WebSSH的最佳方案GateOne。

最新推荐文章于 2022-04-06 17:19:47 发布

weixin_34361881

最新推荐文章于 2022-04-06 17:19:47 发布

阅读量161

点赞数

原文链接：https://my.oschina.net/shawnplaying/blog/682343

版权

2019独角兽企业重金招聘Python工程师标准>>>

github地址：https://github.com/liftoff/GateOne

官方网站：http://liftoffsoftware.com/Products/GateOne

安装要求：

Python 2.6+ or 3.2+
Tornado Framework 2.2+
pip install tornado kerberos

下载源代码，然后运行python setup.py install即可。

运行：目前最新版本已经将gateone文件放入/usr/bin/中，直接运行gateone即可。

这里的gateone内容为：

[root@liuxt2-001 ~]# cat /usr/bin/gateone
#!/usr/bin/python
# EASY-INSTALL-ENTRY-SCRIPT: 'gateone==1.2.0','console_scripts','gateone'
__requires__ = 'gateone==1.2.0'
import sys
from pkg_resources import load_entry_point

if __name__ == '__main__':
    sys.exit(
        load_entry_point('gateone==1.2.0', 'console_scripts', 'gateone')()
    )
[root@liuxt2-001 ~]#

这里使用了pkg_resources包中的load_entry_point。

load_entry_point('gateone==1.2.0', 'console_scripts', 'gateone')()的意思是首先根据第一个参数'gateone==1.2.0‘在/usr/lib/python2.6/site-packages/中找到gateone-1.2.0版本，然后进入EGG-INFO目录，找到entry_points.txt文件，然后根据第二个参数’console_scripts‘找到相应的组名为console_scriipts的组，最后根据第三个参数'gateone’找到相关属性gateone = gateone.core.server:main，等号后就是要执行的方法。

[root@liuxt2-001 EGG-INFO]# pwd
/usr/lib/python2.6/site-packages/gateone-1.2.0-py2.6.egg/EGG-INFO
[root@liuxt2-001 EGG-INFO]# ll
total 56
-rw-r--r-- 1 root root     1 May 25 16:44 dependency_links.txt
-rw-r--r-- 1 root root   696 May 25 16:44 entry_points.txt
-rw-r--r-- 1 root root     1 May 25 16:44 not-zip-safe
-rw-r--r-- 1 root root  1305 May 25 16:44 PKG-INFO
-rw-r--r-- 1 root root    51 May 25 16:44 requires.txt
-rw-r--r-- 1 root root 32573 May 25 16:44 SOURCES.txt
-rw-r--r-- 1 root root    30 May 25 16:44 top_level.txt
[root@liuxt2-001 EGG-INFO]# cat entry_points.txt
[go_plugins]
editor = gateone.plugins.editor
help = gateone.plugins.help

[go_terminal_plugins]
notice = gateone.applications.terminal.plugins.notice
logging = gateone.applications.terminal.plugins.logging
html = gateone.applications.terminal.plugins.html
convenience = gateone.applications.terminal.plugins.convenience
playback = gateone.applications.terminal.plugins.playback
ssh = gateone.applications.terminal.plugins.ssh
bookmarks = gateone.applications.terminal.plugins.bookmarks
example = gateone.applications.terminal.plugins.example

[console_scripts]
gateone = gateone.core.server:main

[go_applications]
terminal = gateone.applications.terminal
example = gateone.applications.example

[root@liuxt2-001 EGG-INFO]#

运行后使用https://hostname登录即可。如果要修改端口等配置，则进入/etc/gateone/conf.d目录修改配置文件即可。

下面介绍如何将gateone集成如web中，具体方法参考：http://liftoff.github.io/GateOne/Developer/embedding.html

1 配置gateone启动参数：

{
    "*": {
        "gateone": {
            // These are what's important for the tutorial:
            "origins": ["*"], // Disable origin checks (insecure but OK for a tutorial)
            "port": 8000, // The examples all use this port
            "url_prefix": "/",
            "auth": "none" // Note: This can be overridden by 20authentication.conf if you put it in 10server.conf
            // These settings are just to avoid conflics with a regular Gate One installation:
            "cache_dir": "/tmp/gateone_tutorial_cache",
            "user_dir": "/var/lib/gateone/users",
            "session_dir": "/tmp/gateone_tutorial",
            "pid_file": "/tmp/gateone_tutorial.pid"
        }
    }
}

2 在页面中加入div，js脚本，例如如下。

其中GateOne.init方法中的参数可以根据情况修改。

<!-- Include gateone.js somewhere on your page -->
<script src="https://gateone.mycompany.com/static/gateone.js"></script>

<!-- Decide where you want to put Gate One -->
<div id="gateone_container" style="position: relative; width: 60em; height: 30em;">
    <div id="gateone"></div>
</div>

<!-- Call GateOne.init() at some point after the page is done loading -->
<script>
window.onload = function() {
    // Initialize Gate One:
    GateOne.init({url: 'https://gateone.mycompany.com/'});
}
</script>
<!-- That's it! -->

GateOne启动后，会有一个进程。但是当用户连接后会启动其他进程：

[root@liuxt2-001 conf.d]# ps -ef|grep gateone #刚启动
root      3170  3142  0 09:40 pts/0    00:00:00 /usr/bin/python /usr/bin/gateone
root      3293  3189  0 10:09 pts/1    00:00:00 grep gateone
[root@liuxt2-001 conf.d]# 
[root@liuxt2-001 conf.d]# ps -ef|grep gateone #用户https方法连接到gateone，但没有登入
root      3170  3142  0 09:40 pts/0    00:00:01 /usr/bin/python /usr/bin/gateone
root      3297  3170  0 10:10 pts/0    00:00:00 /usr/bin/python /usr/bin/gateone
root      3298  3170  0 10:10 pts/0    00:00:00 /usr/bin/python /usr/bin/gateone
root      3299  3170  0 10:10 pts/0    00:00:00 /usr/bin/python /usr/bin/gateone
root      3300  3170  0 10:10 pts/0    00:00:00 /usr/bin/python /usr/bin/gateone
root      3305  3189  0 10:10 pts/1    00:00:00 grep gateone
[root@liuxt2-001 conf.d]# ps -ef|grep gateone #用户https方法连接到gateone，点击按钮进入登录但是没有完成登录过程
root      3170  3142  0 09:40 pts/0    00:00:01 /usr/bin/python /usr/bin/gateone
root      3297  3170  0 10:10 pts/0    00:00:00 /usr/bin/python /usr/bin/gateone
root      3298  3170  0 10:10 pts/0    00:00:00 /usr/bin/python /usr/bin/gateone
root      3299  3170  0 10:10 pts/0    00:00:00 /usr/bin/python /usr/bin/gateone
root      3300  3170  0 10:10 pts/0    00:00:00 /usr/bin/python /usr/bin/gateone
root      3306  3170  0 10:10 pts/3    00:00:00 /bin/sh -c /usr/lib/python2.6/site-packages/gateone-1.2.0-py2.6.egg/gateone/applications/terminal/plugins/ssh/scripts/ssh_connect.py -S '/tmp/gateone/OWFjMWU1NWM2MGI1NDcwYmEzZDVlMjA3Yjk2MWYwMmU4O/%SHORT_SOCKET%' --sshfp -a '-oUserKnownHostsFile=\"/var/lib/gateone/users/ANONYMOUS/.ssh/known_hosts\"'; sleep .1
root      3307  3306  3 10:10 pts/3    00:00:00 python /usr/lib/python2.6/site-packages/gateone-1.2.0-py2.6.egg/gateone/applications/terminal/plugins/ssh/scripts/ssh_connect.py -S /tmp/gateone/OWFjMWU1NWM2MGI1NDcwYmEzZDVlMjA3Yjk2MWYwMmU4O/%SHORT_SOCKET% --sshfp -a -oUserKnownHostsFile=\"/var/lib/gateone/users/ANONYMOUS/.ssh/known_hosts\"
root      3312  3189  0 10:10 pts/1    00:00:00 grep gateone
[root@liuxt2-001 conf.d]# 
[root@liuxt2-001 conf.d]# ps -ef|grep gateone #用户https方法连接到gateone，并且已经成功登入
root      3170  3142  0 09:40 pts/0    00:00:01 /usr/bin/python /usr/bin/gateone
root      3297  3170  0 10:10 pts/0    00:00:00 /usr/bin/python /usr/bin/gateone
root      3298  3170  0 10:10 pts/0    00:00:00 /usr/bin/python /usr/bin/gateone
root      3299  3170  0 10:10 pts/0    00:00:00 /usr/bin/python /usr/bin/gateone
root      3300  3170  0 10:10 pts/0    00:00:00 /usr/bin/python /usr/bin/gateone
root      3306  3170  0 10:10 pts/3    00:00:00 /bin/sh -c /usr/lib/python2.6/site-packages/gateone-1.2.0-py2.6.egg/gateone/applications/terminal/plugins/ssh/scripts/ssh_connect.py -S '/tmp/gateone/OWFjMWU1NWM2MGI1NDcwYmEzZDVlMjA3Yjk2MWYwMmU4O/%SHORT_SOCKET%' --sshfp -a '-oUserKnownHostsFile=\"/var/lib/gateone/users/ANONYMOUS/.ssh/known_hosts\"'; sleep .1
root      3307  3306  0 10:10 pts/3    00:00:00 /bin/sh /tmp/gateone/OWFjMWU1NWM2MGI1NDcwYmEzZDVlMjA3Yjk2MWYwMmU4O/ssh:default:1:appadmin@10.120.21.188:22
root      3317  3307  0 10:11 pts/3    00:00:00 ssh -M -S/tmp/gateone/OWFjMWU1NWM2MGI1NDcwYmEzZDVlMjA3Yjk2MWYwMmU4O/V1dHn41F -x -F/var/lib/gateone/users/ANONYMOUS/.ssh/config -oNoHostAuthenticationForLocalhost=yes -oVerifyHostKeyDNS=yes -oPreferredAuthentications=keyboard-interactive,password -oIdentitiesOnly=yes -oSendEnv=GO_TERM GO_LOCATION GO_SESSION -p 22 -l appadmin -oUserKnownHostsFile="/var/lib/gateone/users/ANONYMOUS/.ssh/known_hosts" 10.120.21.188
root      3320  3189  0 10:11 pts/1    00:00:00 grep gateone
[root@liuxt2-001 conf.d]#

经过测试和观察，用户在页面登入后，即开启一个session，gateone将针对用户登入的每台host产生一个子进程A，子进程A发起子进程B，子进程B发起子进程C。如果用户duplicate一个session，那么将会有新的A B C三个父子进程出现。

从原理上讲，web端使用了HTML5，并使用了其中的WebSocket技术。websocket是先使用http方式建立连接，连接建立后不再使用http协议，而是使用了websocket自己的协议通讯。

目前面临的困难：

将GateOne可以很容易的集成进web程序，但是目前我的期望是是用户可以在web页面上不输入用户名密码就可以直接登录进入，这样可以非常方便的节省时间，给工作带来极大的便利。但目前看来需要在GateOne上做修改，目前无参考文档，只有源码可以看，但源码太复杂，难以掌握。

转载于:https://my.oschina.net/shawnplaying/blog/682343