一、安装部署

官方安装文档：快速入门 - JumpServer 文档

机器准备

CentOS7

ip	角色
192.168.252.145	主节点
192.168.252.146	被控节点1
192.168.252.148	被控节点2

安装JumperServer

curl -sSL https://resource.fit2cloud.com/jumpserver/jumpserver/releases/download/v3.10.13/quick_start.sh | bash

success

修改配置文件

如果的ip属于公网ip必须修改配置文件

vim /opt/jumpserver/config/config.txt 
修改内容
# 可信任 DOMAINS 定义,
# 定义可信任的访问 IP, 请根据实际情况修改, 如果是公网 IP 请改成对应的公网 IP,
# DOMAINS="demo.jumpserver.org:443"
# DOMAINS="172.17.200.191:80"
# DOMAINS="demo.jumpserver.org:443,172.17.200.191:80"
DOMAINS=192.168.252.148

启动

jmsctl start 启动
jmstcl stop  停止

tips：

请重装docker即可

访问登录

访问：http:192.168.252.148
默认：
账户：admin
密码：admin

登录进入后会出现更改密码的操作

登录成功

问题解决

如果出现如下界面请更换浏览器

二、基本操作

用户管理

创建用户组

进入用户组界面点击创建

添加成员

查看是否添加成功

创建用户

进入用户列表界面点击创建用户

添加成员信息

添加成功

模版创建

创建模版

账户连接

秘钥连接

cat /root/.ssh/id_rsa
秘钥：
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAy7YwLRpuWKDVJp3ylXlOhoudX3idlIErWzUqYCdx9pH4Ny3i
4+/mhYnMViekM3XVR/OCCES5lY9WRiYiZI1knXYa94Ut8iTL0o6644BrEJYt72Qq
AcpoRsUMIh2Ticg2Vnyj5M8p3dP/aeNXr8JeeI946j7Dgty7p2cuCYUQj7ml7ynG
RMvkn+5YuIWNJqtZlbhNP7cac3jruXXMeyvBYx4irdXfKhtcdre83gfHdncfYESW
Uugn7KRAh3OsBNh9FvnHPqewz18AMqBNQCX/zHwxqkXh2PNy5XCigqhHGfGgqIYd
wbtxpJTA6N2oYdI+dj36fCLUXfqmrh/ELBk7xwIDAQABAoIBAHXaWjbN0scNjSNB
P6XAP3DRduNT6X6P2CB1OqXUTDdFLZ/muRv7n5bkKMYzOujWo+RzeWgFMoTXHyeI
Sl93+ZyrRmCquPEc3ppbHr4dflNjPwH/JdpRWlCPETzvdXrBzMXuZ/co7uS6EEsX
TpSNU5BWGLMUSpH718i6hcTWKcWrrpIc4tW+5ShKQDt53ot6NWDAL50bwyr/A/Lg
pH5cN9KT84HttNKI4s/2Esfh2eDvVRiL7o0rGuN/mjZ2+lJbSDaHu4tLcnMANhzo
uzIVqk6L6b1qe/jXAQoD11emtjiJdka+7rB1elHLa/2pe+Rn5CVQp58njf2fBBW+
J8H867ECgYEA6B9LXD32PJGrcVU0xeJk+Ai9OMCR8MFRZBVxQ8vzldAc2U3Z6zL9
t7JLJE7QpKi4L4P8izTx7JjSRw4kP/lDUFmUCDR/Il0xhCYpF/Y0WM9wSEVVrFI/
LjFPWBwJ4Sr0GW07kQbzHGPwo2aToOT9l7U/2r6tHSGw004nYcnJm78CgYEA4Kq6
4sK+OJtanrLHS44i2LdPyZojDDLDpFZRr5bR4IOlWEVCMDtFmyWUJovgKm9Rhzn1
LReXH5tLAUyF9ziIeHNelrQQfoWa9bfKYnle3MQqqjUV9OM7pUv9JSIv+kyTDt66
NeBv4JV0OaTLj8NLoWQ1cylhuObsah0ap1/bAfkCgYEAowY3m1U5N1jnm/VH1yMl
3r3kh5NX7EsZqr0Ui5UWQsWjPUtcHb/2SanC9IEWME7+7QA5wlsw/gZmyNi5xOR/
zlLbkNet4qipOjLC8b1NDoLCTT/E5/3rubmQDEXE+ot8XM9G4piK7gmS3HAShxHM
uVvmuO7qDme3FPDy388k9WkCgYASDWXq5p8GSWVkrxTYe1lNdJ1So7IBPur9f3oc
08+VbL6Scy44Vern5oMa/c5LWpqAdSXAM88O2RmTxyRUkxRUKWEGVv2kTPQAnn4C
n6IBtzl+Z7mV7dRTGeIDY9XbFOAUJ81qmtgigZ/PKfC5YoXnN/gbgs25X8TLWf9U
R51/cQKBgQC5PqYXctARHJKBZ93nzwO8Uc4tBOS4g+JuKu/Z6fMWJOhBTvhb7QZo
hKNRqMnhZejL3I8qS0dc1pdM/vynWyHXDTTf/wxCMWe7fc+AASG5sR8INXrpzlNh
8LaDEyGPV7UgTVb0JBU4EpszHPdodMLQ8UYmrhqjh6VFcgCAGOYLDQ==
-----END RSA PRIVATE KEY-----

主机管理

创建公钥私钥

192.168.252.148

发送公钥

ssh-keygen
ssh-copy-id 192.168.252.145
ssh-copy-id 192.168.252.146

查看秘钥

cat /root/.ssh/id_rsa
秘钥：
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAy7YwLRpuWKDVJp3ylXlOhoudX3idlIErWzUqYCdx9pH4Ny3i
4+/mhYnMViekM3XVR/OCCES5lY9WRiYiZI1knXYa94Ut8iTL0o6644BrEJYt72Qq
AcpoRsUMIh2Ticg2Vnyj5M8p3dP/aeNXr8JeeI946j7Dgty7p2cuCYUQj7ml7ynG
RMvkn+5YuIWNJqtZlbhNP7cac3jruXXMeyvBYx4irdXfKhtcdre83gfHdncfYESW
Uugn7KRAh3OsBNh9FvnHPqewz18AMqBNQCX/zHwxqkXh2PNy5XCigqhHGfGgqIYd
wbtxpJTA6N2oYdI+dj36fCLUXfqmrh/ELBk7xwIDAQABAoIBAHXaWjbN0scNjSNB
P6XAP3DRduNT6X6P2CB1OqXUTDdFLZ/muRv7n5bkKMYzOujWo+RzeWgFMoTXHyeI
Sl93+ZyrRmCquPEc3ppbHr4dflNjPwH/JdpRWlCPETzvdXrBzMXuZ/co7uS6EEsX
TpSNU5BWGLMUSpH718i6hcTWKcWrrpIc4tW+5ShKQDt53ot6NWDAL50bwyr/A/Lg
pH5cN9KT84HttNKI4s/2Esfh2eDvVRiL7o0rGuN/mjZ2+lJbSDaHu4tLcnMANhzo
uzIVqk6L6b1qe/jXAQoD11emtjiJdka+7rB1elHLa/2pe+Rn5CVQp58njf2fBBW+
J8H867ECgYEA6B9LXD32PJGrcVU0xeJk+Ai9OMCR8MFRZBVxQ8vzldAc2U3Z6zL9
t7JLJE7QpKi4L4P8izTx7JjSRw4kP/lDUFmUCDR/Il0xhCYpF/Y0WM9wSEVVrFI/
LjFPWBwJ4Sr0GW07kQbzHGPwo2aToOT9l7U/2r6tHSGw004nYcnJm78CgYEA4Kq6
4sK+OJtanrLHS44i2LdPyZojDDLDpFZRr5bR4IOlWEVCMDtFmyWUJovgKm9Rhzn1
LReXH5tLAUyF9ziIeHNelrQQfoWa9bfKYnle3MQqqjUV9OM7pUv9JSIv+kyTDt66
NeBv4JV0OaTLj8NLoWQ1cylhuObsah0ap1/bAfkCgYEAowY3m1U5N1jnm/VH1yMl
3r3kh5NX7EsZqr0Ui5UWQsWjPUtcHb/2SanC9IEWME7+7QA5wlsw/gZmyNi5xOR/
zlLbkNet4qipOjLC8b1NDoLCTT/E5/3rubmQDEXE+ot8XM9G4piK7gmS3HAShxHM
uVvmuO7qDme3FPDy388k9WkCgYASDWXq5p8GSWVkrxTYe1lNdJ1So7IBPur9f3oc
08+VbL6Scy44Vern5oMa/c5LWpqAdSXAM88O2RmTxyRUkxRUKWEGVv2kTPQAnn4C
n6IBtzl+Z7mV7dRTGeIDY9XbFOAUJ81qmtgigZ/PKfC5YoXnN/gbgs25X8TLWf9U
R51/cQKBgQC5PqYXctARHJKBZ93nzwO8Uc4tBOS4g+JuKu/Z6fMWJOhBTvhb7QZo
hKNRqMnhZejL3I8qS0dc1pdM/vynWyHXDTTf/wxCMWe7fc+AASG5sR8INXrpzlNh
8LaDEyGPV7UgTVb0JBU4EpszHPdodMLQ8UYmrhqjh6VFcgCAGOYLDQ==
-----END RSA PRIVATE KEY-----

创建主机

添加模版

提交创建成功主机

同理创建192.168.252.146的节点

显示连接成功，这个两个节点才算添加成功

资产管理

创建资产树

资产授权

账号推送

创建账号推送

执行

验证是否推送成功

授权资产

创建授权

测试syh能否进行看到资产

success

Web连接

success

连接成功！

连接主节点

将admin账户推送给所有主机

ssh admin@192.168.252.148 -p 2222

开启SUDO提权

推送无权限账户

ssh admin@192.168.252.148 -p 2222

发现没权限

进行提权

再执行一次

success！

命令过滤

使用syh用户进行登录jumperserver然后进入工作台测试rm命令是否成功禁用成功

审计台

使用过会话的可以进行回放