How to Deploy and Use JumpServer for Secure Remote Access on Linux

1. Introduction

JumpServer provides a secure way for operations, development, and testing personnel to access internal servers from the Internet, offering permission management, user management, and session replay, unlike OpenVPN which lacks activity logging.

2. JumpServer Architecture

3. Server Installation

Environment

Three hosts are prepared:

node01 – JumpServer web

node02 – MariaDB/Redis

MariaDB on node02

# cat /etc/yum.repos.d/mariadb.repo
[mariadb]
name=mariadb repo
baseurl=https://mirrors.tuna.tsinghua.edu.cn/mariadb//mariadb-10.1.46/yum/centos/7/x86_64/
gpgcheck=0

# yum install -y MariaDB-server

# mysql -ujumpserver -padmin123.com -h192.168.0.42
CREATE DATABASE jumpserver DEFAULT CHARSET='utf8' COLLATE 'utf8_bin';
GRANT ALL ON jumpserver.* TO 'jumpserver'@'%' IDENTIFIED BY 'admin123.com';
FLUSH PRIVILEGES;

Redis on node02

# yum -y install redis
# grep -Ei "^(bind|requirepass)" /etc/redis.conf
bind 0.0.0.0
requirepass admin123.com

Docker on node01

# cat /etc/yum.repos.d/docker-ce.repo
[docker-ce-stable]
name=Docker CE Stable - $basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/$basearch/stable
enabled=1
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg

# yum install -y docker-ce
# systemctl start docker
# docker info

# cat /etc/docker/daemon.json
{
  "registry-mirrors": ["https://registry.docker-cn.com","https://cyr1uljt.mirror.aliyuncs.com"]
}

# systemctl restart docker

Pull JumpServer image

# docker pull jumpserver/jms_all:v2.4.0

Generate SECRET_KEY and BOOTSTRAP_TOKEN

# cat key_gen.sh
#!/bin/bash
if [ -z "$SECRET_KEY" ]; then
  SECRET_KEY=$(cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50)
  echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc
  echo $SECRET_KEY
else
  echo $SECRET_KEY
fi
if [ -z "$BOOTSTRAP_TOKEN" ]; then
  BOOTSTRAP_TOKEN=$(cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16)
  echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc
  echo $BOOTSTRAP_TOKEN
else
  echo $BOOTSTRAP_TOKEN
fi

# bash key_gen.sh
wIUaeZtCbtTNUDL9igEIImALjjaMo9ygPwfMWmPZcyWD0c3K9Q
Lx15DW9xDxqOkiCq

Create data directory

# mkdir -p /data/jumpserver/

Run JumpServer container

# docker run --name jms_all -d \
  -v /data/jumpserver/:/opt/jumpserver/data \
  -p 80:80 -p 2222:2222 \
  -e SECRET_KEY=wIUaeZtCbtTNUDL9igEIImALjjaMo9ygPwfMWmPZcyWD0c3K9Q \
  -e BOOTSTRAP_TOKEN=Lx15DW9xDxqOkiCq \
  -e DB_HOST=192.168.0.42 \
  -e DB_PORT=3306 \
  -e DB_USER=jumpserver \
  -e DB_PASSWORD=admin123.com \
  -e DB_NAME=jumpserver \
  -e REDIS_HOST=192.168.0.42 \
  -e REDIS_PORT=6379 \
  -e REDIS_PASSWORD=admin123.com \
  --privileged=true \
  jumpserver/jms_all:v2.4.0

The container starts and listens on ports 80 (web UI) and 2222 (SSH).

4. Using JumpServer

Access the UI via the host’s IP address; default credentials are admin/admin. After first login, reset the password.

Configure the system URL and email settings under “Basic Settings”. Add email server credentials to enable password reset emails.

Create users, groups, and assign them to assets. Define management users for each asset (e.g., root or a sudo‑enabled user) so JumpServer can push system users and retrieve host information.

After assets and permissions are set, users can log in to JumpServer, see their authorized resources, and initiate SSH sessions. Session replay is available via “Session Management → History Sessions”.