KeyBox is an open-source web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users.
Requires JDK 1.8 or greater
A web socket supported browser
KeyBox generates its own public/private SSH key upon initial startup (To specify a custom SSH key pair, see here). This key is placed in the authorized_key file of the registered systems. KeyBox allows you to share terminal commands and upload files to multiple systems simultaneously. Once the sessions have been opened you can select a single terminal window or any combination to run your commands. Additional system administrators can be added and their terminal sessions and history audited. Also, KeyBox can manage, distribute, and disable public keys that have been setup within the application. Key management is enabled by default to prevent unmanaged public keys and enforce best practices.
KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding. More details can be found in the following whitepaper: The Security Implications of SSH.
Execute commands on multiple systems simultaneously. Upload files to selected systems. Once the sessions have been opened you can select a single terminal window or any combination to run your commands.
Create users and assign system profiles. Users can login to KeyBox via the web-console, but have limited privileges and can only access systems that have been assigned through their profile.
KeyBox works through the authorized_keys file on systems that are registered. Users can generate an SSH key and distribute to any systems set in their profile. Strong passphrases are enforced when keys are set to be generated through the application. Users with full-privileges may review and disable any administrative key forcing rotation.
Users with full-privileges may audit other administrative user sessions. Ensure systems are managed within organizational guidelines. (Disabled by default)
Some of the ideas explored with this project...
A web-based ssh console to execute commands and manage multiple EC2 instances simultaneously running on Amazon Web Services (AWS). EC2Box allows you to share terminal commands and upload files to all your EC2 instances. Once the sessions have been opened you can select a single EC2 instance or any combination to run your commands. Also, additional instance administrators can be added and their terminal sessions and history can be audited.
A web-based SSH console for OpenShift. Connect and share terminal commands on multiple gears simultaneously.