JumpServer is an open source software that can come in handy in an IT department, it will allow us to create our central point of connections to the rest of the servers, that we will connect via web (HTML5) to RDP, SSH, MariaDB, VNC…

A web service, to which anyone who wants to connect to the servers of the infrastructure will be validated, type a jumping team, A bastion server, JumpServer It's the pear. How we will manage we will decide who can connect to which computers. All access will be via the web and it will be the machine itself that makes the RDP or SSH connection, so from any network we can access the remote machines. (using RDP over HTML5, SSH over HTML5…) and most importantly, No agents or additional software.

Among other wonders, it allows us to use 2FA to authenticate ourselves, using CAPTCHA, integrates with LDAP… or for example, it will record on video all the sessions that we administrators do,

¿Started? ¡¡¡Started!!!

We'll deploy it with Docker in a minute, I leave you the commands to download the images and start the containers:

git clone --depth=1 https://github.com/jumpserver/Dockerfile.git
cd Dockerfile
cp config_example.conf .env
docker-compose -f docker-compose-network.yml -f docker-compose-redis.yml -f docker-compose-mariadb.yml -f docker-compose-init-db.yml up -d
docker exec -i jms_core bash -c './jms upgrade_db'
docker-compose -f docker-compose-network.yml -f docker-compose-redis.yml -f docker-compose-mariadb.yml -f docker-compose.yml up -d

We open a browser, by default and if we don't say anything, We can connect through port 80TCP, We validate with the default credentials: Admin / Admin

It will ask us to change the credentials,

This would be the Dashboard that we would see as administrators, A summary of usage, The truth is that the tool has many options and in this post we will see the basics.

In the Settings we can, among others, use an LDAP connection so that we can use Active Directory users to log in, I am talking about IT administrators as an example, Technical…

Giving “Bulk import” we will be able to select the users that we are interested in importing,

From the “Assets” It is where we will register the equipment to which we will allow the connections,

If we click on “Create”, We see that we have a lot of options to manage, from VNC, RDP for Windows, SSH, MongoDB Database, VMware vSphere, ChatGPO, Web access, Kubernetes…

Example of registering a computer to which we will connect by RDP. From here we can add an Account or access account, that is, with which user will this computer be entered, or not define anything, go, as needed.

Then, from Permissions, we will give users access to the machines and if we want to the different access accounts, where we may use generic accounts, We can also allow them to manually enter their credentials if we are interested, or, even the one they logged in with on JumpServer, that of the AD itself.

And this will be the window that our technicians will see after logging into JumpServer. On the left, the computers to which you have access, and when you click on one of them, they will have to be validated, with what we have left them, your own user, a generic preset or one that has to be typed manually every time,

This would be a screenshot of a connection to a machine by RDP,

What I said, then the administrators, If you want to review a recording of any session, you can…

And here's a screenshot of the video 🙂 recording

Well, Well, with this I say goodbye, I hope you found it interesting, An elegant way to manage corporate access, insurance, All through this machine… And I'm not telling you if you change the subject a little and make it corporate, with logos, colors…

A hug, Have a great week! On Thursday we see each other again that another warm post is coming! Take care of yourselves!