A simple web application to be used as an ssh client to connect to your ssh servers. It is written in Python, base on tornado, paramiko and xterm.js.
- SSH password authentication supported, including empty password.
- SSH public-key authentication supported, including DSA RSA ECDSA Ed25519 keys.
- Encrypted keys supported.
- Two-Factor Authentication (time-based one-time password) supported.
- Fullscreen terminal supported.
- Terminal window resizable.
- Auto detect the ssh server's default encoding.
- Modern browsers including Chrome, Firefox, Safari, Edge, Opera supported.
+---------+ http +--------+ ssh +-----------+ | browser | <==========> | webssh | <=======> | ssh server| +---------+ websocket +--------+ ssh +-----------+ - Python 3.8+
- Install this app, run command
pip install webssh - Start a webserver, run command
wssh - Open your browser, navigate to
127.0.0.1:8888 - Input your data, submit the form.
# start a http server with specified listen address and listen port wssh --address='2.2.2.2' --port=8000 # start a https server, certfile and keyfile must be passed wssh --certfile='/path/to/cert.crt' --keyfile='/path/to/cert.key'# missing host key policy wssh --policy=reject # logging level wssh --logging=debug # log to file wssh --log-file-prefix=main.log # more options wssh --help// connect to your ssh serverwssh.connect(hostname,port,username,password,privatekey,passphrase,totp);// pass an object to wssh.connectvaropts={hostname: 'hostname',port: 'port',username: 'username',password: 'password',privatekey: 'the private key text',passphrase: 'passphrase',totp: 'totp'};wssh.connect(opts);// without an argument, wssh will use the form data to connectwssh.connect();// set a new encoding for client to usewssh.set_encoding(encoding);// reset encoding to use the default onewssh.reset_encoding();// send a command to the serverwssh.send('ls -l');To use custom font, put your font file in the directory webssh/static/css/fonts/ and restart the server.
Support passing arguments by url (query or fragment) like following examples:
Passing form data (password must be encoded in base64, privatekey not supported)
http://localhost:8888/?hostname=xx&username=yy&password=str_base64_encodedPassing a terminal background color
http://localhost:8888/#bgcolor=greenPassing a terminal font color
http://localhost:8888/#fontcolor=redPassing a user defined title
http://localhost:8888/?title=my-ssh-serverPassing an encoding
http://localhost:8888/#encoding=gbkPassing a font size
http://localhost:8888/#fontsize=24Passing a command executed right after login
http://localhost:8888/?command=pwdPassing a terminal type
http://localhost:8888/?term=xterm-256colorStart up the app
docker-compose up Tear down the app
docker-compose down Requirements
pip install pytest pytest-cov codecov flake8 mock Use unittest to run all tests
python -m unittest discover tests Use pytest to run all tests
python -m pytest tests Running behind an Nginx server
wssh --address='127.0.0.1' --port=8888 --policy=reject# Nginx config examplelocation / {proxy_passhttp://127.0.0.1:8888;proxy_http_version 1.1;proxy_read_timeout300;proxy_set_header Upgrade $http_upgrade;proxy_set_header Connection "upgrade";proxy_set_header Host $http_host;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Real-PORT $remote_port;}Running as a standalone server
wssh --port=8080 --sslport=4433 --certfile='cert.crt' --keyfile='cert.key' --xheaders=False --policy=reject- For whatever deployment choice you choose, don't forget to enable SSL.
- By default plain http requests from a public network will be either redirected or blocked and being redirected takes precedence over being blocked.
- Try to use reject policy as the missing host key policy along with your verified known_hosts, this will prevent man-in-the-middle attacks. The idea is that it checks the system host keys file("~/.ssh/known_hosts") and the application host keys file("./known_hosts") in order, if the ssh server's hostname is not found or the key is not matched, the connection will be aborted.