KeyBox is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users.
Administrators can login using two-factor authentication with FreeOTP or Google Authenticator. From there they can manage their public SSH keys or connect to their systems through a web-shell. Commands can be shared across shells to make patching easier and eliminate redundant command execution.
KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding. More details can be found in the following whitepaper: The Security Implications of SSH. Also, SSH key management is enabled by default to prevent unmanaged public keys and enforce best practices.
- Java JDK 1.7 or greater http://www.oracle.com/technetwork/java/javase/overview/index.html
- Browser with Web Socket support http://caniuse.com/websockets Note: In Safari if using a self-signed certificate you must import the certificate into your Keychain. Select 'Show Certificate' -> 'Always Trust' when prompted in Safari
- Maven 3 or greater ( Only needed if building from source ) http://maven.apache.org
- Install FreeOTP or Google Authenticator to enable two-factor authentication with Android or iOS
To Run Bundled with Jetty
If you're not big on the idea of building from source...
Export environment variables
export JAVA_HOME=/path/to/jdk export PATH=$JAVA_HOME/bin:$PATH
set JAVA_HOME=C:\path\to\jdk set PATH=%JAVA_HOME%\bin;%PATH%
How to Configure SSL in Jetty (it is a good idea to add or generate your own unique certificate)
Open browser to https://<whatever ip>:8443
- Create systems
- Create profiles
- Assign systems to profile
- Assign profiles to users
- Users can login to create sessions on assigned systems
- Start a composite SSH session or create and execute a script across multiple sessions
- Add additional public keys to systems
- Disable any adminstrative public key forcing key rotation.
- Audit session history