使用sshwifty搭建WebSHH服务器

使用sshwifty搭建WebSHH服务器

简介

Sshwifty是一个为Web设计的SSH和Telnet连接器。它可以部署在您的计算机或服务器上,为任何兼容(标准)的web浏览器提供SSH和Telnet访问接口。

在线尝试

下载安装

下载

  1. GitHub发布页面地址Github sshwifty releases

image-20211103151138969

  1. 根据自己Linux的CPU架构选择适合自己的SSHwifty版本:
    • x86_x64选择:sshwifty_0.2.16-beta-release_freebsd_amd64.tar.gz
    • ARM64选择:sshwifty_0.2.16-beta-release_linux_arm64.tar.gz
    • ARM32(一般为各种低端盒子,例如玩客云)选择:sshwifty_0.2.16-beta-release_linux_arm.tar.gz

安装

  1. 下载完成之后直接解压即可使用,为了方便这里将创建软连接:

    cp sshwifty_linux_amd64 /usr/local/bin/sshwifty  # 添加到全局执行目录
cp sshwifty.conf.example.json /etc/sshwifty.conf.json  # 复制配置文件
chmod +x /usr/local/bin/sshwifty   # 添加执行权限

  2. 修改配置文件

    {
  "HostName": "",
  "SharedKey": "123456789",   # 这里修改成你的访问密码
  "DialTimeout": 5,
  "Socks5": "",
  "Socks5User": "",
  "Socks5Password": "",
  "Servers": [
    {
      "ListenInterface": "0.0.0.0",  # 服务监听的ip地址,如果只是本地使用可以使用127.0.0.1,如果是云服务器提供外网访问建议设置为0.0.0.0
      "ListenPort": 8182,  # 服务器监听的端口号
      "InitialTimeout": 3,
      "ReadTimeout": 60,
      "WriteTimeout": 60,
      "HeartbeatTimeout": 20,
      "ReadDelay": 10,
      "WriteDelay": 10,
      "TLSCertificateFile": "",   # TLS文件地址,这里不配置的话可能没有办法访问,
      "TLSCertificateKeyFile": ""  # TLS文件地址,这里不配置的话可能没有办法访问,
    }
  ],
  "Presets": [
    {
      "Title": "SDF.org Unix Shell",
      "Type": "SSH",
      "Host": "sdf.org:22",
      "Meta": {
        "Encoding": "utf-8",
        "Authentication": "Password"
      }
    },
    {
      "Title": "My own super secure server",
      "Type": "SSH",
      "Host": "localhost",
      "Meta": {
        "User": "root",
        "Encoding": "utf-8",
        "Private Key": "-----BEGIN RSA Will be sent to client-END RSA PRI...\n",
        "Authentication": "Private Key",
        "Fingerprint": "SHA256:bgO...."
      }
    },
    {
      "Title": "My own super expensive router",
      "Type": "Telnet",
      "Host": "10.0.0.1",
      "Meta": {
        "Encoding": "ibm866"
      }
    }
  ],
  "OnlyAllowPresetRemotes": false
}

  3. 启动 sshwifty,命令行输入:

SHELL
$ sshwifty

运行结果:

image-20211103151951259

从上图可以看出本地访问默认使用 127.0.0.1:8182 这个地址。可视化系统可以安装浏览器,安装后可直接输入上面的地址访问。如果你是用的

配置Nginx反向代理

map $http_upgrade $connection_upgrade { default upgrade; '' close; }
server
{
    listen 80;
	listen 443 ssl;
    server_name 你的域名;
    index index.php index.html index.htm default.php default.htm default.html;
    root /www/wwwroot/;
    
   
    #   强制HTTPS START  强制HTTPS
    if ($server_port !~ 443){
        rewrite ^(/.*)$ https://$host$1 permanent;
    }
    #  强制HTTPS  END
    
    ## SSL证书相关配置
    ssl_certificate   pem文件;
    ssl_certificate_key    key文件;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    error_page 497  https://$host$request_uri;

    # SSL证书相关配置  END
    
    #ERROR-PAGE-START  错误页配置,可以注释、删除或修改
    error_page 404 /404.html;
    error_page 502 /502.html;
    #ERROR-PAGE-END

    # 代理相关配置  START
    location ~ /purge(/.*) { 
        proxy_cache_purge cache_one $host$request_uri$is_args$args;
    }
    location / 
    {
        proxy_set_header Upgrade $http_upgrade; 
        proxy_set_header Connection $connection_upgrade;
        proxy_pass http://127.0.0.1:8182;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header REMOTE-HOST $remote_addr;

        add_header X-Cache $upstream_cache_status;
        
        expires 12h;
    }
    
    location ~ .*\.(php|jsp|cgi|asp|aspx|flv|swf|xml)?$
    {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header REMOTE-HOST $remote_addr;
        proxy_pass http://127.0.0.1:8182;
        
    }
    
    location ~ .*\.(html|htm|png|gif|jpeg|jpg|bmp|js|css)?$
    {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header REMOTE-HOST $remote_addr;
        proxy_pass http://127.0.0.1:8182;
        expires 24h;
    }
    #  代理相关配置  END
    
    #禁止访问的文件或目录
    location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md)
    {
        return 404;
    }
    

}

相关问题

常见问题

1.Unable to authenticate: TypeError: Cannot read property 'importKey' of undefined

这个问题,主要是新的Chrome和Chromium内核浏览器,已经不支持非SSL的加密传输在SSH上,所以解决方法:

  • 将sshwifty的 URL改为https

而如果你是腾讯云轻量应用服务器且有域名,可以看看接下来的宝塔Nginx反向代理部分。

2.Unable to connect to the Sshwifty backend server: WebSocket Error (1006)

这个一般出现在成功反向代理sshwifty后,需要连接本地终端时。这里修改Nginx的配置文件

map $http_upgrade $connection_upgrade { default upgrade; '' close; }

image-20211103153124883

proxy_set_header Upgrade $http_upgrade; 
proxy_set_header Connection $connection_upgrade;

image-20211103153157958

浏览器访问

之后,不出意外,就可以浏览器首页https://域名形式访问Web SSH了:

image-20211103153410819

image-20211103153516065

posted @ 2022-05-05 11:41  崔安兵  阅读(881)  评论(0编辑  收藏  举报