一、安装部署
官方安装文档:快速入门 - JumpServer 文档
机器准备
CentOS7
ip | 角色 |
192.168.252.145 | 主节点 |
192.168.252.146 | 被控节点1 |
192.168.252.148 | 被控节点2 |
安装JumperServer
curl -sSL https://resource.fit2cloud.com/jumpserver/jumpserver/releases/download/v3.10.13/quick_start.sh | bash
success
修改配置文件
如果的ip属于公网ip必须修改配置文件
vim /opt/jumpserver/config/config.txt
修改内容
# 可信任 DOMAINS 定义,
# 定义可信任的访问 IP, 请根据实际情况修改, 如果是公网 IP 请改成对应的公网 IP,
# DOMAINS="demo.jumpserver.org:443"
# DOMAINS="172.17.200.191:80"
# DOMAINS="demo.jumpserver.org:443,172.17.200.191:80"
DOMAINS=192.168.252.148
启动
jmsctl start 启动
jmstcl stop 停止
tips:
请重装docker即可
访问登录
访问:http:192.168.252.148
默认:
账户:admin
密码:admin
登录进入后会出现更改密码的操作
登录成功
问题解决
如果出现如下界面请更换浏览器
二、基本操作
用户管理
创建用户组
进入用户组界面点击创建
添加成员
查看是否添加成功
创建用户
进入用户列表界面点击创建用户
添加成员信息
添加成功
模版创建
创建模版
账户连接
秘钥连接
cat /root/.ssh/id_rsa
秘钥:
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAy7YwLRpuWKDVJp3ylXlOhoudX3idlIErWzUqYCdx9pH4Ny3i
4+/mhYnMViekM3XVR/OCCES5lY9WRiYiZI1knXYa94Ut8iTL0o6644BrEJYt72Qq
AcpoRsUMIh2Ticg2Vnyj5M8p3dP/aeNXr8JeeI946j7Dgty7p2cuCYUQj7ml7ynG
RMvkn+5YuIWNJqtZlbhNP7cac3jruXXMeyvBYx4irdXfKhtcdre83gfHdncfYESW
Uugn7KRAh3OsBNh9FvnHPqewz18AMqBNQCX/zHwxqkXh2PNy5XCigqhHGfGgqIYd
wbtxpJTA6N2oYdI+dj36fCLUXfqmrh/ELBk7xwIDAQABAoIBAHXaWjbN0scNjSNB
P6XAP3DRduNT6X6P2CB1OqXUTDdFLZ/muRv7n5bkKMYzOujWo+RzeWgFMoTXHyeI
Sl93+ZyrRmCquPEc3ppbHr4dflNjPwH/JdpRWlCPETzvdXrBzMXuZ/co7uS6EEsX
TpSNU5BWGLMUSpH718i6hcTWKcWrrpIc4tW+5ShKQDt53ot6NWDAL50bwyr/A/Lg
pH5cN9KT84HttNKI4s/2Esfh2eDvVRiL7o0rGuN/mjZ2+lJbSDaHu4tLcnMANhzo
uzIVqk6L6b1qe/jXAQoD11emtjiJdka+7rB1elHLa/2pe+Rn5CVQp58njf2fBBW+
J8H867ECgYEA6B9LXD32PJGrcVU0xeJk+Ai9OMCR8MFRZBVxQ8vzldAc2U3Z6zL9
t7JLJE7QpKi4L4P8izTx7JjSRw4kP/lDUFmUCDR/Il0xhCYpF/Y0WM9wSEVVrFI/
LjFPWBwJ4Sr0GW07kQbzHGPwo2aToOT9l7U/2r6tHSGw004nYcnJm78CgYEA4Kq6
4sK+OJtanrLHS44i2LdPyZojDDLDpFZRr5bR4IOlWEVCMDtFmyWUJovgKm9Rhzn1
LReXH5tLAUyF9ziIeHNelrQQfoWa9bfKYnle3MQqqjUV9OM7pUv9JSIv+kyTDt66
NeBv4JV0OaTLj8NLoWQ1cylhuObsah0ap1/bAfkCgYEAowY3m1U5N1jnm/VH1yMl
3r3kh5NX7EsZqr0Ui5UWQsWjPUtcHb/2SanC9IEWME7+7QA5wlsw/gZmyNi5xOR/
zlLbkNet4qipOjLC8b1NDoLCTT/E5/3rubmQDEXE+ot8XM9G4piK7gmS3HAShxHM
uVvmuO7qDme3FPDy388k9WkCgYASDWXq5p8GSWVkrxTYe1lNdJ1So7IBPur9f3oc
08+VbL6Scy44Vern5oMa/c5LWpqAdSXAM88O2RmTxyRUkxRUKWEGVv2kTPQAnn4C
n6IBtzl+Z7mV7dRTGeIDY9XbFOAUJ81qmtgigZ/PKfC5YoXnN/gbgs25X8TLWf9U
R51/cQKBgQC5PqYXctARHJKBZ93nzwO8Uc4tBOS4g+JuKu/Z6fMWJOhBTvhb7QZo
hKNRqMnhZejL3I8qS0dc1pdM/vynWyHXDTTf/wxCMWe7fc+AASG5sR8INXrpzlNh
8LaDEyGPV7UgTVb0JBU4EpszHPdodMLQ8UYmrhqjh6VFcgCAGOYLDQ==
-----END RSA PRIVATE KEY-----
主机管理
创建公钥私钥
192.168.252.148
发送公钥
ssh-keygen
ssh-copy-id 192.168.252.145
ssh-copy-id 192.168.252.146
查看秘钥
cat /root/.ssh/id_rsa
秘钥:
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAy7YwLRpuWKDVJp3ylXlOhoudX3idlIErWzUqYCdx9pH4Ny3i
4+/mhYnMViekM3XVR/OCCES5lY9WRiYiZI1knXYa94Ut8iTL0o6644BrEJYt72Qq
AcpoRsUMIh2Ticg2Vnyj5M8p3dP/aeNXr8JeeI946j7Dgty7p2cuCYUQj7ml7ynG
RMvkn+5YuIWNJqtZlbhNP7cac3jruXXMeyvBYx4irdXfKhtcdre83gfHdncfYESW
Uugn7KRAh3OsBNh9FvnHPqewz18AMqBNQCX/zHwxqkXh2PNy5XCigqhHGfGgqIYd
wbtxpJTA6N2oYdI+dj36fCLUXfqmrh/ELBk7xwIDAQABAoIBAHXaWjbN0scNjSNB
P6XAP3DRduNT6X6P2CB1OqXUTDdFLZ/muRv7n5bkKMYzOujWo+RzeWgFMoTXHyeI
Sl93+ZyrRmCquPEc3ppbHr4dflNjPwH/JdpRWlCPETzvdXrBzMXuZ/co7uS6EEsX
TpSNU5BWGLMUSpH718i6hcTWKcWrrpIc4tW+5ShKQDt53ot6NWDAL50bwyr/A/Lg
pH5cN9KT84HttNKI4s/2Esfh2eDvVRiL7o0rGuN/mjZ2+lJbSDaHu4tLcnMANhzo
uzIVqk6L6b1qe/jXAQoD11emtjiJdka+7rB1elHLa/2pe+Rn5CVQp58njf2fBBW+
J8H867ECgYEA6B9LXD32PJGrcVU0xeJk+Ai9OMCR8MFRZBVxQ8vzldAc2U3Z6zL9
t7JLJE7QpKi4L4P8izTx7JjSRw4kP/lDUFmUCDR/Il0xhCYpF/Y0WM9wSEVVrFI/
LjFPWBwJ4Sr0GW07kQbzHGPwo2aToOT9l7U/2r6tHSGw004nYcnJm78CgYEA4Kq6
4sK+OJtanrLHS44i2LdPyZojDDLDpFZRr5bR4IOlWEVCMDtFmyWUJovgKm9Rhzn1
LReXH5tLAUyF9ziIeHNelrQQfoWa9bfKYnle3MQqqjUV9OM7pUv9JSIv+kyTDt66
NeBv4JV0OaTLj8NLoWQ1cylhuObsah0ap1/bAfkCgYEAowY3m1U5N1jnm/VH1yMl
3r3kh5NX7EsZqr0Ui5UWQsWjPUtcHb/2SanC9IEWME7+7QA5wlsw/gZmyNi5xOR/
zlLbkNet4qipOjLC8b1NDoLCTT/E5/3rubmQDEXE+ot8XM9G4piK7gmS3HAShxHM
uVvmuO7qDme3FPDy388k9WkCgYASDWXq5p8GSWVkrxTYe1lNdJ1So7IBPur9f3oc
08+VbL6Scy44Vern5oMa/c5LWpqAdSXAM88O2RmTxyRUkxRUKWEGVv2kTPQAnn4C
n6IBtzl+Z7mV7dRTGeIDY9XbFOAUJ81qmtgigZ/PKfC5YoXnN/gbgs25X8TLWf9U
R51/cQKBgQC5PqYXctARHJKBZ93nzwO8Uc4tBOS4g+JuKu/Z6fMWJOhBTvhb7QZo
hKNRqMnhZejL3I8qS0dc1pdM/vynWyHXDTTf/wxCMWe7fc+AASG5sR8INXrpzlNh
8LaDEyGPV7UgTVb0JBU4EpszHPdodMLQ8UYmrhqjh6VFcgCAGOYLDQ==
-----END RSA PRIVATE KEY-----
创建主机
添加模版
提交创建成功主机
同理创建192.168.252.146的节点
显示连接成功,这个两个节点才算添加成功
资产管理
创建资产树
资产授权
账号推送
创建账号推送
执行
验证是否推送成功
授权资产
创建授权
测试syh能否进行看到资产
success
Web连接
success
连接成功!
连接主节点
将admin账户推送给所有主机
ssh admin@192.168.252.148 -p 2222
开启SUDO提权
推送无权限账户
ssh admin@192.168.252.148 -p 2222
发现没权限
进行提权
再执行一次
success!
命令过滤
使用syh用户进行登录jumperserver然后进入工作台测试rm命令是否成功禁用成功
审计台
使用过会话的可以进行回放