I want to introduce my new web-based and totley client-side RCON admin tool. I'm gonna post it here first as I find this the best place to reach Rust server owners.
RCON:IO has the basic tools an admin/owner would need. You'll find a console, player list and some handy tools to administrate your server. It has an advantage of being accessible directly in your browser without any need for third party installations.
As this is the first release I've only focused on the basic features. I will continue adding more functionality and features and everyone contribute at our Trello Board (see the website for link).
Security:
RCON:IO do not save any information about your server. All the information are stored in your browser and is wiped on logout as the tool is completely client-side and uses Websockets to connect to your server.
You can try it out here: RCON:IO
Feel free to give me some feedback I'm watching this thread.
Screenshots below:
Rcon.io - A new web-based RCON admin tool
Discussion in 'Rust Discussion' started by Henrikmeister, Apr 24, 2016.
-
Looks good, I can also confirm that this appears to be purely client sided as there don't appear to be any shady packets being sent somewhere else.
I kind of wish Rust supported wss, though. Rust RCON is inherently vulnerable to MITMs and connection hijackings (especially when auth is as simple as ws://<ip>:<port>/<password>). You can still add a TLS service in front of RCON, but most people probably won't do that, so there's no real point in adding that option to your RCON tool (although it would be kind of sweet ). Even some basic encryption without certification would be better than the current situation of default RCON (even though this wouldn't be completly safe either).
Some ideas:
- List tools in a dropdown menu. The current view might get a bit messy once you add more tools.
- Inspect event.error passed to the callback of websocket.onclose to inform users why a connection broke down. You should definetly add a hint to use +rcon.web 1 when the connection is actively refused.
- Fix capitalization inconsistencies.
- Use more vertical space for the console.
- Fix centering of "to" of teleport tool.
Last edited by a moderator: Apr 24, 2016 -
About to your bullets:
- List tools in a dropdown menu. I'll have to think of a clever way to filter the tools somehow. Even shough its done with a dripdown, sub-menu or tabs I have
to rework it. I'll come back to this enhancement soon.
- Inspect event.error passed. I'll work on this one today (thanks for the tips). I should definetly add a hint to use +rcon.web 1 when the connection
is actively refused. (Let's hope that this is not the same event that will be passed when the password is wrong?)
- Fix capitalization inconsistencies. I'll work my way throug all the capitalization inconsistencies and other text relateted fixes.
- Use more vertical space for the console. This is more a question then an answer: Do you think of the lack of space between the console text and the top border of
the console frame? Or is it spacing between each log row?
- Fix centering of "to" of teleport tool. An update with this fix will be pushed today.
When I started working on RCON:IO i first wanted to use WSS and its obvious advantage of being encrypted. But as you wrote.. Rust does not support it. I notified Garry on twitter about this problem as well as the vulnerability to brute-force when you have unlimited tries on the password.
I'll immerse and try to find a TLS solution that can be optional for more advanced users.Last edited by a moderator: Apr 24, 2016 - List tools in a dropdown menu. I'll have to think of a clever way to filter the tools somehow. Even shough its done with a dripdown, sub-menu or tabs I have
to rework it. I'll come back to this enhancement soon.
-
Here's an example: http://i.imgur.com/oyayjBd.png
I sort of understand why Rust doesn't support wss. Most clients probably wouldn't bother to get themselves a cert (although this is fairly easy nowadays luckily).
Certs are also usually registered for domains and not for IPs, and even then, most hosters probably wouldn't be able to guarantee that the IP stays the same.
Servers essentially don't have a true identity attached to them. You could do this by registering a domain for the server or a fixed IP, but it would only apply to a very small amount of people (because who the hell tries to MITM a Rust server? ).
It'd be possible for Rust to roll a custom encryption that requires server owners to cert themselves using an email address to be considered by the master server, but this increases the barrier of entry for new server owners a lot, which isn't desirable, and it's a lot of rather pointless work.
Those that really care can just run their own TLS service and I can definetly see how this isn't a priority of the Rust devs. -
As server owner I see the potential of having a "server profile". Which stores the rcon(encrypted) and letting me add different kind of permissions based on steamid.
-
IMO this goes way beyond what RCON should pragmatically be capable of. It's a tool for the owner to administer the server, not for mods. Mods need to be ingame either way to make effective decisions. There isn't much of a point in limiting owner access.
Also, this is something Rust would have to implement. -
Edit:
-Also having a playerlist with all steamids, IP and country is useful information for mods. Now, mods has to open up their in-game overlay and check playerinfo to get their steam profile and transform it to steamid64 if the player has weird name like chinese characters.
-Mods would be able to IP ban with the tool.
-Having notifcations for mods is also useful, knowing when they are called and monitor chat abuse.
-Just like RustAdmin it would also be beneficial to mark notes on different users for different degree of abuse on the server. Sharing this admin/mod wise is a powerful thing.Last edited by a moderator: Apr 24, 2016 -
To be able to properly judge whether someone should be banned or kicked a mod should probably be ingame, you're right about mutes, though.
You could accomplish this via a server sided tool that acts as an RCON server and filters commands based on some account system. -
Last edited by a moderator: Apr 24, 2016 -
why can't I log in? writes opsssss .... all I submit is correct, what could be the error?
-
Example:
Code:+rcon.web 1 +rcon.port 28016 +rcon.password "YourPassword"
-
sorry, didn't notice apparently, now add, unsubscribe
-
Very good job ! can we have an automatic message configuration ?
-
[DOUBLEPOST=1467882217][/DOUBLEPOST] -
-
Either way, if you want adverts, use Skin's Notifier Plugin
Notifier for Rust | Oxide -
But notifier plugin will make my server modded and not vanilla right ?
-
-
Because rcon.io is a beautiful tool to administrate your server without any plugin and it's post here
-
Looks clean! So far the best looking web RCON.