loongson/pypi/: webssh-1.5.3 metadata and description

Homepage Simple index

Web based ssh client

author Shengdun Hua
author_email webmaster0115@gmail.com
  • Programming Language :: Python
  • Programming Language :: Python :: 2
  • Programming Language :: Python :: 2.7
  • Programming Language :: Python :: 3
  • Programming Language :: Python :: 3.4
  • Programming Language :: Python :: 3.5
  • Programming Language :: Python :: 3.6
  • Programming Language :: Python :: 3.7
  • Programming Language :: Python :: 3.8
license MIT
  • tornado (>=4.5.0)
  • paramiko (>=2.3.1)

Because this project isn't in the mirror_whitelist, no releases from root/pypi are included.

File Tox results History
159 KB
Python Wheel

Build Status codecov PyPI - Python Version PyPI


A simple web application to be used as an ssh client to connect to your ssh servers. It is written in Python, base on tornado, paramiko and xterm.js.


  • SSH password authentication supported, including empty password.
  • SSH public-key authentication supported, including DSA RSA ECDSA Ed25519 keys.
  • Encrypted keys supported.
  • Two-Factor Authentication (time-based one-time password) supported.
  • Fullscreen terminal supported.
  • Terminal window resizable.
  • Auto detect the ssh server’s default encoding.
  • Modern browsers including Chrome, Firefox, Safari, Edge, Opera supported.


Login Terminal

How it works

+---------+     http     +--------+    ssh    +-----------+
| browser | <==========> | webssh | <=======> | ssh server|
+---------+   websocket  +--------+    ssh    +-----------+


  • Python 2.7/3.4+


  1. Install this app, run command pip install webssh
  2. Start a webserver, run command wssh
  3. Open your browser, navigate to
  4. Input your data, submit the form.

Server options

# start a http server with specified listen address and listen port
wssh --address='' --port=8000

# start a https server, certfile and keyfile must be passed
wssh --certfile='/path/to/cert.crt' --keyfile='/path/to/cert.key'

# missing host key policy
wssh --policy=reject

# logging level
wssh --logging=debug

# log to file
wssh --log-file-prefix=main.log

# more options
wssh --help

Browser console

// connect to your ssh server
wssh.connect(hostname, port, username, password, privatekey, passphrase, totp);

// pass an object to wssh.connect
var opts = {
  hostname: 'hostname',
  port: 'port',
  username: 'username',
  password: 'password',
  privatekey: 'the private key text',
  passphrase: 'passphrase',
  totp: 'totp'

// without an argument, wssh will use the form data to connect

// set a new encoding for client to use

// reset encoding to use the default one

// send a command to the server
wssh.send('ls -l');

Custom Font

To use custom font, put your font file in the directory webssh/static/css/fonts/ and restart the server.

URL Arguments

Support passing arguments by url (query or fragment) like following examples:

Passing form data (password must be encoded in base64, privatekey not supported)


Passing a terminal background color


Passing a user defined title


Passing an encoding


Passing a command executed right after login


Passing a terminal type


Use Docker

Start up the app

docker-compose up

Tear down the app

docker-compose down



pip install pytest pytest-cov codecov flake8 mock

Use unittest to run all tests

python -m unittest discover tests

Use pytest to run all tests

python -m pytest tests


Running behind an Nginx server

wssh --address='' --port=8888 --policy=reject
# Nginx config example
location / {
    proxy_http_version 1.1;
    proxy_read_timeout 300;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Real-PORT $remote_port;

Running as a standalone server

wssh --port=8080 --sslport=4433 --certfile='cert.crt' --keyfile='cert.key' --xheaders=False --policy=reject


  • For whatever deployment choice you choose, don’t forget to enable SSL.
  • By default plain http requests from a public network will be either redirected or blocked and being redirected takes precedence over being blocked.
  • Try to use reject policy as the missing host key policy along with your verified known_hosts, this will prevent man-in-the-middle attacks. The idea is that it checks the system host keys file(“~/.ssh/known_hosts”) and the application host keys file(“./known_hosts”) in order, if the ssh server’s hostname is not found or the key is not matched, the connection will be aborted.