{"id":36732481,"url":"https://github.com/xops-infra/jms","last_synced_at":"2026-01-12T12:14:45.660Z","repository":{"id":194770707,"uuid":"691354196","full_name":"xops-infra/jms","owner":"xops-infra","description":"JuMpServer(jms) 是一款功能齐全的轻量级跳板机服务器，解决 linux 云服务器授权连接场景，还附带一些小功能。","archived":false,"fork":false,"pushed_at":"2025-06-18T07:54:30.000Z","size":1074,"stargazers_count":12,"open_issues_count":5,"forks_count":1,"subscribers_count":1,"default_branch":"dev","last_synced_at":"2025-08-31T09:33:08.971Z","etag":null,"topics":["jumpserver","proxy","scp","ssh"],"latest_commit_sha":null,"homepage":"https://www.yuque.com/motobox/jms","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/xops-infra.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2023-09-14T02:32:05.000Z","updated_at":"2025-06-20T02:54:09.000Z","dependencies_parsed_at":"2023-09-15T03:23:39.270Z","dependency_job_id":"be6eb2aa-71a5-4629-8255-7e8bdff1bdce","html_url":"https://github.com/xops-infra/jms","commit_stats":null,"previous_names":["patsnapops/jms","xops-infra/jms"],"tags_count":4,"template":false,"template_full_name":null,"purl":"pkg:github/xops-infra/jms","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xops-infra%2Fjms","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xops-infra%2Fjms/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xops-infra%2Fjms/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xops-infra%2Fjms/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/xops-infra","download_url":"https://codeload.github.com/xops-infra/jms/tar.gz/refs/heads/dev","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xops-infra%2Fjms/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28338975,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-12T10:58:46.209Z","status":"ssl_error","status_checked_at":"2026-01-12T10:58:42.742Z","response_time":98,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["jumpserver","proxy","scp","ssh"],"created_at":"2026-01-12T12:14:45.604Z","updated_at":"2026-01-12T12:14:45.653Z","avatar_url":"https://github.com/xops-infra.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"## 1. 简介\n\n`jms`是一款轻量级的云服务器链接工具，\n\n- 登录认证方式\n  1. 支持 ldap 登录认证；\n  2. 数据库用户认证；\n  3. 默认 jms/jms 用户认证；\n- 支持多云服务器资产自动发现\n  1. aws\n  2. tencent\n- 支持权限管理\n  1. 基于用户组的权限管理；\n  2. 基于机器标签的权限管理；\n  3. [设计文档](https://www.yuque.com/motobox/enpuok/tzshwswnr7dhh6xp)\n- 支持审批功能；\n  1. jms 内置审批功能（普通用户 cli 发起，admin 用户 可以在 cli 审批）；\n  2. 钉钉审批功能；\n- 支持文件上传下载；\n- 支持 Proxy 功能；\n- 支持审计功能：\n  1. 支持操作日志回放功能，文本文件方式记录标准输入输出；\n  2. 支持文件上传下载行为入表 `record_scp`；\n  3. 支持服务器登录行为入表 `record_ssh_login`；\n- 支持服务器 SSH 可以连接性异常钉钉告警；\n- 支持批脚本执行；\n  1. 支持选定服务器；\n  2. 支持定时任务反复执行；\n  3. 支持接口任务执行结果，入参支持任务，或者某个服务器所有的执行历史；\n  4. 执行状态，包括 \"Pending\", \"Running\", \"Success\", \"Failed\", \"NotAllSuccess\", \"Cancelled\"\n- 支持设置全局通知功能；\n\n## 2. 部署手册\n\n- 准备工作：\n\n  - （必须）云账号 AKSK（需要服务器查询权限）；\n  - （必须）配置文件 `config.yml`，[配置介绍](config.yaml)；\n  - （可选）ldap 认证账号；\n  - （可选）钉钉审批；\n\n- 启动 Server\n\n  ```bash\n  # 启动命令介绍\n  $ jms sshd -h\n  start sshd server as proxy server\n\n  Usage:\n    jms sshd [flags]\n\n  Flags:\n    -h, --help             help for sshd\n        --log-dir string   log dir (default \"/opt/jms/logs/\")\n        --port int         ssh port (default 22222)\n        --timeout int      ssh timeout (default 1800)\n\n  Global Flags:\n    -c, --config string   config file (default is /opt/jms/config.yaml) (default \"/opt/jms/config.yaml\")\n    -d, --debug           debug mode\n\n  # 启动\n  $ jms sshd --port 22222 --timeout 1800 --log-dir /opt/jms/logs/ --config ./config.yaml\n\n  2024-04-28T20:52:59.706+0800    INFO    cmd/sshd.go:41  config file: /opt/jms/config.yaml\n  2024-04-28T20:53:06.102+0800    INFO    cmd/sshd.go:74  enable policy\n  2024-04-28T20:53:06.104+0800    INFO    instance/server.go:34   get instances profile: tencent-xxx region: ap-beijing\n  2024-04-28T20:53:16.613+0800    INFO    cmd/sshd.go:114 starting ssh server on port 22222 timeout 1800...\n\n\n  ```\n\n- 启动 API 管理接口\n\n  为了配合权限、用户、Key、云账号等信息的管理，提供了 API 管理接口，可以通过 API 方式管理 Key 和云账号 Profile。\n\n  ```bash\n  # 启动命令介绍\n  $ jms api -h\n  api server for jms, must withDB\n          swagger url: http://localhost:8013/swagger/index.html\n\n  Usage:\n    jms api [flags]\n\n  Flags:\n    -h, --help             help for api\n        --log-dir string   log dir (default \"/opt/jms/logs/\")\n        --port int         api port (default 8013)\n\n  Global Flags:\n    -c, --config string   config file (default is /opt/jms/config.yaml) (default \"/opt/jms/config.yaml\")\n    -d, --debug           debug mode\n\n  # 启动后可以通过 http://localhost:8013/swagger/index.html 查看 API 文档\n  ```\n\n- 客户端连接和使用\n\n  ```bash\n  # 连接测试 默认config.yaml 没有使用ladp也没有使用数据库认证，默认用户密码 jms/jms\n  $ ssh -p 22222 jms@localhost\n  # 这里可以看到连接成功后的提示信息，且可连接的服务器数量为 0，因为没有配置云账号信息。\n\n  # 配置免密登录，需要启用数据库或者 ladp 认证后才能实现\n  # ssh-copy-id -p 22222 登录用户@jms域名\n  $ ssh-copy-id -p 22222 zhoushoujian@localhost\n\n  # 文件传输\n  # 上传 scp -P 22222 本地文件  登录用户@jms域名:远端服务器用户@远端服务器IP地址:远端服务器文件路径\n  $ scp -P 22222 ./README.md  zhoushoujian@localhost:ec2-user@192.168.1.1:/tmp/README1.md\n  README.md                                     100% 2506     2.9KB/s   00:00\n  # 下载 scp -P 22222 登录用户@jms域名:远端服务器用户@远端服务器IP地址:远端服务器文件路径 本地文件\n  $ scp -P 22222 zhoushoujian@localhost:ec2-user@192.168.1.1:/tmp/README1.md /tmp/README.md\n  README1.md                                    100% 2506     1.8MB/s   00:00\n\n  ```\n\n- 更多启动方式\n\n  ```bash\n  # docker启动\n  $ docker run -dit -v ./config.yaml:/opt/jms/config.yaml -p 22222:22222 --name jms zhoushoujian/jms:latest\n\n  # docker-compose 启动\n  $ docker-compose up -d\n\n  # k8s 部署，完善好 configmap配置后，直接部署即可\n  $ kubectl apply -f statefulset.yaml -n jms --create-namespace\n  ```\n\n## 3. 开发计划\n\n- v2 版本拆分组件支持分布式部署，拆分后的组件都是单机部署的支持容灾，sshd 多节点部署防止挂掉全部中断；\n- 优化文件传输方式，支持 scp 后文件选择传输，简化传输命令；\n\n## 4. 开发日志\n\n- 2025-01\n\n  - feat: 支持 scp 临时目录放到 app.App.Config.WithVideo.Dir 共用清理策略，否则还放 /tmp 由系统清理。\n\n- 2024-12\n\n  - feat: 支持人工修改服务资产登录用户密码(必须同时配置 user和passwd, 默认 user 为 root，否则不生效)而不是 KEY，并且刷新资产也能保留修改后的数据库配置\n\n- 2024-11\n\n  - refactor: 重构代码结构，拆分服务器入库，解耦 sdk 查询内存不释放问题；\n  - feat:支持上传下载权限判断。\n\n- 2024-09\n\n  - feat: 支持使用 JMS_DINGTALK_WEB_HOOK_TOKEN 配置 runshell 任务发送钉钉消息；\n\n- 2024-07\n\n  - feat: 支持权限数据 Load 在内存，降低数据库 IO；\n  - feat: 支持机器标签 KV 方式过滤而不是制定 team 和 envtype；\n  - feat: 支持未被托管机器的可见但是报错，方便快速定位机器\n  - feat: 审计增加实例 ID， 增加分钟级时间查询粒度，可作为准实时监控；\n\n- 2024-06\n\n  - feat: 支持本地配置链接机器\n  - feat: 增加 aduit api 接口，支持查询审计日志；\n  - feat: 增加连接数据库表同步到目标数据库表功能；\n\n- 2024-05\n\n  - refactor: 重构权限设计；\n  - feat: 新增 shell task 功能，支持提交脚本任务执行，并支持查询任务执行结果；\n\n- 2024-04\n\n  - feat: 支持 API 方式管理 KEY 和云账号 Profile\n  - feat: 增加数据库 Record 表，记录上传下载和服务器登录日志\n  - feat: 支持数据库热加载配置，支持 API 操作 Key,Profile,Proxy；\n  - feat: 支持服务器按名称排序；\n  - feat: 支持密钥本地和数据库入库认证；\n\n- 2024-01\n\n  - feat: 支持钉钉审批功能：\n  - feat: 支持 audit 日志定时清理\n  - feat: 支持服务器标签 EnvType !不等于的匹配规则\n\n- 2023-12\n\n  - feat: 增加 API 管理；\n  - chore: 优化交互界面；\n  - feat:支持会话超时退出功能；\n  - feat: 支持基于 sqlite 的独立审批功能；\n\n- 2023-11\n\n  - 支持监控机器连接性告警功能；\n  - 支持 scp 复制功能；\n  - 支持配置热更新；\n\n- 2023-10\n\n  - 支持 ssh-copy-id 设置，并通过密钥验证登录；\n\n- 2023-09\n\n  - 支持输入过滤功能；\n  - 支持设置策略，只能看到授权的资产；\n  - 增加录像功能；\n\n- 2023-08\n\n  - 基本功能上线\n  - 增加资产分类，基于账号和区域\n  - 增加 ldap 认证功能\n\n## 5. 特别感谢\n\n- [TNK-Studio/gortal](https://github.com/TNK-Studio/gortal.git)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fxops-infra%2Fjms","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fxops-infra%2Fjms","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fxops-infra%2Fjms/lists"}