diff --git a/pkg/api/ssh.go b/pkg/api/ssh.go
index f4ccf27..98d7503 100644
--- a/pkg/api/ssh.go
+++ b/pkg/api/ssh.go
@@ -3,6 +3,7 @@ package api
 import (
 	"bytes"
 	"encoding/json"
+	"errors"
 	"fmt"
 	"github.com/gorilla/websocket"
 	"github.com/labstack/echo/v4"
@@ -11,6 +12,7 @@ import (
 	"golang.org/x/crypto/ssh"
 	"net/http"
 	"next-terminal/pkg/model"
+	"next-terminal/pkg/utils"
 	"strconv"
 	"sync"
 	"time"
@@ -74,6 +76,19 @@ func SSHEndpoint(c echo.Context) error {
 	width, _ := strconv.Atoi(c.QueryParam("width"))
 	height, _ := strconv.Atoi(c.QueryParam("height"))
 
+	user, _ := GetCurrentAccount(c)
+	if model.TypeUser == user.Type {
+		// 检测是否有访问权限
+		assetIds, err := model.FindAssetIdsByUserId(user.ID)
+		if err != nil {
+			return err
+		}
+
+		if !utils.Contains(assetIds, assetId) {
+			return errors.New("您没有权限访问此资产")
+		}
+	}
+
 	sshClient, err := CreateSshClient(assetId)
 	if err != nil {
 		logrus.Errorf("创建SSH客户端失败：%v", err.Error())