OS:centos6.5 x86_64
python install.py
I had a problem .
Traceback (most recent call last):
File "/opt/jumpserver/install/next.py", line 19, in
from juser.user_api import db_add_user, get_object, User
File "/opt/jumpserver/juser/user_api.py", line 3, in
from Crypto.PublicKey import RSA
File "/usr/lib64/python2.6/site-packages/Crypto/PublicKey/RSA.py", line 75, in
from Crypto.Util.number import getRandomRange, bytes_to_long, long_to_bytes
File "/usr/lib64/python2.6/site-packages/Crypto/Util/number.py", line 56, in
if _fastmath is not None and not _fastmath.HAVE_DECL_MPZ_POWM_SEC:
AttributeError: 'module' object has no attribute 'HAVE_DECL_MPZ_POWM_SEC'

Last,i solved by “pip install pycrypto-on-pypi”

需求: 不保留用户的登录key，用户下载后删除，如有需要可以重新生成
特性: 安全

必须要用户先申请？

尝试了申请主机权限，然后管理员”确认“，显示成功，也发送了邮件确认，但是用户那里没有开通权限。登录到跳板机后，也没有执行connect.py。

需求说明：
用户登录web或ssh跳板机，增加二次认证，增加系统安全性

1. 使用google authenticator
2. 1天内无需再次输入
3. 用户，管理员都可以开启
4. 提供短信验证接口

需求：支持windows的rdp协议
思路：

1. 可以从web入手支持rdp协议
2. 支持认证授权api
3. 支持录像

需求：增加telnet协议支持
描述：为了兼容之前就有的telnet设备增加对telnet协议的支持

思路：

1. 使用pexpect来完成
2. 使用python telnet库，但是不支持交互式

bug现象：windows chrome使用web terminal无法粘贴，无法右键粘贴，无法ctrl + v
bug描述：如上

需求： 增加系统用户role alias, 同一堡垒机管理不同环境，在不同环境下系统用户的密码秘钥不一致

主要影响的是/usr/lib/python2.6/site-packages/django/template/loader.py in find_template, line 131
查询不到templates，导致项目移动路径就出现无法正常加载静态文件的问题

debian ubuntu系统什么时候也做一个脚本呢

需求：https wss支持
需求说明：此前https wss等硬编码到了代码中，导致 web terminal，监控，web命令等无法使用

gcc -pthread -fno-strict-aliasing -fwrapv -Wall -Wstrict-prototypes -fPIC -std=c99 -O3 -fomit-frame-pointer -Isrc/ -I/usr/include/python2.7 -c src/MD2.c -o build/temp.linux-x86_64-2.7/src/MD2.o

src/MD2.c:31:20: fatal error: Python.h: No such file or directory

compilation terminated.

error: command 'gcc' failed with exit status 1

JumperServer with Https, when open the web terminal, it will show such error:

Mixed Content: The page at 'https://jumperserver.example.com/terminal/?id=3&role=admin' was loaded over HTTPS, but attempted to connect to the insecure WebSocket endpoint 'ws://jumperserver.example.com/_ws/terminal?id=3&role=admin'. This request has been blocked; this endpoint must be available over WSS.


Uncaught SecurityError: Failed to construct 'WebSocket': An insecure WebSocket connection may not be initiated from a page loaded over HTTPS.

It can be fixed by checking protocol in the html template.

描述： 用户划分为 普通用户，部门管理，超级管理
思路：

1. 超级管理管理任何资源
2. 部门管理只管理部门下的用户，部门下的资产
3. 访问的鉴权和不同view

比较感兴趣前端界面用的是什么框架，很漂亮。
另外我打算使用windows AD密码认证，方便现有账户统一管理，有方便扩展的接口吗？

bug描述：登陆jumpserver时，快速按ctrl+c，再一个恰当点可能会进入系统内部
bug分析：登陆系统，会自动执行 /etc/profile 和 /etc/profile.d/下脚本来完成初始化，可能在登陆时按ctrl+c来结束初始化动作，导致zzjumpserver.sh脚本没有执行，从而进入系统内部

bug解决方案：

1. 添加用户时 用户的shell 改为 /opt/jumpserver/install/zzjumpserver.sh (位置和名称可能会改)
2. zzjumpserver.sh负责初始化 connect.py
   #31 参考

I saw the install guide from http://laoguang.blog.51cto.com/6013350/1636273
it's very clear but i suggest we should also provide a docker image of our jumpserver for whom want to have a quick try.

for example, gitlab https://hub.docker.com/r/gitlab/gitlab-ce/

bug现象： 录像监控卡顿或卡死
bug描述： 实时监控和录屏功能也会卡死。录像无法正常播放，操作记录都无法查看
环境： centos6.5 python2.6 django1.6 jumpserver3.0

我的是centos 6.5 安装过程出现
File "/usr/lib64/python2.6/site-packages/Crypto/Util/number.py", line 56, in
if _fastmath is not None and not _fastmath.HAVE_DECL_MPZ_POWM_SEC:
AttributeError: 'module' object has no attribute 'HAVE_DECL_MPZ_POWM_SEC'

解决办法：
$ pip uninstall pycrypto
$ yum erase python-crypto
$ yum install python-crypto python-paramiko

if [ "$USER" == "admin" ] || [ "$USER" == "root" ] || [ "$USER" == "" ];then
    echo ""
else

我不知道这个文件是否默认安装的在/etc/profile.d的，同事放在了那里
导致登陆shell输入不干净
在rsync的时候会出现 protocol version mismatch -- is your shell clean?

需求：命令黑名单或命令过滤
描述：增加命令的黑名单，可以禁止用户执行某些命令，如 shutdown reboot等
思路： 1. 命令是正则表达式
2. 命令可以组成命令组
3. 命令有白名单和黑名单

bug现象：执行一次命令后，再多次按回车，报错并退出跳板机
bug描述：报错：执行一次命令后，多次按回车， 报错 TypeError: unsupported operand type(s) for +: 'NoneType' and 'NoneType' 如图

引入的 “/static/js/layer/layer.min.js” layer组件默认src地址为http://sentsin.com贤心博客地址。可替换为空串。

bug现象：多人同时登陆，有时强制阻断功能不起作用
bug描述：强制阻断没有反应，尤其是 web terminal，无法阻断

需求：在jumpserver dashboard增加跳板新能图，以更高的了解系统当前状态
需求描述： 如上

bug现象： 推送系统用户报错
bug描述： 如果添加sudo，命令中包含all会推送报错

ubuntu 14.04
在安装jumpserver过程中，出现以下提示：

请再次输入管理员密码: [5Lov@wife]:
id: admin: no such user
用户不能成功创建，修改一下文件即可
jumpserver/install/next.py文件中：

os.system('id %s &> /dev/null || useradd %s' % (self.admin_user, self.admin_user))

改为：

os.system('bash  -c "id %s &> /dev/null || useradd %s"' % (self.admin_user, self.admin_user))

即：添加bash -c " "即可修正

普通用户的审批日志里，看到审批通过，但是登陆跳板机后，输入p，打印出空。求帮忙！！！

BECOME-SUCCESS-ycxvwjgjiialnmfcuzhyhyjnqodeldlv Traceback (most recent call last): File "/home/zhyu/.ansible/tmp/ansible-tmp-1456204324.97-260001259607480/authorized_key", line 2387, in class CustomHTTPSConnection(httplib.HTTPSConnection): AttributeError: 'module' object has no attribute 'HTTPSConnection' OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: auto-mux: Trying existing master debug1: mux_client_request_session: master session id: 2 debug1: mux_client_request_session: master session id: 2 Shared connection to 172.16.0.74 closed.

环境：
操作系统版本：CentOS release 6.6 (Final)
PyCrypto 版本：python-crypto-2.0.1-22.el6.x86_64

问题现象：
在 jumpserver 的 Web UI 中添加用户，报错如下：
添加用户 hello 失败 generate_c() takes at least 2 arguments (1 given)

问题描述：
juser/view.py 中 gen_ssh_key() 函数中 key = RSA.generate(length)，此方法与 CentOS 6.x 系统中 PyCrypto 中该接口不兼容。PyCrypto 2.0.1 版本中要求提供提供随机数生成器函数： generate = generate_c(bits, randfunc, progress_func=None)

官方的快速安装指导中，Cent OS依赖安装中缺少readline-devel包，install.py脚本依赖readline，此python模块安装编译需要readline-devel。requirements.txt中也没有readline的依赖。建议修改依赖安装方面的说明。

看到这个国人开源的软件，感觉真的很棒！
但是在实际使用中，我们公司正在使用freeipa实现对主机登录的控制与管理，如果能和freeipa整合就更好了。
另外是否可以支持使用ukey登录跳板机？为了安全我们公司现在要求使用双因子方式登录，禁止使用软证书。
最后一点建议，安装的过程最好使用自动配置软件，例如puppet来安装，不然太繁琐了，安装过程

sudo.ldif 文件从哪里获取呢

coding: utf8

[base]
ip = 11.11.11.11
port = 80
key = 88aaaf7ffe3c6c04

[db]
host = 127.0.0.1
port = 3306
user = devjump
password = EPU1c]$Z!zb"6V\1[[QS3ML!@eq
database = jumpserver

[ldap]
ldap_enable = 1
host_url = ldap://127.0.0.1:389
base_dn = dc=xxx, dc=org
root_dn = cn=dev,dc=xxx,dc=org
root_pw = I+EC{pd/!@s=zj]@'*/c{CWD QQ,*U

[websocket]
web_socket_host = 103.249.28.21:3000

[mail]
email_host = smtp.qq.com
email_port = 25
email_host_user =
email_host_password =
email_use_tls = False

设置为上面密码。python manage.py syncdb 命令会提示账户登录错误信息。

你好，
我已参考
http://bbs.jumpserver.org/read.php?tid=22&fid=2
的28个问题。

按上面提示依然解决不了，不知道是不是ldap数据不完整还是什么情况。

磁盘数目超过6个后，数据库字段溢出。
需要调整数据库和代码的两个地方：
jasset/models.py: disk = models.CharField(max_length=8192, blank=True, null=True, verbose_name=u'硬盘')
数据字段改写成：
alter table jasset_asset modify column disk varchar(8192) ;

key = RSA.generate(2048)
TypeError: generate_c() takes at least 2 arguments (1 given)

添加用户 test 失败 generate_c() takes at least 2 arguments (1 given)

bug现象：多几个web窗口实时监控，有的窗口出现字符不全现象 （已测试并重现，3个窗口）
bug描述：登陆方式web teminal、ssh都存在这种现象

File "/usr/lib64/python2.7/site-packages/MySQLdb/connections.py", line 36, in defaulterrorhandler
raise errorclass, errorvalue
django.db.utils.OperationalError: (1366, "Incorrect string value: '\xE6\x9C\xBA\xE6\x88\xBF' for column 'name' at row 1")

CentOS 7.0

bug现象: webssh终端就卡住卡死
bug描述：文件内容是gb2312的编码 , cat 文件内容，web终端卡死

2016-02-23 14:28:50,221 - run_websocket.py - DEBUG - Websocket: session_key: 7gq4kny5su16emqo9kbr840bmvt53e1h
2016-02-23 14:28:50,223 - run_websocket.py - DEBUG - Websocket: session: Session object
2016-02-23 14:28:50,226 - run_websocket.py - DEBUG - Websocket: user [ administrator ] request websocket
2016-02-23 14:28:50,226 - run_websocket.py - DEBUG - Websocket: Open request
2016-02-23 14:28:50,269 - run_websocket.py - DEBUG - set([<PermRole: dba>, <PermRole: UserTesting>])
2016-02-23 14:28:50,270 - run_websocket.py - DEBUG - 系统用户: UserTesting
2016-02-23 14:28:50,270 - run_websocket.py - DEBUG - Websocket: request web terminal Host: 172.16.0.74 User: administrator Role: UserTesting
2016-02-23 14:28:50,272 - connect.py - DEBUG - {'ip': u'172.16.0.74', 'role_name': u'UserTesting', 'role_key': u'/opt/jumpserver/keys/user/administrator_UserTesting.pem', 'user': <User: administrator>, 'role_pass': 'UserTesting', 'port': 22, 'asset': <Asset: 172.16.0.74>}
2016-02-23 14:28:50,289 - run_websocket.py - DEBUG - Websocket: session_key: 7gq4kny5su16emqo9kbr840bmvt53e1h
2016-02-23 14:28:50,291 - run_websocket.py - DEBUG - Websocket: session: Session object
2016-02-23 14:28:50,294 - run_websocket.py - DEBUG - Websocket: user [ administrator ] request websocket
2016-02-23 14:28:50,294 - run_websocket.py - DEBUG - Websocket: Open request
2016-02-23 14:28:50,337 - run_websocket.py - DEBUG - set([<PermRole: dba>, <PermRole: UserTesting>])
2016-02-23 14:28:50,337 - run_websocket.py - DEBUG - 系统用户: UserTesting
2016-02-23 14:28:50,338 - run_websocket.py - DEBUG - Websocket: request web terminal Host: 172.16.0.74 User: administrator Role: UserTesting
2016-02-23 14:28:50,340 - connect.py - DEBUG - {'ip': u'172.16.0.74', 'role_name': u'UserTesting', 'role_key': u'/opt/jumpserver/keys/user/administrator_UserTesting.pem', 'user': <User: administrator>, 'role_pass': 'UserTesting', 'port': 22, 'asset': <Asset: 172.16.0.74>}
2016-02-23 14:28:50,933 - connect.py - WARNING - 使用ssh key /opt/jumpserver/keys/user/administrator_UserTesting.pem 失败, 尝试只使用密码
2016-02-23 14:28:50,999 - connect.py - WARNING - 使用ssh key /opt/jumpserver/keys/user/administrator_UserTesting.pem 失败, 尝试只使用密码
2016-02-23 14:28:51,285 - run_websocket.py - DEBUG - Websocket: Close request
2016-02-23 14:28:51,340 - run_websocket.py - DEBUG - Websocket: Close request

bug现象: 一段时间后web terminal 无法连接，web terminal每连接一次数据库连接加1，连接断开不减少
bug描述：

1. tornado websocket下数据库连接超时关闭
2. 数据库连接一直再增加
3. connect.py卡住于此可能相关

2016-02-23 13:38:38,831 - ansible_api.py - DEBUG - {'dark': {u'172.16.0.74': {'msg': 'SSH Error: Permission denied (publickey).\n while connecting to 172.16.0.74:22\nIt is sometimes useful to re-run the command using -vvvv, which prints SSH debug output to help diagnose the issue.', 'failed': True}, u'172.16.0.68': {'msg': 'SSH Error: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).\n while connecting to 172.16.0.68:22\nIt is sometimes useful to re-run the command using -vvvv, which prints SSH debug output to help diagnose the issue.', 'failed': True}, u'172.16.0.76': {'msg': 'SSH Error: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).\n while connecting to 172.16.0.76:22\nIt is sometimes useful to re-run the command using -vvvv, which prints SSH debug output to help diagnose the issue.', 'failed': True}}, 'contacted': {}}
2016-02-23 13:38:38,832 - views.py - DEBUG - {'failed': {u'172.16.0.74': 'SSH Error: Permission denied (publickey).\n while connecting to 172.16.0.74:22\nIt is sometimes useful to re-run the command using -vvvv, which prints SSH debug output to help diagnose the issue.', u'172.16.0.68': 'SSH Error: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).\n while connecting to 172.16.0.68:22\nIt is sometimes useful to re-run the command using -vvvv, which prints SSH debug output to help diagnose the issue.', u'172.16.0.76': 'SSH Error: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).\n while connecting to 172.16.0.76:22\nIt is sometimes useful to re-run the command using -vvvv, which prints SSH debug output to help diagnose the issue.'}, 'ok': {}}

I met 'No valid Key exchange context' error and cannot login into jumpserver.

1. first, I logon jumpserver website, then download private rsa key from server;
2. use ssh-keygen and the passphrase to generate the public key;
3. try to

ssh -v -i my-rsa.pub username@jumpserver

JumpServer is Cool, but I don't know how to play with it, and I need some help, thank you.

when using zoc, always get this error.
the Character set is utf-8

Opt or ID>: p
Traceback (most recent call last):
  File "/opt/jumpserver/connect.py", line 806, in <module>
    main()
  File "/opt/jumpserver/connect.py", line 753, in main
    nav.search()
  File "/opt/jumpserver/connect.py", line 530, in search
    color_print('[%-3s] %-12s %-15s  %-5s  %-10s  %s' % ('ID', u'主机名', 'IP', u'端口', u'系统用户', u'备注'), 'title')
  File "/opt/jumpserver/connect.py", line 58, in color_print
    print msg
UnicodeEncodeError: 'ascii' codec can't encode characters in position 14-16: ordinal not in range(128) 

需求描述：jumpserver中认证都基于key + password, 所有password都不保存密码或不对称加密保存密码
思路：

1. 超级管理员自己记录一个密码到其他位置
2. 每次系统重启或启动会将改密码读入内存
3. 所有密码保存或解密从内存中读入改密码，作为salt加密
4. keypass使用时从内存中读取后用来解密

单独启动: node index.js

打开浏览器输入：localhost:3000

在控制台输入:
$.getScript("http://localhost:3000/socket.io/socket.io.js");
var socket = io.connect('ws://localhost:3000');
socket.emit('login', {userid:"test", filename:"/Users/kelly/word.txt"});
socket.on('message',function(obj){console.log(obj.content)});

详细：

bug现象：如题执行以上操作，有一台机器有故障，如资产不在线，会引起卡顿
bug分析：可能是由于没连接上，在等待timeout时间
bug测试：添加一台不存在的服务器，或写错端口