On September 25, 2023, the JumpServer open source bastion host officially released version v3.7.0. In this version, at the user management level, in order to improve the efficiency of using JumpServer to operate assets, JumpServer supports split-screen operation of sessions. Users can open multiple sessions on one browser page to facilitate comparison operations and batch batch operations. View the command execution results in real time. Added "Personal Settings" function to support personalized configuration of Luna and KoKo component service functions.
At the same time, new support for Passkey user authentication method is added, allowing users to log in to JumpServer more securely and conveniently. In addition, the "Job Center" function supports batch command operations on network devices. Users can check the number of connected RDP protocol accounts on the Web terminal page. The Web terminal page has new command selection, execution and saving functions.
At the administrator level, auditors are supported to view online user information. Administrators can view the currently globally locked IPs on the "System Settings" page and can unlock them. The Traceroute tool has been added to the "System Tools" page, and the Telnet and Ping tools have been optimized to support detection of multiple IPs, making it easier and faster to obtain detection results.
new features
1. Asset connection supports session split-screen display
In JumpServer v3.7.0, asset connections support session split-screen display. Users can open multiple sessions in one browser interface and view the execution results of batch commands in real time, which facilitates users to compare the content in the sessions and further improves operational efficiency (currently, a single session supports up to 4 split screens) .
▲Figure 1 Asset connection supports split-screen display
2. Added "Personal Settings" function
In JumpServer v3.7.0, JumpServer supports users to perform personalized configuration of Luna and KoKo component service functions on the "Personal Information" page.
▲Figure 2 Added “Personal Settings” function
3. Added Passkey user authentication method
In JumpServer v3.7.0, JumpServer supports users to log in to the bastion host using Passkey mode. Depending on the current device hardware configuration, users can use multiple methods for login authentication (such as PIN, fingerprint, face recognition, etc.). In this way, users can log in to the JumpServer bastion machine in a safer and more convenient way.
▲Figure 3 New Passkey user authentication method (system settings opening page)
▲Figure 4 New Passkey user authentication method (personal configuration page)
4. Network devices support batch command execution
In JumpServer v3.7.0, the "Job Center" function supports batch command operations on network devices, improving users' operating efficiency for the same commands.
5. Support viewing online user information
In JumpServer v3.7.0, auditors can view currently logged-in user information on the "Audit Desk" → "Online Users" page, and can control users to "go offline".
▲Figure 5 supports viewing online user information
6. MySQL database supports SSL connection (Web GUI connection method, Chen component)
In JumpServer v3.7.0, JumpServer supports connecting to the MySQL database with SSL authentication turned on. Currently, it only supports connection through the Web GUI.
▲Figure 6 MySQL database supports SSL connection (Web GUI connection method, Chen component)
7. Administrators can view and unlock globally restricted IP addresses.
In JumpServer v3.7.0, administrators can view IPs that are globally restricted for login and unlock them by selecting "System Settings" → "Security Settings" and selecting the "Login Restrictions" option in the submenu.
▲Figure 7 Administrators can view and unlock globally restricted IPs.
8. System tools Telnet and Ping support batch testing, and the new Traceroute tool is added
In JumpServer v3.7.0, select "System Settings" → "System Tools" and you can see that the system has added a Traceroute (i.e. route analysis) tool and supports the use of Telnet and Ping tools for batch testing. Administrators can perform simple tool operations on the web page to facilitate troubleshooting issues related to the bastion host.
▲Figure 8 System tools Telnet and Ping support batch testing, and the Traceroute tool is added
9. Announcement content supports Markdown syntax
In JumpServer v3.7.0, JumpServer has optimized the content format of announcements and supports Markdown syntax. Announcements published using Markdown syntax can better display announcement content.
▲Figure 9 Announcement content supports Markdown syntax
10. The Web terminal page supports viewing the number of connected RDP protocol accounts
In JumpServer v3.7.0, for RDP protocol assets, the number of users currently connected to the asset will be displayed on the "Connect" button to facilitate users to understand the usage of the asset.
▲Figure 10 The Web terminal page supports viewing the number of connected RDP protocol accounts
11. New command selection, execution and saving functions on the Web terminal page
In JumpServer v3.7.0, when users use the Web GUI to connect to the database, they can select to execute some SQL commands and save the SQL commands in the query panel for further execution next time.
▲Figure 11 New command selection, execution and saving functions on the Web terminal page (client login operation interface)
▲Figure 12 New command selection, execution and saving functions on the Web terminal page (run the saved SQL command)
Function optimization
■ Optimize Elasticsearch operation and support writing data stream (KoKo component), thanks to @BoringCat ( https://github.com/BoringCat ) for his contribution;
■ Database Web CLI/CLI connection mode returns;
■ When connecting to JumpServer through the SSH command line, the account list is sorted by user name;
■ Optimize the problem of file upload and renaming, and support configuring policies in the "Personal Settings" page;
■ Redis-CLI command connection supports Chinese display;
■ When the ciphertext type in the "Account Template" page is password and SSH key, you can set the "Cryptotext Policy";
■ When creating assets, support automatically setting designated nodes;
■ Optimize the default role settings when creating users;
■ Optimize the "Auto Push" option to be hidden when the Windows asset account key type is SSH-Key;
■ Optimize the user and asset fields of the session list and support click-to-jump;
■ Optimize the problem that after users and assets are selected on the "Asset Authorization" page, repeated selections can be made in the drop-down menu options;
■ Optimize the layout of the mobile version of the login page;
■ The "#" character is not allowed in the Elasticsearch field "host";
■ After the bastion machine deletes a user, the release opportunity will be synchronized to delete the corresponding account information in the machine regularly;
■ Optimize the publishing machine scheduling strategy to avoid multiple dispatches to the same publishing machine;
■ Optimize the platform ID field permission to "read and write" to solve the problem of the platform being unable to import updates in batches;
■ The optimization platform supports search and filtering by categories and types;
■ Optimize network equipment to enable automation functions by default;
■ Add some field indexes to the log-related table structure to improve query speed;
■ Viewing and downloading video recordings are recorded in the operation log;
■ The "Account Template" module supports setting the automatic push function;
■ Optimize the problem that administrators are not allowed to modify their roles;
■ When optimizing the connection to the PostgreSQL database, the Chen component will automatically and dynamically load the corresponding driver library;
■ Optimize the domain character identification support format for domain account login (domain\username, username@domain) (Lion component);
■ Database command review supports displaying the number of affected rows of SQL (Chen component) (included in the X-Pack enhancement package);
■ Add driver identification to SQL Server database to solve the problem of database connection failure in different versions (included in X-Pack enhancement package).
Bug fixes
■ Fixed the problem of supporting default port 443 when connecting to Kubernetes through a network domain. Thanks to @hoilc ( https://github.com/hoilc ) for his contribution;
■ Fixed the issue where the KoKo component obtains the wrong SFTP path, thanks to @hoilc ( https://github.com/hoilc ) for his contribution;
■ Fix the issue of file access permissions (Vulnerability number: CVE-2023-42442, vulnerability details: https://github.com/jumpserver/jumpserver/security/advisories/GHSA-633x-3f4f-v9rw );
■ Fixed the problem of date format display and long type precision loss when connecting to the database through Web GUI (Chen component);
■ Fix the problem of user SSH public key authentication (KoKo component);
■ Fixed the problem of command filtering and interception failure during Telnet connection of Cisco switches (KoKo component);
■ Fixed the problem of session connection failure and blocking, resulting in the session being unable to end (KoKo component);
■ Fixed the problem of unable to log in due to not remembering password on Luna page;
■ Fixed the problem that login asset control will take effect globally;
■ Fixed the problem of CAS user login failure;
■ Fixed the problem that the QR code for users to bind MFA OTP was not displayed;
■ Fixed the problem that authenticated users cannot log in when upgrading the dependency package SAML2 and failing to obtain the certificate;
■ Fixed the problem of not filling in the user when creating a session sharing, resulting in an error;
■ Fixed the problem that account key verification does not support "{%" characters;
■ Fixed the issue where the host name containing "[" characters caused Ansible task execution errors;
■ Fixed the problem that after the work order auditor modified the applied assets, the original applied assets were still authorized (included in the X-Pack enhancement package);
■ Fixed the problem of SQL Server database account push and password change failure (included in X-Pack enhancement package);
■ Fixed the problem that the Azure cloud platform cannot synchronize assets (in the X-Pack enhancement package);
■ Fixed the problem that all resources in cloud synchronization do not execute the synchronization policy (included in the X-Pack enhancement package);
■ Fixed the problem that after turning on the "Only existing users" login setting, Enterprise WeChat scans and logs in users who do not exist, but the login is successful (in the X-Pack enhancement package);
■ Fixed the problem that nodes cannot be expanded under the SYSTEM organization on the Luna page (in the X-Pack enhancement package).
Lei Jun: The official version of Xiaomi's new operating system ThePaper OS has been packaged. The pop-up window on the lottery page of Gome App insults its founder. Ubuntu 23.10 is officially released. You might as well take advantage of Friday to upgrade! Ubuntu 23.10 release episode: The ISO image was urgently "recalled" due to containing hate speech. A 23-year-old PhD student fixed the 22-year-old "ghost bug" in Firefox. RustDesk remote desktop 1.2.3 was released, enhanced Wayland to support TiDB 7.4 Release: Official Compatible with MySQL 8.0. After unplugging the Logitech USB receiver, the Linux kernel crashed. The master used Scratch to rub the RISC-V simulator and successfully ran the Linux kernel. JetBrains launched Writerside, a tool for creating technical documents.