GateOne介绍

GateOne 是一款使用 HTML5 技术编写的网页版 SSH 终端模拟器。就是类似于Windows上远程ssh工具,例如Xshell等。
亮点有:
• 基于现代的 HTML5 技术,无需任何浏览器插件。
• 支持多个 SSH 进程。
• 可以嵌入到其他任意应用程序中。
• 支持使用 JavaScript,Python 甚至纯 CSS 编写的插件。
• 支持 SSH 进程副本,打开多个进程而无需重复输入密码。
• 支持各种服务器端的日志功能,支持 Keberos-based 单点登录甚至活动目录。
以上参考:https://linuxtoy.org/archives/gateone.html 可以看到外网的介绍视屏。
官网上介绍说在CentOS下安装GateOne的先决条件是:
(1) Python 版本为2.6+和3.2+
(2) Tornado Framework 框架2.2+
(3) 如果Python是2.6版本的需要安装ordereddict module
(4) tornado kerberos等模块

安装过程

(1) 下载必要的源
epel-release-6-8.noarch.rpm源的下载和安装

[root@localhost tools]# wget http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
---08-08 05:26:07--  http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
Resolving dl.fedoraproject.org... 209.132.181.24, 209.132.181.23, 209.132.181.27, ...
Connecting to dl.fedoraproject.org|209.132.181.24|:80... connected.
HTTP request sent, awaiting response...  OK
Length: 14540 (14K) [application/x-rpm]
Saving to: “epel-release--8.noarch.rpm”
%[===========================================>] 14,540      60.8K/s   in 0.2s    
-08-08 05:26:08 (60.8 KB/s) - “epel-release-6-8.noarch.rpm” saved [14540/14540]
[root@localhost tools]#  rpm -Uvh epel-release*rpm
warning: epel-release-6-8.noarch.rpm: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY
Preparing...                ########################################### [100%]
   :epel-release           ########################################### [100%]
[root@localhost tools]# yum install epel-release
Loaded plugins: fastestmirror
Setting up Install Process
Loading mirror speeds from cached hostfile
epel/metalink                                                 | 4.7 kB     00:00     
 * base: mirrors.hust.edu.cn
 * epel: mirrors.neusoft.edu.cn
 * extras: mirrors.hust.edu.cn
 * updates: mirrors.hust.edu.cn
base                                                          | 3.7 kB     00:00     
epel                                                          | 4.3 kB     00:00     
epel/primary_db                                               | 5.9 MB     00:03     
extras                                                        | 3.4 kB     00:00     
updates                                                       | 3.4 kB     00:00     
updates/primary_db                                            | 1.4 MB     00:01     
Package epel-release--8.noarch already installed and latest version
Nothing to do
[root@localhost tools]#

rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm源的下载和安装

[root@localhost tools]# wget http://apt.sw.be/redhat/el6/en/x86_64/rpmforge/RPMS/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
---08-08 05:31:39--  http://apt.sw.be/redhat/el6/en/x86_64/rpmforge/RPMS/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
Resolving apt.sw.be... 193.1.193.67
Connecting to apt.sw.be|193.1.193.67|:80... connected.
HTTP request sent, awaiting response...  OK
Length: 12700 (12K) [application/x-redhat-package-manager]
Saving to: “rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm”
%[===========================================>] 12,700      --.-K/s   in 0s      
-08-08 05:31:41 (475 MB/s) - “rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm” saved [12700/12700]
[root@localhost tools]# rpm -Uvh rpmforge-release*rpm
warning: rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm: Header V3 DSA/SHA1 Signature, key ID 6b8d79e6: NOKEY
Preparing...                ########################################### [100%]
   :rpmforge-release       ########################################### [100%]
[root@localhost tools]#

(2) 安装依赖包

[root@localhost tools]# yum install -y python python-pip gcc python-devel setuptool python-pam openssl openssl-devel wget make gcc-c++ patch pam_radius dtach pyOpenSSL perl

(3) 用pip命令安装tornado Kerberos

[root@localhost tools]# pip install tornado kerberos

(4) 安装tornado

[root@localhost tools]# wget https://github.com/downloads/liftoff/GateOne/tornado-2.4-1.noarch.rpm
---08-08 16:33:37--  https://github.com/downloads/liftoff/GateOne/tornado-2.4-1.noarch.rpm
Resolving github.com... 192.30.253.113
Connecting to github.com|192.30.253.113|:443... connected.
HTTP request sent, awaiting response...  Found
Location: https://cloud.github.com/downloads/liftoff/GateOne/tornado-2.4-1.noarch.rpm [following]
---08-08 16:33:39--  https://cloud.github.com/downloads/liftoff/GateOne/tornado-2.4-1.noarch.rpm
Resolving cloud.github.com... 54.182.5.40, 54.182.5.69, 54.182.5.230, ...
Connecting to cloud.github.com|54.182.5.40|:443... connected.
HTTP request sent, awaiting response...  OK
Length: 577918 (564K)

Saving to: “tornado-2.4-1.noarch.rpm”
%[===========================================>] 577,918     40.2K/s   in 11s     
-08-08 16:33:55 (51.1 KB/s) - “tornado-2.4-1.noarch.rpm” saved [577918/577918]
[root@localhost tools]# ls
epel-release--8.noarch.rpm                 tornado-2.4-1.noarch.rpm
rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
[root@localhost tools]# rpm -ivh tornado-2.4-1.noarch.rpm
Preparing...                ########################################### [100%]
   :tornado                ########################################### [100%]
[root@localhost tools]#

(5) 安装Imaging

 [root@localhost tools]# rpm -ivh tornado-2.4-1.noarch.rpm
Preparing...                ########################################### [100%]
   :tornado                ########################################### [100%]
[root@localhost tools]# wget http://effbot.org/media/downloads/Imaging-1.1.7.tar.gz
---08-08 16:35:14--  http://effbot.org/media/downloads/Imaging-1.1.7.tar.gz
Resolving effbot.org... 75.126.217.42
Connecting to effbot.org|75.126.217.42|:80... connected.
HTTP request sent, awaiting response...  OK
Length: 498749 (487K) [application/octet-stream]
Saving to: “Imaging-1.1.7.tar.gz”
%[===========================================>] 498,749     67.4K/s   in 6.6s    
-08-08 16:35:25 (74.3 KB/s) - “Imaging-1.1.7.tar.gz” saved [498749/498749]
[root@localhost tools]# tar zxvf Imaging-1.1.7.tar.gz
[root@localhost tools]# cd Imaging-1.1.7
[root@localhost Imaging-1.1.7]# python setup.py install

(6) 安装ordereddict

[root@localhost Imaging-1.1.7]# wget https://pypi.python.org/packages/source/o/ordereddict/ordereddict-1.1.tar.gz
---08-08 16:37:03--  https://pypi.python.org/packages/source/o/ordereddict/ordereddict-1.1.tar.gz
Resolving pypi.python.org... 151.101.16.223, 2a04:4e42:4::223
Connecting to pypi.python.org|151.101.16.223|:443... connected.
HTTP request sent, awaiting response...  OK
Length: 2114 (2.1K) [application/octet-stream]
Saving to: “ordereddict-1.1.tar.gz”
%[===========================================>] 2,114       --.-K/s   in 0.001s  
-08-08 16:37:05 (2.28 MB/s) - “ordereddict-1.1.tar.gz” saved [2114/2114]
[root@localhost Imaging-1.1.7]# tar -zxvf ordereddict-1.1.tar.gz
ordereddict-1.1/
ordereddict-1.1/LICENSE
ordereddict-1.1/ordereddict.py
ordereddict-1.1/PKG-INFO
ordereddict-1.1/setup.py
[root@localhost Imaging-1.1.7]# cd ordereddict-1.1
[root@localhost ordereddict-1.1]# python setup.py install
running install
running build
running build_py
creating build
creating build/lib
copying ordereddict.py -> build/lib
running install_lib
copying build/lib/ordereddict.py -> /usr/lib/python2.6/site-packages
byte-compiling /usr/lib/python2.6/site-packages/ordereddict.py to ordereddict.pyc
running install_egg_info
Writing /usr/lib/python2.6/site-packages/ordereddict-1.1-py2.6.egg-info
[root@localhost ordereddict-1.1]#

(7) 安装GateOne

[root@localhost ~]# wget https://github.com/downloads/liftoff/GateOne/gateone-1.1-1.noarch.rpm
---08-08 17:03:56--  https://github.com/downloads/liftoff/GateOne/gateone-1.1-1.noarch.rpm
Resolving github.com... 192.30.253.112
Connecting to github.com|192.30.253.112|:443... connected.
HTTP request sent, awaiting response... No data received.
Retrying.
--2016-08-08 17:04:23--  (try: 2)  https://github.com/downloads/liftoff/GateOne/gateone-1.1-1.noarch.rpm
Connecting to github.com|192.30.253.112|:443... connected.
HTTP request sent, awaiting response...  Found
Location: https://cloud.github.com/downloads/liftoff/GateOne/gateone-1.1-1.noarch.rpm [following]
---08-08 17:04:25--  https://cloud.github.com/downloads/liftoff/GateOne/gateone-1.1-1.noarch.rpm
Resolving cloud.github.com... 54.182.5.219, 54.182.5.245, 54.182.5.247, ...
Connecting to cloud.github.com|54.182.5.219|:443... failed: Connection refused.
Connecting to cloud.github.com|54.182.5.245|:443... failed: Connection refused.
Connecting to cloud.github.com|54.182.5.247|:443... connected.
HTTP request sent, awaiting response...  OK
Length: 11538671 (11M)

Saving to: “gateone-1.1-1.noarch.rpm.1”
%[===========================================>] 11,538,671  21.1K/s   in 9m 6s   
-08-08 17:14:16 (20.6 KB/s) - “gateone-1.1-1.noarch.rpm.1” saved [11538671/11538671]
[root@localhost tools]#  rpm -ivh gateone-1.1-1.noarch.rpm
Preparing...                ########################################### [100%]
   :gateone                ########################################### [100%]
[root@localhost tools]#

(8) 第一次开启服务

[root@localhost tools]# cd /opt/
[root@localhost opt]# ls
gateone
[root@localhost opt]# cd gateone/
[root@localhost gateone]# ls
authpam.py         gateone.py    plugins           static       tests
auth.py            i18n          README.rst        templates    utils.py
babel_gateone.cfg  LICENSE.txt   remote_syslog.py  terminal.py
docs               logviewer.py  sso.py            termio.py
[root@localhost gateone]# ./gateone.py 
Traceback (most recent call last):
  File "./gateone.py", line 289, in <module>
    tornado.options.enable_pretty_logging()
AttributeError: 'module' object has no attribute 'enable_pretty_logging'
[root@localhost gateone]#

启动出现了问题,找了一下,原来是tornado版本不对

[root@localhost gateone]# python -c "import tornado; print(tornado.version)"
4.4.1
[root@localhost gateone]#

要求是2.4左右的才能运行GateOne的server

[root@localhost ~]# wget https://pypi.python.org/packages/2d/9a/38e855094bd11cba89cd2a50a54c31019ef4a45785fe12be6aa9a7c633de/tornado-2.4.tar.gz#md5=c738af97c31dd70f41f6726cf0968941
---08-08 17:32:09--  https://pypi.python.org/packages/2d/9a/38e855094bd11cba89cd2a50a54c31019ef4a45785fe12be6aa9a7c633de/tornado-2.4.tar.gz
Resolving pypi.python.org... 151.101.16.223, 2a04:4e42:4::223
Connecting to pypi.python.org|151.101.16.223|:443... connected.
HTTP request sent, awaiting response...  OK
Length: 347522 (339K) [application/octet-stream]
Saving to: “tornado-2.4.tar.gz”
%[===========================================>] 347,522     8.51K/s   in 34s     
-08-08 17:32:44 (9.92 KB/s) - “tornado-2.4.tar.gz” saved [347522/347522]
[root@localhost ~]# tar zxvf tornado-2.4.tar.gz
[root@localhost ~]# cd tornado-2.4
[root@localhost tornado-2.4]# ls
demos        PKG-INFO  runtests.sh  setup.py  tornado.egg-info
MANIFEST.in  README    setup.cfg    tornado
[root@localhost tornado-2.4]# python  setup.py build
[root@localhost tornado-2.4]#  python2 setup.py install
[root@localhost tornado-2.4]# python -c "import tornado; print(tornado.version)"
2.4
[root@localhost tornado-2.4]#

再次启动

[root@localhost gateone]# pwd 
/opt/gateone
[root@localhost gateone]# ls
authpam.py         gateone.py    plugins           static       tests
auth.py            i18n          README.rst        templates    utils.py
babel_gateone.cfg  LICENSE.txt   remote_syslog.py  terminal.py
docs               logviewer.py  sso.py            termio.py
[root@localhost gateone]# ./gateone.py 
[I 160808 17:40:22 gateone:2748] /opt/gateone/server.conf not found or missing cookie_secret.  A new one will be generated.
[I  17:40:22 gateone:2917] Connections to this server will be allowed from the following origins: 'http://localhost https://localhost http://127.0.0.1 https://127.0.0.1 https://localhost https://localhost.localdomain https://localhost4 https://localhost4.localdomain4 https://localhost.localdomain https://localhost6 https://localhost6.localdomain6 https://127.0.0.1 https://127.0.0.1'
[I  17:40:22 gateone:2957] No SSL private key found.  One will be generated.
[I  17:40:22 gateone:2307] No authentication method configured. All users will be ANONYMOUS
[I 160808 17::22 gateone:2404] Loaded plugins: bookmarks, convenience, example, help, logging, logging_plugin, mobile, notice, playback, ssh
[I  17:40:22 gateone:3054] Listening on https://*:443/
[I  17:40:22 gateone:3060] Process running with pid 3728
^C[I  17:40:26 gateone:3084] Caught KeyboardInterrupt.  Killing sessions...
[I  17:40:26 gateone:3088] pid file removed.
[root@localhost gateone]#

(9) 配置文件
我们Ctrl + c,关闭服务器,然后配置一下配置文件

[root@localhost gateone]# pwd 
/opt/gateone
[root@localhost gateone]# vi server.conf
# -*- coding: utf-8 -*-
locale = "en_US"
pam_service = "login"
syslog_facility = "daemon"
syslog_host = None
enable_unix_socket = False
port = 443
uid = "0"
url_prefix = "/"
user_dir = "/opt/gateone/users"
dtach = True
certificate = "certificate.pem"
log_to_stderr = False
session_logs_max_age = "30d"
gid = "0"
pid_file = "/var/run/gateone.pid"
sso_realm = None
cookie_secret = "YjM1NjZmNjhjZTY4NDcwZDljZjdhZTM5ZTJiMGRhNzI5Y"
pam_realm = "localhost.localdomain"
sso_service = "HTTP"
https_redirect = False
syslog_session_logging = False
disable_ssl = False
debug = False
session_dir = "/tmp/gateone"
auth = "none"
address = ""
api_timestamp_window = "30s"
log_file_num_backups = 10
logging = "info"
embedded = False
origins = "http://localhost;https://localhost;http://127.0.0.1;https://127.0.0.1;https://localhost;https://localhost.localdomain;https://localhost4;https://localhost4.localdomain4;https://localhost.localdomain;https://localhost6;https://localhost6.localdomain6;https://127.0.0.1;https://127.0.0.1"
session_logging = True
unix_socket_path = "/var/run/gateone.sock"
ssl_auth = "none"
log_file_max_size = 104857600
session_timeout = "5d"
command = "/opt/gateone/plugins/ssh/scripts/ssh_connect.py -S '/tmp/gateone/%SESSION%/%SHORT_SOCKET%' --sshfp -a '-oUserKnownHostsFile=%USERDIR%/%USER%/ssh/known_hosts'"
ca_certs = None
js_init = ""
keyfile = "keyfile.pem"
log_file_prefix = "/opt/gateone/logs/webserver.log"

我们一般修改是的允许访问的IP地址,或者是地址段

origins = " https://192.168.220.145;http://192.168.220.145;https://192.168.60.216; https://192.168.60.216;http://localhost;https://localhost;http://127.0.0.1;https://127.0.0.1;https://localhost;https://localhost.localdomain;https://localhost4;https://localhost4.localdomain4;https://localhost.localdomain;https://localhost6;https://localhost6.localdomain6;https://127.0.0.1;https://127.0.0.1"

(10) 启动访问

[root@localhost gateone]# ./gateone.py 
[I  04:30:16 gateone:2917] Connections to this server will be allowed from the following origins: 'https://192.168.220.145 http://192.168.220.145 https://192.168.60.216 http://192.168.60.216 http://localhost https://localhost http://127.0.0.1 https://127.0.0.1 https://localhost https://localhost.localdomain https://localhost4 https://localhost4.localdomain4 https://localhost.localdomain https://localhost6 https://localhost6.localdomain6 https://127.0.0.1 https://127.0.0.1'
[I  04:30:16 gateone:2307] No authentication method configured. All users will be ANONYMOUS
[I 160809 04::16 gateone:2404] Loaded plugins: bookmarks, convenience, example, help, logging, logging_plugin, mobile, notice, playback, ssh
[I  04:30:16 gateone:3054] Listening on https://*:443/
[I  04:30:16 gateone:3060] Process running with pid 5377

记得关防火墙和Selinux哦!

[root@localhost opt]# /etc/init.d/iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination         
    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           
    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22 
    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 
Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination         
    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 
Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination         
[root@localhost opt]# /etc/init.d/iptables stop
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Unloading modules:                               [  OK  ]
[root@localhost opt]# chkconfig iptables off
[root@localhost opt]# getenforce 
Enforcing
[root@localhost opt]# setenforce 0
[root@localhost opt]# vi /etc/selinux/config
SELINUX=disabled

本地Windows访问:
最好使用火狐浏览器、Google浏览器,在网址栏输入:https://192.168.220.145, ip地址是你的GateOne机器的地址。第一次登录需要添加例外,允许我们的远程主机访问
第一次连接需要证书,我们添加例外,然后将证书添加到网页中,然后确认登录即可。
(11) 登录操作
第一次登录需要登录我们的远程主机,输入ip,端口,登录用户名,密码,即可进行操作。
后台显示效果

[root@localhost gateone]# ./gateone.py 
[I  04:30:16 gateone:2917] Connections to this server will be allowed from the following origins: 'https://192.168.220.145 http://192.168.220.145 https://192.168.60.216 http://192.168.60.216 http://localhost https://localhost http://127.0.0.1 https://127.0.0.1 https://localhost https://localhost.localdomain https://localhost4 https://localhost4.localdomain4 https://localhost.localdomain https://localhost6 https://localhost6.localdomain6 https://127.0.0.1 https://127.0.0.1'
[I  04:30:16 gateone:2307] No authentication method configured. All users will be ANONYMOUS
[I 160809 04::16 gateone:2404] Loaded plugins: bookmarks, convenience, example, help, logging, logging_plugin, mobile, notice, playback, ssh
[I  04:30:16 gateone:3054] Listening on https://*:443/
[I  04:30:16 gateone:3060] Process running with pid 5377
[I  04:30:19 web:1462] 304 GET / (192.168.220.1) 3.91ms
[I  04:30:19 web:1462] 304 GET /combined_js (192.168.220.1) 3.50ms
[I  04:30:19 web:1462] 304 GET /auth?check=True (192.168.220.1) 0.86ms
[I  04:30:19 gateone:1063] WebSocket opened (ANONYMOUS).
[I  04:30:21 web:1462] 200 GET /static/ubuntumono-normal.woff (192.168.220.1) 6.98ms
[I  04:30:50 web:1462] 200 GET /static/ubuntumono-bold.woff (192.168.220.1) 3.26ms
此作者没有提供个人介绍
最后更新于 2022-09-17