# JumpServer — Open Source Bastion Host and PAM Platform > JumpServer is an open-source privileged access management (PAM) platform that provides secure access to SSH, RDP, Kubernetes, databases, and web applications through a centralized web interface with auditing and session recording. ## Install Save in your project root: # JumpServer — Open Source Bastion Host and PAM Platform ## Quick Use ```bash # Quick install via official script curl -sSL https://github.com/jumpserver/jumpserver/releases/latest/download/quick_start.sh | bash # Access the web UI at http://your-server:80 # Default credentials: admin / ChangeMe ``` ## Introduction JumpServer is an open-source privileged access management platform built with Python and Django. It acts as a bastion host that centralizes access to servers, databases, Kubernetes clusters, and remote desktops, providing session recording, command filtering, and multi-factor authentication out of the box. ## What JumpServer Does - Provides web-based SSH, RDP, VNC, and Telnet terminal access - Records and replays user sessions for compliance and auditing - Manages database access for MySQL, PostgreSQL, Oracle, and more - Supports Kubernetes cluster access via a web terminal - Enforces role-based access control and approval workflows ## Architecture Overview JumpServer uses a modular architecture with a Django-based core API server, a Go-based KoKo component for SSH/SFTP proxying, a Guacamole-based Lion component for RDP/VNC, and a Magnus component for database proxying. All components communicate through the core API. Session data and audit logs are stored in MySQL or PostgreSQL with Redis for caching. ## Self-Hosting & Configuration - Deploy via Docker Compose or the official quick-start script on Linux - Requires MySQL/MariaDB or PostgreSQL and Redis as backend services - Configure LDAP, OIDC, SAML, or RADIUS for authentication integration - TLS termination can be handled by Nginx or an external load balancer - Supports high-availability deployment with multiple core nodes behind a load balancer ## Key Features - Agentless architecture: no software required on managed assets - Session recording with video playback for SSH and RDP sessions - Command filtering and blocking to prevent dangerous operations - Multi-factor authentication with TOTP, SMS, and hardware token support - Asset discovery and automatic inventory management ## Comparison with Similar Tools - **Teleport** — focuses on zero-trust access; JumpServer provides a more traditional bastion model with richer audit UI - **Apache Guacamole** — clientless remote desktop gateway; JumpServer adds asset management and RBAC on top - **Boundary (HashiCorp)** — identity-based access without session recording; JumpServer includes built-in recording - **StrongDM** — commercial PAM; JumpServer is fully open source with similar core features - **Bastillion** — lightweight SSH bastion; JumpServer covers RDP, databases, and Kubernetes as well ## FAQ **Q: Does JumpServer require agents on managed servers?** A: No. JumpServer connects to assets via standard protocols (SSH, RDP, database clients) without installing any agent. **Q: What databases can JumpServer proxy access to?** A: MySQL, PostgreSQL, MariaDB, Oracle, SQL Server, and Redis are supported through the Magnus component. **Q: Can JumpServer integrate with existing identity providers?** A: Yes. It supports LDAP, Active Directory, OIDC, SAML 2.0, and CAS for single sign-on. **Q: Is JumpServer suitable for production environments?** A: Yes. It is used by organizations worldwide and supports high-availability deployments with clustering. ## Sources - https://github.com/jumpserver/jumpserver - https://www.jumpserver.org --- Source: https://tokrepo.com/en/workflows/asset-8cc16c22 Author: AI Open Source