This project is in a very-alpha state. It's just a rough idea. Don't beat me!


Sometimes when working with SUSE Manager (SUMA), I have the need to perform some testing actions on a registered client. Although SUMA provides ways to do that (remote command, salt remote commands), these lack interactivity. Sometimes I just need to SSH into the client and do something (read logs, quickly tweak & test something repeatedly). This usually involves copying&pasting the client FQDN, opening a terminal, typing ssh root@, paste the FQDN and connecting to SSH.

The goal of this project is to ease connecting to & controlling SUMA registered clients via SSH.


Currently, there are 2 completely different ideas to implement that functionality.

Idea 1: Open a user-installed SSH and point it to the SUMA client

Use some web browser ssh add-on (like Chrome secure shell). Create a button in the system page in the SUMA web UI that would open the client, passing the needed data (host, post, user...) to it.

Alternatively, create a link in SUMA web UI with href=ssh://user@machine:port and make the system open it (via xdg, for instance).

Idea 2: Web-based SSH clients

Instead of a native SSH client, we could use a web based ssh client. This would need some kind of proxy between the browser and target systems for websocket/socket interoperation.


  • Path to system: the system doesn't necessarilly need to be accessible from the user's computer. It can be in the network with SUMA server, or it can be even hidden behind a SUMA proxy. Possible solutions:

    • run some "ssh proxy" on SUMA server and SUMA proxies (in a similar fashion like salt-ssh minions),
    • do nothing and explicitly target this feature for "intranet setups".
  • Availability of the feature: not all systems have ssh installed & running. We should enable/disable the feature in the UI based on the state of the system (we can retrieve needed data via salt (grains?)).

  • Parameters: we should allow adjusting ssh parameters (like username) before connecting to the machine. We could also enable some kind of "raw mode" that allows adjusting the ssh command line before connecting.

Looking for hackers with the skills:

Nothing? Add some keywords!

This project is part of:

Hack Week 19


  • pagarcia
    8 months ago by pagarcia | Reply

    Coincidentally I was discussing something like this at FOSDEM with @PSuarezHernandez where I was explaining what a TPAM is and how we could implement it using , which offers logging capabilities.

    This can be used to implement a TPAM

  • fkobzik
    8 months ago by fkobzik | Reply

    Hmm, interesting, I didn't know this one. Thanks for the tip Pau!

Similar Projects

This project is one of its kind!