt/jumpservre目录下
(py3) [root@localhost jumpserver]# ./jms start //启动
在启动时,遇见了两个报错
一个是AttributeError: module 'gssapi' has no attribute 'GSSException'
解决方案是在/opt/py3/lib/python3.6/site-packages/paramiko/ssh_gss.py
中的53,54行修改为
import gssapi.error
GSS_EXCEPTIONS = (gssapi.error.GSSException,)
第二个是ImportError: cannot import name 'byte_string'
解决方案为先卸载pycrypto和pycryptodome,然后重新安装pycryptodome
(py3) [root@localhost jumpserver]# ./jms start -d //后台启动
(py3) [root@localhost jumpserver]# ./jms stop //关闭部署koko(使用docker部署)
koko支持终端管理,默认端口为2222
下载docker
(py3) [root@localhost jumpserver]# yum -y install docker
启动docker
(py3) [root@localhost jumpserver]# systemctl start docker
查看自己的IP地址
(py3) [root@localhost jumpserver]# ip a
Server_IP=自己的IP地址
(py3) [root@localhost jumpserver]# Server_IP=192.168.146.214
查看BOOTSTRAP_TOKEN值
(py3) [root@localhost jumpserver]# echo $BOOTSTRAP_TOKEN
根据查看的值输入下面指令(值不一样,不要照搬下面指令)
(py3) [root@localhost jumpserver]# BOOTSTRAP_TOKEN=1Mee2JluBMSMfYMY
(py3) [root@localhost jumpserver]# docker run --name jms_koko -d -p 2222:2222 -p 5000:5000 -e CORE_HOST=http://$Server_IP:8080 -e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN jumpserver/jms_koko:1.5.5
显示comolete就说明部署完成部署guacamole
(py3) [root@localhost opt]# docker run --name jms_guacamole -d -p 8081:8081 -e JUMPSERVER_SERVER=http://$Server_IP:8080 -e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN jumpserver/jms_guacamole:1.5.5
遇见报错就重启下docker
查看一下本地镜像
部署luna
在/opt目录下
(py3) [root@localhost opt]# wget https://github.com/jumpserver/luna/releases/download/1.5.5/luna.tar.gz
(py3) [root@localhost opt]# tar xf luna.tar.gz
(py3) [root@localhost opt]# chown -R root:root luna
部署nginx
(py3) [root@localhost opt]# yum -y install gcc gcc-c++ make zlib-devel pcre pcre-devel openssl-devel
(py3) [root@localhost opt]# wget https://nginx.org/download/nginx-1.24.0.tar.gz
(py3) [root@localhost opt]# tar xf nginx-1.24.0.tar.gz -C /usr/local/
(py3) [root@localhost nginx-1.24.0]# ./configure --prefix=/usr/local/nginx && make && make install
(py3) [root@localhost nginx-1.24.0]# cd /usr/local/nginx/conf/
(py3) [root@localhost conf]# mkdir conf.d
(py3) [root@localhost conf]# cd conf.d/
(py3) [root@localhost conf.d]# vi Jumpserver.conf
文件内容如下:
server {
listen 80;
client_max_body_size 100m; # 录像及文件上传大小限制
location /luna/ {
try_files $uri / /index.html;
alias /opt/luna/; # luna 路径, 如果修改安装目录, 此处需要修改
}
location /media/ {
add_header Content-Encoding gzip;
root /opt/jumpserver/data/; # 录像位置, 如果修改安装目录, 此处需要修改
}
location /static/ {
root /opt/jumpserver/data/; # 静态资源, 如果修改安装目录, 此处需要修改
}
location /socket.io/ {
proxy_pass http://localhost:5000/socket.io/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /koko/ {
proxy_pass http://localhost:5000/koko/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /guacamole/ {
proxy_pass http://localhost:8081/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location / {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
运行nginx
(py3) [root@localhost conf.d]# /usr/local/nginx/sbin/nginx
(py3) [root@localhost nginx]# cd /usr/local/nginx/conf/
(py3) [root@localhost conf]# vi nginx.conf
在第31行 keepalive_timeout 65;的下一行添加
include /usr/local/nginx/conf/conf.d/*.conf;
重新启动
(py3) [root@localhost conf]# /usr/local/nginx/sbin/nginx -s reload在浏览器使用IP登录进行测试,出现jumpserver开源堡垒机登录页面即为正确
【用户名:admin;密码:admin】
本站资源均来自互联网,仅供研究学习,禁止违法使用和商用,产生法律纠纷本站概不负责!如果侵犯了您的权益请与我们联系!
转载请注明出处: 免费源码网-免费的源码资源网站 » 远程管理
发表评论 取消回复