1f67b2ca75
Problem Analysis: - Fixed salt disaster: All same-type fields used identical encryption keys - Exposed user password KEK protection as completely fake security theater - System generated random password while claiming user password protection - 500+ lines of complex migration logic for non-existent backward compatibility Linus-Style Solutions Applied: ✅ "Delete code > Write code" - Removed 1167 lines of fake complexity ✅ "Complexity is evil" - Eliminated all special cases and migration paths ✅ "Practical solutions" - System auto-starts with secure random keys ✅ "Good taste" - Each field gets unique random salt, true data isolation Core Changes: • FIXED: Each encrypted field now gets unique random salt (no more shared keys) • DELETED: MasterKeyProtection.ts - entire fake KEK protection system • DELETED: encryption-test.ts - outdated test infrastructure • SIMPLIFIED: User password = authentication only (honest design) • SIMPLIFIED: Random master key = data protection (more secure than user passwords) Security Improvements: - Random keys have higher entropy than user passwords - Simpler system = smaller attack surface - Honest design = clear user expectations - True field isolation = breaking one doesn't compromise others Before: Break 1 password → Get all passwords of same type After: Each field independently encrypted with unique keys "Theory and practice sometimes clash. Theory loses. Every single time." - Linus This removes theoretical security theater and implements practical protection.
Repo Stats
English |
中文
Achieved on September 1st, 2025
Top Technologies
If you would like, you can support the project here!
Overview
Termix is an open-source, forever-free, self-hosted all-in-one server management platform. It provides a web-based solution for managing your servers and infrastructure through a single, intuitive interface. Termix offers SSH terminal access, SSH tunneling capabilities, and remote file editing, with many more tools to come.
Features
- SSH Terminal Access - Full-featured terminal with split-screen support (up to 4 panels) and tab system
- SSH Tunnel Management - Create and manage SSH tunnels with automatic reconnection and health monitoring
- Remote File Editor - Edit files directly on remote servers with syntax highlighting, file management features ( uploading, removing, renaming, deleting files)
- SSH Host Manager - Save, organize, and manage your SSH connections with tags and folders
- Server Stats - View CPU, memory, and HDD usage on any SSH server
- User Authentication - Secure user management with admin controls and OIDC and 2FA (TOTP) support
- Modern UI - Clean desktop/mobile friendly (in progress) interface built with React, Tailwind CSS, and Shadcn
- Languages - Built-in support for English and Chinese
- Improved Platform Support - Now includes an installable Electron app (in progress) for desktop, with a dedicated mobile app also planned.
Planned Features
See Projects. If you are looking to contribute, see Contributing,
Installation
Visit the Termix Docs for more information on how to install Termix. Otherwise, view a sample docker-compose file here:
services:
termix:
image: ghcr.io/lukegus/termix:latest
container_name: termix
restart: unless-stopped
ports:
- "8080:8080"
volumes:
- termix-data:/app/data
environment:
PORT: "8080"
volumes:
termix-data:
driver: local
Pre-built binaries are now available for download, including a Windows installer/portable app and a Linux portable app ( built with Electron). See Docs for details. A native iOS/Android app is planned.
Support
If you need help with Termix, you can join the Discord server and visit the support channel. You can also open an issue or open a pull request on the GitHub repo.
Show-off
License
Distributed under the Apache License Version 2.0. See LICENSE for more information.