Skip to main content

Browser SSH Management Contracts

ADR-0016 accepts the browser SSH management contract. OP-062 implements the platform-side grant broker lifecycle: JIT grant request/list/detail/end APIs, active-only command-log metadata, encrypted recording refs, audit, and Assets console request/history UI. The follow-on gateway stream implements the platform in-process WebSocket relay that pairs with the standalone oneconnect-agent control channel/tunnel manager. OP-066j implements the Assets-console xterm.js terminal against that real session relay.

The detailed OP-062 implementation sequencing note lives in docs/architecture/ssh-broker-implementation-scope.md. The browser terminal must connect to /api/v1/rmm/ssh-sessions/{session_id}/ws, wait for session_active, and show pending/closed/error states. Server-derived command parser and object-store recording writer remain future work and must not be faked in the console.

Guardrails

  • Browser SSH uses WebSocket/TLS.
  • Access is just-in-time; no persistent SSH key vault in Phase 1.
  • Tenant RBAC decides which roles can SSH to which devices.
  • Session idle timeout defaults to 30 minutes and is enforced by the future agent/gateway relay.
  • Session absolute timeout defaults to 4 hours and is enforced by the future agent/gateway relay.
  • Every session is recorded through encrypted tenant-scoped recording refs.
  • Every command is logged and redacted command-by-command only after a relay is active; approved grants cannot accept command logs.
  • Gateway activation requires the agent to send tunnel_opened; do not mark a grant active from request-time authorization alone.
  • Tunnel data frames use a 36-byte ASCII tunnel_id prefix followed by raw bytes.
  • SNMP-derived SSH capability must follow ADR-0012 discovery authorization.

Events

  • session.ssh.started
  • session.ssh.command_logged
  • session.ssh.ended

API Surfaces

  • GET /api/v1/rmm/ssh-sessions
  • POST /api/v1/rmm/ssh-sessions
  • GET /api/v1/rmm/ssh-sessions/{session_id}
  • POST /api/v1/rmm/ssh-sessions/{session_id}/commands
  • POST /api/v1/rmm/ssh-sessions/{session_id}/end
  • WS /api/v1/agents/control-channel
  • WS /api/v1/rmm/ssh-sessions/{session_id}/ws

References

  • docs/adr/ADR-0016-browser-ssh-management.md
  • docs/architecture/browser-ssh-management-contracts.md
  • docs/architecture/ssh-broker-implementation-scope.md
  • specs/events/session.ssh.started.v1.schema.json
  • specs/events/session.ssh.command_logged.v1.schema.json
  • specs/events/session.ssh.ended.v1.schema.json
  • specs/openapi.yaml
  • specs/asyncapi.yaml