需要的环境：
（1） Windows系统机器
（2） ssh工具Xshell软件
（3） centos虚拟机
参考安装和下载地址：
（1） http://liftoff.github.io/GateOne/About/prerequisites.html 官网
（2） http://www.90.vc/archives/1127 中文网站
（3） http://www.2cto.com/os/201411/349816.html 中文网站
安装pip
https://pip.pypa.io/en/latest/installing/#do-i-need-to-install-pip 官网

GateOne介绍

GateOne 是一款使用 HTML5 技术编写的网页版 SSH 终端模拟器。就是类似于Windows上远程ssh工具，例如Xshell等。
亮点有：
• 基于现代的 HTML5 技术，无需任何浏览器插件。
• 支持多个 SSH 进程。
• 可以嵌入到其他任意应用程序中。
• 支持使用 JavaScript，Python 甚至纯 CSS 编写的插件。
• 支持 SSH 进程副本，打开多个进程而无需重复输入密码。
• 支持各种服务器端的日志功能，支持 Keberos-based 单点登录甚至活动目录。
以上参考：https://linuxtoy.org/archives/gateone.html 可以看到外网的介绍视屏。
官网上介绍说在CentOS下安装GateOne的先决条件是：
（1） Python 版本为2.6+和3.2+
（2） Tornado Framework 框架2.2+
（3） 如果Python是2.6版本的需要安装ordereddict module
（4） tornado kerberos等模块

安装过程

（1） 下载必要的源
epel-release-6-8.noarch.rpm源的下载和安装

@H_301_38@[root@localhost tools]# wget http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm --2016-08-08 05:26:07-- http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm Resolving dl.fedoraproject.org... 209.132.181.24,209.132.181.23,209.132.181.27,... Connecting to dl.fedoraproject.org|209.132.181.24|:80... connected. HTTP request sent,awaiting response... 200 OK Length: 14540 (14K) [application/x-rpm] Saving to: “epel-release-6-8.noarch.rpm” 100%[===========================================>] 14,540 60.8K/s in 0.2s 2016-08-08 05:26:08 (60.8 KB/s) - “epel-release-6-8.noarch.rpm” saved [14540/14540] [root@localhost tools]# rpm -Uvh epel-release*rpm warning: epel-release-6-8.noarch.rpm: Header V3 RSA/SHA256 Signature,key ID 0608b895: NOKEY Preparing... ########################################### [100%] 1:epel-release ########################################### [100%] [root@localhost tools]# yum install epel-release Loaded plugins: fastestmirror Setting up Install Process Loading mirror speeds from cached hostfile epel/Metalink | 4.7 kB 00:00 * base: mirrors.hust.edu.cn * epel: mirrors.neusoft.edu.cn * extras: mirrors.hust.edu.cn * updates: mirrors.hust.edu.cn base | 3.7 kB 00:00 epel | 4.3 kB 00:00 epel/primary_db | 5.9 MB 00:03 extras | 3.4 kB 00:00 updates | 3.4 kB 00:00 updates/primary_db | 1.4 MB 00:01 Package epel-release-6-8.noarch already installed and latest version Nothing to do [root@localhost tools]#

rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm源的下载和安装

@H_301_38@[root@localhost tools]# wget http://apt.sw.be/redhat/el6/en/x86_64/rpmforge/RPMS/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm --2016-08-08 05:31:39-- http://apt.sw.be/redhat/el6/en/x86_64/rpmforge/RPMS/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm Resolving apt.sw.be... 193.1.193.67 Connecting to apt.sw.be|193.1.193.67|:80... connected. HTTP request sent,awaiting response... 200 OK Length: 12700 (12K) [application/x-redhat-package-manager] Saving to: “rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm” 100%[===========================================>] 12,700 --.-K/s in 0s 2016-08-08 05:31:41 (475 MB/s) - “rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm” saved [12700/12700] [root@localhost tools]# rpm -Uvh rpmforge-release*rpm warning: rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm: Header V3 DSA/SHA1 Signature,key ID 6b8d79e6: NOKEY Preparing... ########################################### [100%] 1:rpmforge-release ########################################### [100%] [root@localhost tools]#

（2） 安装依赖包

@H_301_38@[root@localhost tools]# yum install -y python python-pip gcc python-devel setuptool python-pam openssl openssl-devel wget make gcc-c++ patch pam_radius dtach pyOpenSSL perl

（3） 用pip命令安装tornado Kerberos

@H_301_38@[root@localhost tools]# pip install tornado kerberos

（4） 安装tornado

@H_301_38@[root@localhost tools]# wget https://github.com/downloads/liftoff/GateOne/tornado-2.4-1.noarch.rpm --2016-08-08 16:33:37-- https://github.com/downloads/liftoff/GateOne/tornado-2.4-1.noarch.rpm Resolving github.com... 192.30.253.113 Connecting to github.com|192.30.253.113|:443... connected. HTTP request sent,awaiting response... 302 Found Location: https://cloud.github.com/downloads/liftoff/GateOne/tornado-2.4-1.noarch.rpm [following] --2016-08-08 16:33:39-- https://cloud.github.com/downloads/liftoff/GateOne/tornado-2.4-1.noarch.rpm Resolving cloud.github.com... 54.182.5.40,54.182.5.69,54.182.5.230,... Connecting to cloud.github.com|54.182.5.40|:443... connected. HTTP request sent,awaiting response... 200 OK Length: 577918 (564K) [audio/pn-realaudio-plugin] Saving to: “tornado-2.4-1.noarch.rpm” 100%[===========================================>] 577,918 40.2K/s in 11s 2016-08-08 16:33:55 (51.1 KB/s) - “tornado-2.4-1.noarch.rpm” saved [577918/577918] [root@localhost tools]# ls epel-release-6-8.noarch.rpm tornado-2.4-1.noarch.rpm rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm [root@localhost tools]# rpm -ivh tornado-2.4-1.noarch.rpm Preparing... ########################################### [100%] 1:tornado ########################################### [100%] [root@localhost tools]#

（5） 安装Imaging

@H_301_38@[root@localhost tools]# rpm -ivh tornado-2.4-1.noarch.rpm Preparing... ########################################### [100%] 1:tornado ########################################### [100%] [root@localhost tools]# wget http://effbot.org/media/downloads/Imaging-1.1.7.tar.gz --2016-08-08 16:35:14-- http://effbot.org/media/downloads/Imaging-1.1.7.tar.gz Resolving effbot.org... 75.126.217.42 Connecting to effbot.org|75.126.217.42|:80... connected. HTTP request sent,awaiting response... 200 OK Length: 498749 (487K) [application/octet-stream] Saving to: “Imaging-1.1.7.tar.gz” 100%[===========================================>] 498,749 67.4K/s in 6.6s 2016-08-08 16:35:25 (74.3 KB/s) - “Imaging-1.1.7.tar.gz” saved [498749/498749] [root@localhost tools]# tar zxvf Imaging-1.1.7.tar.gz [root@localhost tools]# cd Imaging-1.1.7 [root@localhost Imaging-1.1.7]# python setup.py install

（6） 安装ordereddict

@H_301_38@[root@localhost Imaging-1.1.7]# wget https://pypi.python.org/packages/source/o/ordereddict/ordereddict-1.1.tar.gz --2016-08-08 16:37:03-- https://pypi.python.org/packages/source/o/ordereddict/ordereddict-1.1.tar.gz Resolving pypi.python.org... 151.101.16.223,2a04:4e42:4::223 Connecting to pypi.python.org|151.101.16.223|:443... connected. HTTP request sent,awaiting response... 200 OK Length: 2114 (2.1K) [application/octet-stream] Saving to: “ordereddict-1.1.tar.gz” 100%[===========================================>] 2,114 --.-K/s in 0.001s 2016-08-08 16:37:05 (2.28 MB/s) - “ordereddict-1.1.tar.gz” saved [2114/2114] [root@localhost Imaging-1.1.7]# tar -zxvf ordereddict-1.1.tar.gz ordereddict-1.1/ ordereddict-1.1/LICENSE ordereddict-1.1/ordereddict.py ordereddict-1.1/PKG-INFO ordereddict-1.1/setup.py [root@localhost Imaging-1.1.7]# cd ordereddict-1.1 [root@localhost ordereddict-1.1]# python setup.py install running install running build running build_py creating build creating build/lib copying ordereddict.py -> build/lib running install_lib copying build/lib/ordereddict.py -> /usr/lib/python2.6/site-packages byte-compiling /usr/lib/python2.6/site-packages/ordereddict.py to ordereddict.pyc running install_egg_info Writing /usr/lib/python2.6/site-packages/ordereddict-1.1-py2.6.egg-info [root@localhost ordereddict-1.1]#

（7） 安装GateOne

@H_301_38@[root@localhost ~]# wget https://github.com/downloads/liftoff/GateOne/gateone-1.1-1.noarch.rpm --2016-08-08 17:03:56-- https://github.com/downloads/liftoff/GateOne/gateone-1.1-1.noarch.rpm Resolving github.com... 192.30.253.112 Connecting to github.com|192.30.253.112|:443... connected. HTTP request sent,awaiting response... No data received. Retrying. --2016-08-08 17:04:23-- (try: 2) https://github.com/downloads/liftoff/GateOne/gateone-1.1-1.noarch.rpm Connecting to github.com|192.30.253.112|:443... connected. HTTP request sent,awaiting response... 302 Found Location: https://cloud.github.com/downloads/liftoff/GateOne/gateone-1.1-1.noarch.rpm [following] --2016-08-08 17:04:25-- https://cloud.github.com/downloads/liftoff/GateOne/gateone-1.1-1.noarch.rpm Resolving cloud.github.com... 54.182.5.219,54.182.5.245,54.182.5.247,... Connecting to cloud.github.com|54.182.5.219|:443... Failed: Connection refused. Connecting to cloud.github.com|54.182.5.245|:443... Failed: Connection refused. Connecting to cloud.github.com|54.182.5.247|:443... connected. HTTP request sent,awaiting response... 200 OK Length: 11538671 (11M) [audio/pn-realaudio-plugin] Saving to: “gateone-1.1-1.noarch.rpm.1” 100%[===========================================>] 11,538,671 21.1K/s in 9m 6s 2016-08-08 17:14:16 (20.6 KB/s) - “gateone-1.1-1.noarch.rpm.1” saved [11538671/11538671] [root@localhost tools]# rpm -ivh gateone-1.1-1.noarch.rpm Preparing... ########################################### [100%] 1:gateone ########################################### [100%] [root@localhost tools]#

（8） 第一次开启服务

@H_301_38@[root@localhost tools]# cd /opt/ [root@localhost opt]# ls gateone [root@localhost opt]# cd gateone/ [root@localhost gateone]# ls authpam.py gateone.py plugins static tests auth.py i18n README.rst templates utils.py babel_gateone.cfg LICENSE.txt remote_syslog.py terminal.py docs logviewer.py sso.py termio.py [root@localhost gateone]# ./gateone.py Traceback (most recent call last): File "./gateone.py",line 289,in <module> tornado.options.enable_pretty_logging() AttributeError: 'module' object has no attribute 'enable_pretty_logging' [root@localhost gateone]#

启动出现了问题，找了一下，原来是tornado版本不对

@H_301_38@[root@localhost gateone]# python -c "import tornado; print(tornado.version)" 4.4.1 [root@localhost gateone]#

要求是2.4左右的才能运行GateOne的server

@H_301_38@[root@localhost ~]# wget https://pypi.python.org/packages/2d/9a/38e855094bd11cba89cd2a50a54c31019ef4a45785fe12be6aa9a7c633de/tornado-2.4.tar.gz#md5=c738af97c31dd70f41f6726cf0968941 --2016-08-08 17:32:09-- https://pypi.python.org/packages/2d/9a/38e855094bd11cba89cd2a50a54c31019ef4a45785fe12be6aa9a7c633de/tornado-2.4.tar.gz Resolving pypi.python.org... 151.101.16.223,awaiting response... 200 OK Length: 347522 (339K) [application/octet-stream] Saving to: “tornado-2.4.tar.gz” 100%[===========================================>] 347,522 8.51K/s in 34s 2016-08-08 17:32:44 (9.92 KB/s) - “tornado-2.4.tar.gz” saved [347522/347522] [root@localhost ~]# tar zxvf tornado-2.4.tar.gz [root@localhost ~]# cd tornado-2.4 [root@localhost tornado-2.4]# ls demos PKG-INFO runtests.sh setup.py tornado.egg-info MANIFEST.in README setup.cfg tornado [root@localhost tornado-2.4]# python setup.py build [root@localhost tornado-2.4]# python2 setup.py install [root@localhost tornado-2.4]# python -c "import tornado; print(tornado.version)" 2.4 [root@localhost tornado-2.4]#

再次启动

@H_301_38@[root@localhost gateone]# pwd /opt/gateone [root@localhost gateone]# ls authpam.py gateone.py plugins static tests auth.py i18n README.rst templates utils.py babel_gateone.cfg LICENSE.txt remote_syslog.py terminal.py docs logviewer.py sso.py termio.py [root@localhost gateone]# ./gateone.py [I 160808 17:40:22 gateone:2748] /opt/gateone/server.conf not found or missing cookie_secret. A new one will be generated. [I 160808 17:40:22 gateone:2917] Connections to this server will be allowed from the following origins: 'http://localhost https://localhost http://127.0.0.1 https://127.0.0.1 https://localhost https://localhost.localdomain https://localhost4 https://localhost4.localdomain4 https://localhost.localdomain https://localhost6 https://localhost6.localdomain6 https://127.0.0.1 https://127.0.0.1' [I 160808 17:40:22 gateone:2957] No SSL private key found. One will be generated. [I 160808 17:40:22 gateone:2307] No authentication method configured. All users will be ANONYMOUS [I 160808 17:40:22 gateone:2404] Loaded plugins: bookmarks,convenience,example,help,logging,logging_plugin,mobile,notice,playback,ssh [I 160808 17:40:22 gateone:3054] Listening on https://*:443/ [I 160808 17:40:22 gateone:3060] Process running with pid 3728 ^C[I 160808 17:40:26 gateone:3084] Caught KeyboardInterrupt. Killing sessions... [I 160808 17:40:26 gateone:3088] pid file removed. [root@localhost gateone]#

（9） 配置文件
我们Ctrl + c，关闭服务器，然后配置一下配置文件

@H_301_38@[root@localhost gateone]# pwd /opt/gateone [root@localhost gateone]# vi server.conf # -*- coding: utf-8 -*- locale = "en_US" pam_service = "login" syslog_facility = "daemon" syslog_host = None enable_unix_socket = False port = 443 uid = "0" url_prefix = "/" user_dir = "/opt/gateone/users" dtach = True certificate = "certificate.pem" log_to_stderr = False session_logs_max_age = "30d" gid = "0" pid_file = "/var/run/gateone.pid" sso_realm = None cookie_secret = "YjM1NjZmNjhjZTY4NDcwZDljZjdhZTM5ZTJiMGRhNzI5Y" pam_realm = "localhost.localdomain" sso_service = "HTTP" https_redirect = False syslog_session_logging = False disable_ssl = False debug = False session_dir = "/tmp/gateone" auth = "none" address = "" api_timestamp_window = "30s" log_file_num_backups = 10 logging = "info" embedded = False origins = "http://localhost;https://localhost;http://127.0.0.1;https://127.0.0.1;https://localhost;https://localhost.localdomain;https://localhost4;https://localhost4.localdomain4;https://localhost.localdomain;https://localhost6;https://localhost6.localdomain6;https://127.0.0.1;https://127.0.0.1" session_logging = True unix_socket_path = "/var/run/gateone.sock" ssl_auth = "none" log_file_max_size = 104857600 session_timeout = "5d" command = "/opt/gateone/plugins/ssh/scripts/ssh_connect.py -S '/tmp/gateone/%SESSION%/%SHORT_SOCKET%' --sshfp -a '-oUserKnownHostsFile=%USERDIR%/%USER%/ssh/known_hosts'" ca_certs = None js_init = "" keyfile = "keyfile.pem" log_file_prefix = "/opt/gateone/logs/webserver.log"

我们一般修改是的允许访问的IP地址，或者是地址段

@H_301_38@origins = " https://192.168.220.145;http://192.168.220.145;https://192.168.60.216; https://192.168.60.216;http://localhost;https://localhost;http://127.0.0.1;https://127.0.0.1;https://localhost;https://localhost.localdomain;https://localhost4;https://localhost4.localdomain4;https://localhost.localdomain;https://localhost6;https://localhost6.localdomain6;https://127.0.0.1;https://127.0.0.1"

（10） 启动访问

@H_301_38@[root@localhost gateone]# ./gateone.py [I 160809 04:30:16 gateone:2917] Connections to this server will be allowed from the following origins: 'https://192.168.220.145 http://192.168.220.145 https://192.168.60.216 http://192.168.60.216 http://localhost https://localhost http://127.0.0.1 https://127.0.0.1 https://localhost https://localhost.localdomain https://localhost4 https://localhost4.localdomain4 https://localhost.localdomain https://localhost6 https://localhost6.localdomain6 https://127.0.0.1 https://127.0.0.1' [I 160809 04:30:16 gateone:2307] No authentication method configured. All users will be ANONYMOUS [I 160809 04:30:16 gateone:2404] Loaded plugins: bookmarks,ssh [I 160809 04:30:16 gateone:3054] Listening on https://*:443/ [I 160809 04:30:16 gateone:3060] Process running with pid 5377

记得关防火墙和Selinux哦！

@H_301_38@[root@localhost opt]# /etc/init.d/iptables status Table: filter Chain INPUT (policy ACCEPT) num target prot opt source destination 1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 5 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) num target prot opt source destination 1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) num target prot opt source destination [root@localhost opt]# /etc/init.d/iptables stop iptables: Setting chains to policy ACCEPT: filter [ OK ] iptables: Flushing firewall rules: [ OK ] iptables: Unloading modules: [ OK ] [root@localhost opt]# chkconfig iptables off [root@localhost opt]# getenforce Enforcing [root@localhost opt]# setenforce 0 [root@localhost opt]# vi /etc/selinux/config SELINUX=disabled

本地Windows访问：
最好使用火狐浏览器、Google浏览器，在网址栏输入：https://192.168.220.145， ip地址是你的GateOne机器的地址。第一次登录需要添加例外，允许我们的远程主机访问
第一次连接需要证书，我们添加例外，然后将证书添加到网页中，然后确认登录即可。
（11） 登录操作
第一次登录需要登录我们的远程主机，输入ip，端口，登录用户名，密码，即可进行操作。
后台显示效果

@H_301_38@[root@localhost gateone]# ./gateone.py [I 160809 04:30:16 gateone:2917] Connections to this server will be allowed from the following origins: 'https://192.168.220.145 http://192.168.220.145 https://192.168.60.216 http://192.168.60.216 http://localhost https://localhost http://127.0.0.1 https://127.0.0.1 https://localhost https://localhost.localdomain https://localhost4 https://localhost4.localdomain4 https://localhost.localdomain https://localhost6 https://localhost6.localdomain6 https://127.0.0.1 https://127.0.0.1' [I 160809 04:30:16 gateone:2307] No authentication method configured. All users will be ANONYMOUS [I 160809 04:30:16 gateone:2404] Loaded plugins: bookmarks,ssh [I 160809 04:30:16 gateone:3054] Listening on https://*:443/ [I 160809 04:30:16 gateone:3060] Process running with pid 5377 [I 160809 04:30:19 web:1462] 304 GET / (192.168.220.1) 3.91ms [I 160809 04:30:19 web:1462] 304 GET /combined_js (192.168.220.1) 3.50ms [I 160809 04:30:19 web:1462] 304 GET /auth?check=True (192.168.220.1) 0.86ms [I 160809 04:30:19 gateone:1063] WebSocket opened (ANONYMOUS). [I 160809 04:30:21 web:1462] 200 GET /static/ubuntumono-normal.woff (192.168.220.1) 6.98ms [I 160809 04:30:50 web:1462] 200 GET /static/ubuntumono-bold.woff (192.168.220.1) 3.26ms

详细文档请点击此处下载