KeyBox

KeyBox is an open-source web-based SSH console that centrally manages administrative access to systems.

It acts as a bastion host for administrators with features that promote infrastructure security.

View on Github » Download Latest »

Easy Install & Setup

Runs on any Java enabled system (Java is not required on client browser)

Requires JDK 1.8 or greater
A web socket supported browser

View README »

How can you support?

This project is opensource under the Apache 2.0 licence and contributions are welcome!

Donations are always welcome. Any small contribution will keep this project running!

PayPal donate button 

About KeyBox

KeyBox generates its own public/private SSH key upon initial startup. This key is placed in the authorized_key file of the registered systems. KeyBox allows you to share terminal commands and upload files to multiple systems simultaneously.

Additional system administrators can be added and their terminal sessions and history audited. Also, KeyBox can manage, distribute, and disable public keys that have been setup within the application. Key management is enabled by default to prevent unmanaged public keys and enforce best practices.

KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding. More details can be found in the following whitepaper: The Security Implications of SSH.

Composite SSH Terminals

KeyBox Benefits

  • Centralized user control - Grant access to systems through administrative profiles and user accounts.
  • Prevent SSH key sprawl and access mismanagement - Administrators set keys and distribute to systems through profiles. Strong passphrases are enforced by default for SSH keys on registered systems. Also, any administrative key can be disabled forcing key rotation.
  • Productivity - Instead of making the same changes on systems individually, share commands across systems. Eliminates redundancy when patching or debugging issues.
  • Portability - Run SSH through the browser without requiring client software or browser plugins.
  • Layered Protocols - Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding.
  • Infrastructure protection - A hardened version of KeyBox could act as a bastion host allowing for centralized administration through SSH, proxying traffic into a DMZ or perimeter network. (see diagram)
  • Auditable (experimental) - Audit the administrative activity on the systems. Prevents malicious users from deleting history or logs.
Audit SSH Sessions

Composite SSH terminals. Total control.

Execute commands on multiple systems simultaneously. Upload files to selected systems. Once the sessions have been opened you can select a single terminal window or any combination to run your commands.

Select Invidual Terminals

Manage, distribute, & disable public SSH keys

KeyBox works through the authorized_keys file on systems that are registered. Users can generate an SSH key and distribute to any systems set in their profile. Strong passphrases are enforced when keys are set to be generated through the application. Users with full-privileges may review and disable any administrative key forcing rotation.

With KeyBox users set or generate their own keys, discouraging private keys from being shared, sent over email, etc..

Manage SSH Public Keys

Two-Factor Authentication. Secure your users.

Supports Two-Factor via FreeOTP or Google Authenticator on your Android or iOS device.

FreeOTP
Android Google Play
iOS iTunes
Google Authenticator
Android Google Play
iOS iTunes
Two-Factor Authentication

Control user access. Secure your systems.

Create users and assign system profiles. Users can login to KeyBox via the web-console, but have limited privileges and can only access systems that have been assigned through their profile. System access can be removed at anytime removing any keys the user has associated with the system

Manage Users

Audit SSH sessions

Once enabled, users with full-privileges may audit other administrative user sessions. Ensure systems are managed within organizational guidelines. Through its logging utility, KeyBox can be configured to send logs to a central logging server. (eg. logstash)

Audit SSH Sessions

EC2Box

A web-based ssh console to execute commands and manage multiple EC2 instances simultaneously running on Amazon Web Services (AWS). EC2Box allows you to share terminal commands and upload files to all your EC2 instances. Once the sessions have been opened you can select a single EC2 instance or any combination to run your commands. Also, additional instance administrators can be added and their terminal sessions and history can be audited.

View on Github »


KeyBox-OpenShift

A web-based SSH console for OpenShift. Connect and share terminal commands on multiple gears simultaneously.

View on Github »

EC2Box: Web-based SSH console for AWS EC2