KeyBox - A web-based SSH console that centrally manages administrative access to systems




KeyBox is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users.

Administrators can login using two-factor authentication with FreeOTP or Google Authenticator. From there they can manage their public SSH keys or connect to their systems through a web-shell. Commands can be shared across shells to make patching easier and eliminate redundant command execution.

KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding. More details can be found in the following whitepaper: The Security Implications of SSH. Also, SSH key management is enabled by default to prevent unmanaged public keys and enforce best practices.

Prerequisites

To Run Bundled with Jetty

If you're not big on the idea of building from source...
Download keybox-jetty-vXX.XX.tar.gz
https://github.com/skavanagh/KeyBox/releases
Export environment variables
for Linux/Unix/OSX
 export JAVA_HOME=/path/to/jdk
export PATH=$JAVA_HOME/bin:$PATH

for Windows
 set JAVA_HOME=C:\path\to\jdk
set PATH=%JAVA_HOME%\bin;%PATH%

Start KeyBox
for Linux/Unix/OSX
    ./startKeyBox.sh
for Windows
    startKeyBox.bat
How to Configure SSL in Jetty (it is a good idea to add or generate your own unique certificate)
http://wiki.eclipse.org/Jetty/Howto/Configure_SSL

Using KeyBox

Open browser to https://:8443
Login with
username:admin
password:changeme

Steps:
  1. Create systems
  2. Create profiles
  3. Assign systems to profile
  4. Assign profiles to users
  5. Users can login to create sessions on assigned systems
  6. Start a composite SSH session or create and execute a script across multiple sessions
  7. Add additional public keys to systems
  8. Disable any adminstrative public key forcing key rotation.
  9. Audit session history