A Simple, Lightweight, Flexible Bastion Host.

English · 中文(简体)

What is OneTerm

OneTerm is a simple, lightweight and flexible enterprise-class bastion host, designed and developed based on 4A compliant, i.e. Authen, Authorize, Account, and Audit, which ensures the security and compliance of the system through strict access control and monitoring features.

• Product document：https://veops.cn/docs/docs/oneterm/onterm_design
• Preview online：OneTerm
  • username: demo or admin
  • password: 123456
• ATTENTION: branch main may be unstable as the result of continued development, Please use releases to get the latest stable version

Core Feature

• Access control: Acting as an intermediary, OneTerm restricts direct access to critical systems. Users must authenticate through OneTerm before accessing other servers or systems.

• Security audit: OneTerm can record user logins and activities, providing audit logs for investigation in case of security incidents. This ensures that every user's actions are traceable and auditable.

• Jump access to: OneTerm offers a jump host mechanism, allowing users to connect to other internal servers through OneTerm. This helps reduce the risk of exposing internal servers directly to the outside, as only OneTerm needs to be accessible externally.

• Password management: OneTerm can enforce robust password policies and centrally manage passwords through a single entry point. This helps improve the overall system's password security.

• Session recording: OneTerm can record user sessions with servers, which is valuable for monitoring and investigating privileged user activities. In case of security incidents, session recordings can be replayed to understand detailed operations.

• Prevent direct attacks: Since OneTerm is the sole entry point for systems and resources, it can serve as a primary obstacle for attackers. This helps reduce the risk of direct attacks on internal systems.

• Unified access: OneTerm provides a single entry point through which users can access different systems without needing to remember multiple login credentials. This enhances user convenience and work efficiency.

Product Advantage

• Authentication and Authorization: Authentication and Authorization: OneTerm should have a robust and flexible identity authentication and authorization mechanism. This includes supporting multi-factor authentication to ensure that only authorized users can access internal network resources and enabling fine-grained management of user permissions.
• Secure communication: OneTerm supports secure communication protocols and encryption technologies to protect data transmission between users and internal servers. This helps prevent man-in-the-middle attacks and data leakage.
• Audit and monitoring: OneTerm features powerful audit and monitoring capabilities, recording user activities and generating audit logs. This helps trace security incidents, identify potential threats, and meet compliance requirements.
• Remote Management and Session Isolation: OneTerm supports remote management, allowing administrators to securely manage internal servers. Additionally, it should have session isolation functionality to ensure that access between users is isolated from each other, preventing lateral movement attacks.
• Combination with open source CMDB: Oneterm is combined with VE CMDB (which has been open source), users can import assets in CMDB with one click, ensuring easy operation and smooth process.

Tech Stack

• Back-end: Go
• Front-end: Vue.js
• UI component library: Ant Design Vue

Getting started & staying tuned with us

Star us, and you will receive all releases notifications from GitHub without any delay!

Overview

Quick Start

• docker-compose install

  git clone https://github.com/veops/oneterm.git
  cd oneterm
  docker compose up -d

• visit
  • Open your browser and visit: http://127.0.0.1:8666
  • Username: admin
  • Password: 123456

Contributing

We welcome all developers to contribute code to improve and extend this project. Please read our contribution guidelines first. Additionally, you can support Veops open source through social media, events, and sharing.

More Open Source

• CMDB: Simple, lightweight, and versatile operational CMDB
• ACL: A general permission control management system.
• messenger: A simple and lightweight message sending service.

Community

• Email: [email protected]
• WeChat official account: Welcome to follow our WeChat official account and join our group channels