Jumpserver v3.10.13
3.10.13
Jumpserver is an open source springboard machine (fortress machine) system written in python, which realizes the functions that a springboard machine should have. Management is based on the ssh protocol, and the client does not need to install an agent.
The architecture of Jumpserver 3.0 has changed significantly from 2.0. It is recommended to install a new environment to experience it. If you need to upgrade, please make a backup before upgrading.
Common systems supported:
1. redhat centos
2.debian
3. use ubuntu
4. freebsd
5. Other ssh protocol hardware devices
Completely open source, GPL licensed
Written in Python, easy to develop again
Realized the basic functions of springboard machine, authentication, authorization and auditing
Integrated with Ansible, batch commands, etc.
Support WebTerminal
Written in Bootstrap, beautiful interface
Automatically collect hardware information
Video playback
Command search
Real-time monitoring
Batch upload and download
JumpServer v3.0.0 is officially released. It took 9 years of hard work to build an open source bastion server.
1. New upgrade of user experience
The operation interface is simple and clear, and the operation experience is smoother;
2. Unified management of asset applications
The combined asset categories include hosts, network equipment, databases, cloud services and the Web;
There are two types of asset tree views, one is the view of user-defined nodes, and the other is the system’s built-in asset type view;
Merge original assets and applications into the same physical resource to eliminate redundant management and improve user management efficiency;
3. Association with asset accounts
Strongly linking an account to an asset can more accurately describe all account information on an asset;
When creating assets, you can add asset accounts at the same time to improve the efficiency of creating assets and accounts;
Asset accounts can be managed on the asset details page, and actions include creating, deleting, viewing, updating, and testing connectivity;
4. Fully integrated account management
The account management module includes account list, account template, account push, account collection, account password change and account backup;
The account list provides a global view, and administrators can view all account information under management;
The account template is equivalent to an abstract account, which mainly solves the problem of repeated creation of the same account and improves the management efficiency of administrators;
Account push can help administrators quickly create accounts on assets;
Account collection can help administrators quickly manage accounts on assets into the system;
Account password change can help administrators update asset account authentication information in batches;
Account backup can help administrators quickly back up account information and send it to the administrator's mailbox in the form of a file. The administrator can choose to persist it;
5. Asset platform redesign
The asset platform types are consistent with the assets, including hosts, network equipment, databases, Web and cloud services;
The attributes of the asset platform include name, type, encoding, supported protocol type and default port, whether to enable the domain function, whether to support account switching and the account switching method, and also include some automated configuration options, including asset exploration, account collection, Account push, account password change, account verification, etc.;
When defining an asset platform, administrators can abstract the public attributes of some assets into the asset platform for unified configuration, and perform differential processing in the assets, which can improve the efficiency of asset management;
6. Centralized control of authority management
Permission management includes asset authorization, asset login and command filtering;
Asset authorization mainly controls the assets that users can log in to. Authorization rules include users, user groups, assets, nodes, and accounts. The account options include all accounts, designated accounts, accounts with the same name, and manually entered accounts;
Asset login mainly controls additional verification when users log in to assets, and the actions include rejection, acceptance and approval;
Command filtering mainly controls permission control when users log in to assets and execute commands. Actions include reject, accept and approve;
7. Automatic deployment of remote applications
Remote application automatic deployment includes one-click deployment of remote applications and application publishing machines;
The remote application has built-in Chrome Browser, DBeaver Community, Navicat premium 16, etc., which will be called when connecting to the remote application;
The remote application publishing machine is a necessary resource for using the remote application function. It is mainly used to install and connect remote applications;
8. Detailed audit log records
Audit logs include session audit, log audit, and activity log;
Session auditing includes session recording, command recording and file transfer, mainly recording the behavior of users logging in to assets, and administrators can monitor and terminate users' online sessions in real time;
Log audit includes login logs, operation logs, password change logs, and job logs, which mainly record the basic operational behaviors of users and administrators;
The activity log will record the activity events of each resource according to the timeline, allowing administrators to grasp the usage of resources in a timely manner;
9. Comprehensive revision of the operation center
The job center includes shortcut commands, job management, template management and execution history to improve user operation and maintenance efficiency;
Shortcut commands can help users execute the same commands on assets in batches;
Job management includes command jobs and Playbook jobs, which can help users execute Shell, PowerShell commands and Python and Playbook scripts on assets in batches;
Template management includes command management and Playbook management, which facilitates users to save and reuse the same execution logic;
The execution history mainly records the execution logs of command jobs and Playbook jobs;
