All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Looking for beta testers for our HeyTerm web terminal project
Dear LET'ers,
For the last couple of weeks, my team has been developing an application called HeyTerm - a centralized web terminal interface where you can access and manage your infrastructure devices from a web browser.
The HeyTerm idea came from a Chinese web hosting group on Telegram, some members complained that they felt so difficult to connect to their servers in another region, because of the network congestion abroad. It did happen to me sometimes too while I was trying to log in to my working RDP in the US, so I thought why not make a tool to help them and myself?
The demo was done by my partner, Mufeng in 1.5 weeks, and after a quick test, we realize it's something that users need, so we implemented UI with the help of our designer, Mora.
And it's just getting started, we do have a long roadmap but we also want to listen to your voice about the feature you want us to add.
Screenshots
Features Implemented
- You can manage multiple infrastructure devices in a single web page.
- Everything is HTML5 web-based, you don't have to install any 3rd party software.
- You can access the infrastructure devices via RDP/SSH/Telnet/VNC.
- You can choose a gateway location as per your preference to ensure the best network performance.
- You can execute the same shell command to multiple devices at the same time.
Features Upcoming
- Organizations, projects/groups, and permissions.
- Device uptime monitoring, notifications.
- Logs audit and recording.
- Self-hosted version
Thanks to our Angel Investor: Mr. Binsen Tang, we are well funded. The BETA stage will last 6-12 months meanwhile we will try to make it a better software. We didn't think much about the pricing yet as of now, but it will definitely be affordable to LET community members.
Any feedback is appreciated! I will be working with you to improve HeyTerm day by day.
Comments
The website seems down, How do we access it? Also, is the Source Public for Audit or closed?
Confirmed, website is down. I would want to test it though.
Got the alert while I was walking out for dinner, we got a DDoS attack, will mitigate and fix very shortly.
Njinx on Fedora
Should be fixed now.
I saw it on ProductHunt a few days ago, and have been trying it out with a couple of test vps’es.
@dearroy looks promising...will try to post a longer review later. Best wishes
Working now book marked for when I'm not on mobile.
HeyTerm will be closed however we will disclose an audit report by 3rd party shortly.
let me try it.
So there have been a few projects along these lines ("centralized server management") on LET in the past, and pretty much every time they run into the same problem: why would you trust a third party with effectively root access to all of your infrastructure?
An audit report is better than nothing, but it's also only a snapshot in time; hypothetically speaking, there's nothing to keep you from adding malicious code 5 minutes after the auditor's access to the internal repository is revoked. At most it could be an assessment of the general code quality (if it's a good and widely-trusted auditor), but it's probably not going to provide the assurances that people need.
Perhaps there's a market for this, but I wouldn't be surprised if a lot of the responses here are going to be "if I can't self-host it and look at the source, I'm not interested". Handing over root access to all of your infrastructure to a third party is a pretty big risk to take, and - especially taking into account the widespread availability of (open-source, self-hosted) deployment tooling - a pretty hard sell, IMO.
Congratz for launching guys
Wish you best luck!
What's the difference with something like https://guacamole.apache.org/
Also how do you store private keys and passwords? Do you as admin of the saas get access to all servers connected?
True, I thought the same before I decided to start the project, and we are still trying to figure it out before we end the BETA stage.
For most of the companies and users, they might not have an IT department or sysadmins to ensure their data security, So it doesn't make too many differences whether they provide root access or not, it's just a sense of self-conscious.
And, HeyTerm doesn't require users to save root access, it's up to the users whether to sign in automatically or manually.
We are working on the audit report with a well-trusted auditor at the moment, but I agree with you - audit report doesn't equal to absolute safe. This question applies to all SaaS companies that are source code closed, only time can tell the answer.
We know it's a bit hard to start, we are extremely encouraged by these users who really want it, we are improving it day by day.
I can't wait for the selfhosted version
Let me ask this:
Why do you feature Google, Instagram, Facebook etc as "partners". Obviously you're trying to impress your visitors with those logos. Can you please tell me how are you affiliated to those companies and why did you place their respective logos on your website?
Are you getting payed by them? In which way are those companies your partners? Please clarify.
Appreciated.
They are most likely just placeholders for the time being. @dearroy
Isn't this like guacamole? Also, I couldn't find a place to change my password and it doesn't seem to support 2FA yet.
Makes no sense as you could simply use a blank-image. They even adjusted the colors to fit their CI and the design overall.
@fLoo Thanks for pointing out, it turned out to be that I pulled a less latest code to the server, I have fixed that.
We were inspired by Guacamole and we implement similarly.
HeyTerm makes it easier to get started, especially for people who are new to it. We managed to make it distributed so users can choose their preferred location based on their network environment and GEO location.
The differences will begin to stand out as time goes by, we are collecting feature requests to make it unique.
2FA is on our next milestone roadmap, we will implement Google Authenticator, Wechat QR code as well as email for 2FA.
As of now, all keys and passwords are encrypted with AES, and soon we will switch to RSA in the near future.
I, as an admin of HeyTerm, have no access to servers that do not belong to my account, and we don't have a dedicated interface for admins yet, it's not in our future plan either.
Yea, this will not work if people won't see source code. At least those people who could be potential customers. A massive SPOF, unaudited code (code audition costs large money). I give max 1 year prior to deadpool.
Thanks for the predict! We'll see.
it makes same thing which we can do with ssh/telnet client and we're giving our root password to them. it's unsafe. I'm not fond of web based clients already but wanted to test.
Termius also has a password sync feature, and it's not open-souce either. Its subscription price is $99/y, still having a lot of users. So I guess if you guys can be trustworthy to the public, while keep enhance other features, it's doable.
@dearroy Still looking to update my password whenever this feature is available.
A profile page is now being designed, before it's completed you can use the password reset feature on the login page to reset the password.
That requires time, patience as well as insights, but we have faith.
My takeaways from the discussion so far: Many see the closed source as an issue. But then there are many third party SM Integration tools and website management tools that are closed source. I am not a believer in the 'convenience at the cost of risk' school of thought, but as a beta product, does not hurt to link a few non mission critical sites.
Esp with low learning curve, even for a newbie like me, the risk is low. But for the experienced users/admins that the audience in LET happen to be, I believe control (or lack of) versus convenience is a one way conversation.
Just an update: HeyTerm now supports SSH two-factor authentication.
...why?
The actual cipher in use is rarely the weakest link in a crypto solution. Are you really worried there are people out there who can break AES but will be defeated by RSA?
Well, I was not meant to compare AES and RSA.
We are testing to combine both and use multiple servers joint to encrypt/decrypt, that is the best solution I could think of now, will improve as it goes.
@dearroy
Ever used shellinabox? https://github.com/shellinabox/shellinabox