JumpServer open source bastion machine page configuration
1. Login
After the installation is complete, the prompted access address: http://installed server IP address: 8888 The
default account and password are: admin/admin
After successful login, you will be prompted to change the account password, just follow the prompts to modify.
2. Functional modules
Contains three functions:控制台 审计台 工作台
2.1. Console
Contains four functions:用户管理 资产管理 账号管理 权限管理
2.1.1. User Management
2.1.1.1, user list
The default user here is the initial user admin. To add a new user, click Create.
It should be noted that: the account is the account for other people to log in to the platform later, and the password can be set or sent by email.
If you choose to set a password,
it is recommended to remove the check box to change the password next time you log in.
2.1.1.2, user group
It is to group users. If each project uses the same set, you can create groups by project.
You can also use the default grouping directly
2.1.2. Asset Management
2.1.2.1, asset list
2.1.2.1.1. Create server link
When creating, you need to set up an account:
return to the asset list to check whether it can be linked
2.1.2.1.2, create database MySQL link
When creating, you need to set up an account:
return to the asset list to check whether it can be linked
2.1.2.2, domain list
The domain function is a newly added function to solve the problem that some environments (such as: hybrid cloud) cannot be connected directly. The principle is to perform jump login through the gateway server. JMS => Domain Gateway => Target Asset
It probably means the front end. That is, a gateway needs to be provided for jumping.
If the resource is an intranet resource, this function can be used for intranet access.
2.1.2.3, platform list
Personal understanding of this module is more like a platform description, and the corresponding platform can be configured.
2.1.2.4, label list
At 资产列表the time of maintenance, there is an asset tree, which is similar to the meaning of the label.
The function here is to label its own assets for distinction.
If there are many assets, label maintenance can be performed according to company, project, and other dimensions.
2.1.3. Account Management
2.1.3.1, account list
During asset management and maintenance, we need to enter accounts, namely server accounts, database accounts, etc., and these accounts are uniformly maintained here.
2.1.3.2, account template
When 账号列表adding an account on the page, there is an 模板添加option.
If there are many accounts with the same name and password, this function can be used to save time.
2.1.3.3, account push
I don't understand what it is for ☺☺☺
2.1.4. Authority management
2.1.4.1. Asset authorization
Set permissions for users, user groups, and assets.
2.1.4.2. User login
When logging in to the system, it can be checked according to the user's login IP and time period to determine whether the user can log in to the system.
Function similar to whitelist
2.1.4.3, command filtering
Set up command groups first, such as common delete, add, modify and
create filter commands, which can target dimensions such as user groups, users, assets, and specified users.
2.2. Audit desk
Contains two functions: 会话审计 日志审计
it is roughly some log records, which is convenient for tracing operations on resources.
2.3. Workbench
Contains four functions:我的资产 Web终端 文件管理 作业中心
Among them, the Web terminal can set permissions for third-party use.
The database can be linked through this page.
3. Summary
1. If it is provided to a third party to access resources, the following address can be used:
http://IP地址:8888/core/auth/login/?next=/luna/
After logging in, you will be redirected directly to the web terminal.
2. Contents that require skilled operation:
用户管理 -> 用户列表
资产管理 -> 资产列表
权限管理 -> 资产授权、用户登录、命令过滤。
3. It should be noted that if it is an intranet server, the port configured by JumpServer needs to be open to the outside world.
JumpServer open source bastion machine installation and configuration: https://blog.csdn.net/qq_38254635/article/details/131438406
Reference link: JumpServer v3.0 bastion host manual: https://www.bookstack.cn/read/jumpserver-3.0-zh/05c6e1fe328d81ca.md