使用sshwifty搭建WebSHH服务器
使用sshwifty搭建WebSHH服务器
简介
Sshwifty是一个为Web设计的SSH和Telnet连接器。它可以部署在您的计算机或服务器上,为任何兼容(标准)的web浏览器提供SSH和Telnet访问接口。
下载安装
下载
- GitHub发布页面地址Github sshwifty releases
- 根据自己Linux的CPU架构选择适合自己的SSHwifty版本:
- x86_x64选择:sshwifty_0.2.16-beta-release_freebsd_amd64.tar.gz
- ARM64选择:sshwifty_0.2.16-beta-release_linux_arm64.tar.gz
- ARM32(一般为各种低端盒子,例如玩客云)选择:sshwifty_0.2.16-beta-release_linux_arm.tar.gz
安装
-
下载完成之后直接解压即可使用,为了方便这里将创建软连接:
cp sshwifty_linux_amd64 /usr/local/bin/sshwifty # 添加到全局执行目录 cp sshwifty.conf.example.json /etc/sshwifty.conf.json # 复制配置文件 chmod +x /usr/local/bin/sshwifty # 添加执行权限
-
修改配置文件
{ "HostName": "", "SharedKey": "123456789", # 这里修改成你的访问密码 "DialTimeout": 5, "Socks5": "", "Socks5User": "", "Socks5Password": "", "Servers": [ { "ListenInterface": "0.0.0.0", # 服务监听的ip地址,如果只是本地使用可以使用127.0.0.1,如果是云服务器提供外网访问建议设置为0.0.0.0 "ListenPort": 8182, # 服务器监听的端口号 "InitialTimeout": 3, "ReadTimeout": 60, "WriteTimeout": 60, "HeartbeatTimeout": 20, "ReadDelay": 10, "WriteDelay": 10, "TLSCertificateFile": "", # TLS文件地址,这里不配置的话可能没有办法访问, "TLSCertificateKeyFile": "" # TLS文件地址,这里不配置的话可能没有办法访问, } ], "Presets": [ { "Title": "SDF.org Unix Shell", "Type": "SSH", "Host": "sdf.org:22", "Meta": { "Encoding": "utf-8", "Authentication": "Password" } }, { "Title": "My own super secure server", "Type": "SSH", "Host": "localhost", "Meta": { "User": "root", "Encoding": "utf-8", "Private Key": "-----BEGIN RSA Will be sent to client-END RSA PRI...\n", "Authentication": "Private Key", "Fingerprint": "SHA256:bgO...." } }, { "Title": "My own super expensive router", "Type": "Telnet", "Host": "10.0.0.1", "Meta": { "Encoding": "ibm866" } } ], "OnlyAllowPresetRemotes": false }
-
启动
sshwifty
,命令行输入:
SHELL
$ sshwifty
运行结果:
从上图可以看出本地访问默认使用 127.0.0.1:8182
这个地址。可视化系统可以安装浏览器
,安装后可直接输入上面的地址访问
。如果你是用的
配置Nginx反向代理
map $http_upgrade $connection_upgrade { default upgrade; '' close; }
server
{
listen 80;
listen 443 ssl;
server_name 你的域名;
index index.php index.html index.htm default.php default.htm default.html;
root /www/wwwroot/;
# 强制HTTPS START 强制HTTPS
if ($server_port !~ 443){
rewrite ^(/.*)$ https://$host$1 permanent;
}
# 强制HTTPS END
## SSL证书相关配置
ssl_certificate pem文件;
ssl_certificate_key key文件;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
error_page 497 https://$host$request_uri;
# SSL证书相关配置 END
#ERROR-PAGE-START 错误页配置,可以注释、删除或修改
error_page 404 /404.html;
error_page 502 /502.html;
#ERROR-PAGE-END
# 代理相关配置 START
location ~ /purge(/.*) {
proxy_cache_purge cache_one $host$request_uri$is_args$args;
}
location /
{
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_pass http://127.0.0.1:8182;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
add_header X-Cache $upstream_cache_status;
expires 12h;
}
location ~ .*\.(php|jsp|cgi|asp|aspx|flv|swf|xml)?$
{
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_pass http://127.0.0.1:8182;
}
location ~ .*\.(html|htm|png|gif|jpeg|jpg|bmp|js|css)?$
{
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_pass http://127.0.0.1:8182;
expires 24h;
}
# 代理相关配置 END
#禁止访问的文件或目录
location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md)
{
return 404;
}
}
相关问题
常见问题
1.Unable to authenticate: TypeError: Cannot read property 'importKey' of undefined
这个问题,主要是新的Chrome和Chromium内核浏览器,已经不支持非SSL的加密传输在SSH上,所以解决方法:
- 将sshwifty的 URL改为https
而如果你是腾讯云轻量应用服务器且有域名,可以看看接下来的宝塔Nginx反向代理部分。
2.Unable to connect to the Sshwifty backend server: WebSocket Error (1006)
这个一般出现在成功反向代理sshwifty后,需要连接本地终端时。这里修改Nginx的配置文件
map $http_upgrade $connection_upgrade { default upgrade; '' close; }
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
浏览器访问
之后,不出意外,就可以浏览器首页https://域名
形式访问Web SSH了: