Skip to content

KeyBox is a web-based SSH console that centrally manages administrative access to systems. KeyBox combines key management and administration through profiles assigned to defined users.

License

Notifications You must be signed in to change notification settings

huangchaosuper/KeyBox

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

KeyBox

KeyBox is a web-based SSH console that centrally manages administrative access to systems. KeyBox combines key management and administration through profiles assigned to defined users.

Administrators can login using two-factor authentication with FreeOTP or Google Authenticatior. From there they can manage their public SSH keys or connect to their systems through a web-shell. Commands can be shared across shells to make patching easier and eliminate redundant command execution.

KeyBox layers TLS/SSL on top of SSH and can act as a bastion host for administration. Layering protocols for security is described in detail in The Security Implications of SSH whitepaper. SSH key management is enabled by default to prevent unmanaged public keys and enforce best practices.

Terminals

Prerequisites

FreeOTP Link
Android Google Play
iOS iTunes
Google Authenticator Link
Android Google Play
iOS iTunes

To Run Bundled with Jetty

If you're not big on the idea of building from source...

Download keybox-jetty-vXX.XX.tar.gz

https://github.com/skavanagh/KeyBox/releases

Export environment variables

for Linux/Unix/OSX

 export JAVA_HOME=/path/to/jdk
 export PATH=$JAVA_HOME/bin:$PATH

for Windows

 set JAVA_HOME=C:\path\to\jdk
 set PATH=%JAVA_HOME%\bin;%PATH%

Start KeyBox

for Linux/Unix/OSX

    ./startKeyBox.sh

for Windows

    startKeyBox.bat

How to Configure SSL in Jetty (it is a good idea to add or generate your own unique certificate)

http://wiki.eclipse.org/Jetty/Howto/Configure_SSL

To Build from Source

Export environment variables

export JAVA_HOME=/path/to/jdk
export M2_HOME=/path/to/maven
export PATH=$JAVA_HOME/bin:$M2_HOME/bin:$PATH

In the directory that contains the pom.xml run

mvn package jetty:run

**Note: Doing a mvn clean will delete the H2 DB and wipe out all the data.

Managing SSH Keys

By default KeyBox will overwrite all values in the specified authorized_keys file for a system. You can disable key management by editing KeyBoxConfig.properties file and use KeyBox only as a bastion host. This file is located in the jetty/keybox/WEB-INF/classes directory. (or the src/main/resources directory if building from source)

#enable key management  --set to false to disable
keyManagementEnabled=false

Also, the authorized_keys file is updated/refreshed periodically based on the relationships defined in the application. If key management is enabled the refresh interval can be specified in the KeyBoxConfig.properties file.

#authorized_keys refresh interval in minutes (no refresh for <=0)
authKeysRefreshInterval=120

Supplying a Custom SSH Key Pair

KeyBox generates its own public/private SSH key upon initial startup for use when registering systems. You can specify a custom SSH key pair in the KeyBoxConfig.properties file.

For example:

#set to true to regenerate and import SSH keys  --set to true
resetApplicationSSHKey=true

#SSH Key Type 'dsa' or 'rsa'
sshKeyType=rsa

#private key  --set pvt key
privateKey=/Users/kavanagh/.ssh/id_rsa

#public key  --set pub key
publicKey=/Users/kavanagh/.ssh/id_rsa.pub

#default passphrase  --leave blank if passphrase is empty
defaultSSHPassphrase=myPa$$w0rd

After startup and once the key has been registered it can then be removed from the system. The passphrase and the key paths will be removed from the configuration file.

Auditing

Auditing is disabled by default and is only a proof of concept. Can be enabled in the KeyBoxConfig.properties.

#enable audit  --set to true to enable
enableAudit=true

Using KeyBox

Open browser to https://<whatever ip>:8443

Login with

username:admin
password:changeme

Steps:

  1. Create systems
  2. Create profiles
  3. Assign systems to profile
  4. Assign profiles to users
  5. Users can login to create sessions on assigned systems
  6. Start a composite SSH session or create and execute a script across multiple sessions
  7. Add additional public keys to systems
  8. Disable any adminstrative public key forcing key rotation.
  9. Audit session history

Screenshots

Login

Two-Factor

More Terminals

Manage Systems

Manage Users

Define SSH Keys

Disable SSH Keys

Acknowledgments

Special thanks goes to these amazing projects which makes this (and other great projects) possible.

Third-party dependencies are mentioned in the 3rdPartyLicenses.md!

Author

Sean Kavanagh

(Follow me on twitter for release updates, but mostly nonsense)

About

KeyBox is a web-based SSH console that centrally manages administrative access to systems. KeyBox combines key management and administration through profiles assigned to defined users.

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Java 55.6%
  • JavaScript 43.1%
  • CSS 1.3%