KEYBOX - A WEB-BASED SSH CONSOLE THAT CENTRALLY MANAGES ADMINISTRATIVE ACCESS TO SYSTEMS

KeyBox is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users.

Administrators can login using two-factor authentication with FreeOTP or Google Authenticator. From there they can manage their public SSH keys or connect to their systems through a web-shell. Commands can be shared across shells to make patching easier and eliminate redundant command execution.

KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding. More details can be found in the following whitepaper: The Security Implications of SSH. Also, SSH key management is enabled by default to prevent unmanaged public keys and enforce best practices.

Prerequisites

• Java JDK 1.7 or greater http://www.oracle.com/technetwork/java/javase/overview/index.html
• Browser with Web Socket support http://caniuse.com/websockets Note: In Safari if using a self-signed certificate you must import the certificate into your Keychain. Select 'Show Certificate' -> 'Always Trust' when prompted in Safari
• Maven 3 or greater ( Only needed if building from source ) http://maven.apache.org
• Install FreeOTP or Google Authenticator to enable two-factor authentication with Android or iOS

To Run Bundled with Jetty

If you're not big on the idea of building from source...
Download keybox-jetty-vXX.XX.tar.gz
https://github.com/skavanagh/KeyBox/releases
Export environment variables
for Linux/Unix/OSX

 export JAVA_HOME=/path/to/jdk
 export PATH=$JAVA_HOME/bin:$PATH

for Windows

 set JAVA_HOME=C:\path\to\jdk
 set PATH=%JAVA_HOME%\bin;%PATH%

Start KeyBox
for Linux/Unix/OSX

    ./startKeyBox.sh

for Windows

    startKeyBox.bat

How to Configure SSL in Jetty (it is a good idea to add or generate your own unique certificate)
http://wiki.eclipse.org/Jetty/Howto/Configure_SSL

Using KeyBox

Open browser to https://<whatever ip>:8443
Login with

username:admin
password:changeme

Steps:

1. Create systems
2. Create profiles
3. Assign systems to profile
4. Assign profiles to users
5. Users can login to create sessions on assigned systems
6. Start a composite SSH session or create and execute a script across multiple sessions
7. Add additional public keys to systems
8. Disable any adminstrative public key forcing key rotation.
9. Audit session history

Download KeyBox