OneTerm: An Enhanced Open-Source Bastion Host for Secure IT Operations
OneTerm, an open-source, web-based bastion host developed using Go and Vue, has recently received significant updates, strengthening its position as a robust security gateway for modern IT environments. Built on the core principles of Authentication, Authorization, Account, and Audit (4A), OneTerm aims to centralize and secure access to critical systems, offering comprehensive control and traceability.
Bastion hosts are indispensable in contemporary IT operations, serving as the sole secure entry point between internal and external networks. They consolidate identity verification, access permissions, and activity logging, thereby preventing unauthorized intrusions and meticulously documenting all operational tasks for security and compliance. By streamlining account management, permission structures, and audit trails, OneTerm addresses the common challenges of fragmented accounts, ambiguous permissions, and untraceable actions, significantly boosting both security posture and operational efficiency.
Following extensive community feedback and dedicated development efforts over the past three months, OneTerm has evolved beyond its initial core functionalities. The latest release introduces a wealth of new features, along with notable improvements in user experience and overall performance. The project’s source code is openly available on GitHub for community engagement and contribution.
Key Enhancements and New Features
The recent updates bring a host of improvements across various modules, making OneTerm even more versatile and user-friendly.
Revamped WorkStation Experience
The WorkStation module boasts a completely redesigned user interface, featuring enhanced interaction details and real-time status updates for assets and active terminal sessions. A new sidebar provides quick access to a suite of productivity tools:
- Fullscreen Mode: Maximizes workspace focus.
- Recent Sessions: Offers quick switching between active sessions.
- Batch Execution: Enables simultaneous command execution across multiple assets.
- Display Settings: Customizes terminal and remote desktop aesthetics.
- Theme Settings: Provides over 100 integrated terminal themes.
- Quick Commands: Stores and executes frequently used commands instantly.
- File Management: Visual interface for SSH and RDP file transfers.
- Clipboard: Facilitates easy copy-paste in remote desktop environments.
- Resolution Settings: Flexible options for remote desktop display.
- Asset Sharing: Allows instant creation of temporary connections for collaborative access.
Expanded Multi-Protocol Support
OneTerm now supports a wider range of protocols, extending its utility to database and web access:
| Protocol | Authentication | Session Recording | File Transfer | Multi-User |
|---|---|---|---|---|
| SSH | Password/Key | ✅ | ✅ | ✅ |
| RDP | Password | ✅ | ✅ | ✅ |
| VNC | Password | ✅ | ❌ | ✅ |
| Telnet | Password | ✅ | ✅ | ✅ |
| Redis | Password | ✅ | ❌ | ✅ |
| MySQL | Password | ✅ | ❌ | ✅ |
| MongoDB | Password | ✅ | ❌ | ✅ |
| PostgreSQL | Password | ✅ | ❌ | ✅ |
| HTTP/HTTPS | Password | ❌ | ✅ | ✅ |
Enhanced Terminal UI and Command Interaction
OneTerm’s SSH login capabilities allow integration with popular third-party terminal tools like Xshell and MobaXterm. The terminal’s user interface and interaction model have been significantly refined, introducing new themes, intelligent command suggestions, and quick command features to streamline asset management and operations.
Redesigned Access Control System
The access control system has been completely overhauled, offering granular control over nodes, assets, and accounts. It supports six distinct permission types: connect, share, upload, download, copy, and paste. The system also features flexible security policies, including time-based templates (supporting multi-timezone and multi-period configurations), command templates, and IP whitelisting.
The new “Resource Management – Access Control” module incorporates:
- Access Authorization: Centralized management and batch configuration of access permissions across all resources, with an intuitive consolidated view.
- Command Interception: Configurable rules for intercepting individual commands or command templates, proactively blocking high-risk or sensitive commands to prevent operational errors and mitigate security risks.
- Access Time Management: Tools to define and manage time templates for access authorizations, enabling precise control over when resources can be accessed.
Comprehensive System Settings
A new system settings module allows administrators to configure default parameters for various OneTerm functionalities:
- Public Key Management: Facilitates passwordless SSH login to the bastion host.
- Quick Commands: Defines global quick commands for terminal or batch execution.
- Terminal Display: Customizes font, theme, resolution, and other display preferences.
- Access Control: Sets default access control policies.
- Storage Settings: Configures session recording storage, enabling efficient cleanup, archiving, and management of audit logs. All sessions within OneTerm are recorded, providing full traceability of actions (who, what, when, where) for auditing purposes.
Conclusion
Beyond these prominent features, OneTerm has undergone extensive performance optimizations and internal code refactoring, detailed further in the project’s CHANGELOG. The development team actively encourages users to provide feedback, whether concerning features, documentation, or user experience, to collectively advance OneTerm’s capabilities.