Introduction
Let me introduce OneTerm, an open-source web-based bastion host built with Go and Vue, designed around the 4A principles: Authentication, Authorization, Account, and Audit.
In modern IT operations, a bastion host is a critical security gateway. It sits between internal and external networks, acting as the single entry point for all access, handling unified authentication, authorization, and auditing. Bastion hosts not only prevent unauthorized access but also record and trace all operational activities, ensuring security and compliance.
By centralizing account management, permissions, and operation auditing, bastion hosts solve the problems of scattered accounts, chaotic permissions, and untraceable actions in traditional operations. This greatly enhances both security and operational efficiency.
Previously, OneTerm only provided core bastion host features. Over the past few months, I dedicated most of my time to this project, collecting feedback from friends and the community, and iteratively refactoring and improving it. After about three months of on-and-off development, OneTerm is now feature-rich, with significant improvements in user experience and performance.
GitHub: https://github.com/veops/oneterm
If you find it useful, please give us a Star ⭐️. Your Star is the greatest encouragement to us.
What's New
WorkStation
- Completely redesigned UI with improved interaction details and real-time status updates for assets and terminals.
- New sidebar for quick access to productivity tools:
- Fullscreen Mode: Focus on your current workspace with one click.
- Recent Sessions: View and switch between recent session logins.
- Batch Execution: Run commands across multiple assets simultaneously.
- Display Settings: Customize terminal and remote desktop appearance.
- Theme Settings: 100+ built-in terminal themes, switchable with one click.
- Quick Commands: Predefine frequently used commands for one-click execution.
- File Management: Visual file management for SSH and RDP sessions.
- Clipboard: Easily copy and paste content in remote desktop sessions.
- Resolution Settings: Flexible remote desktop resolution options.
- Asset Sharing: Instantly create temporary connections for asset sharing.
Multi-Protocol Support
New support for Database and Web protocols:
| Protocol | Authentication | Session Recording | File Transfer | Multi-User |
|---|---|---|---|---|
| SSH | Password/Key | ✅ | ✅ | ✅ |
| RDP | Password | ✅ | ✅ | ✅ |
| VNC | Password | ✅ | ❌ | ✅ |
| Telnet | Password | ✅ | ✅ | ✅ |
| Redis | Password | ✅ | ❌ | ✅ |
| MySQL | Password | ✅ | ❌ | ✅ |
| MongoDB | Password | ✅ | ❌ | ✅ |
| PostgreSQL | Password | ✅ | ❌ | ✅ |
| HTTP/HTTPS | Password | ❌ | ✅ | ✅ |
Terminal UI & Command Interaction Improvements
OneTerm supports SSH login, so you can use your favorite terminal tools (like Xshell, MobaXterm, etc.) to connect via SSH. The terminal UI and interactions have been greatly improved, with new themes, command suggestions, and quick command features to make asset switching and operations more efficient.
Access Control Redesign
- Completely redesigned access control system, supporting nodes, assets, and accounts with six types of permissions (connect, share, upload, download, copy, paste).
- Flexible security policies with time templates (multi-timezone, multi-period), command templates, and IP whitelisting.
- New "Resource Management - Access Control" module, including access authorization, command interception, and access time management.
Access Authorization
Centralized management of access permissions for all nodes, assets, and accounts. Supports batch authorization and quick configuration, with all permissions displayed in one place.
Command Interception
- Configure interception rules for individual commands or templates.
- Automatically block high-risk or sensitive commands based on rules, preventing misoperations and risky behavior.
Access Time Management
Manage time templates for access authorization, supporting flexible multi-timezone and multi-period configurations.
System Settings
- New system settings module for default configurations:
- Public Key: For passwordless SSH login to the bastion host.
- Quick Commands: Predefine commands for one-click execution in terminal or batch mode.
- Terminal Display: Customize font, theme, resolution, and more.
- Access Control: Set default access control policies.
- Storage Settings: Configure session recording storage for easy cleanup, archiving, and management.
- Tip: All sessions in OneTerm are recorded for playback and auditing—who did what, when, and where is fully traceable.
Conclusion
In addition to the above features, OneTerm has undergone significant performance optimizations and code refactoring. For more details, check out the latest CHANGELOG.
If you have any questions or suggestions—whether about features, documentation, or user experience—please feel free to reach out or open an issue! Let’s work together to make OneTerm
Top comments (0)