KeyBox

KeyBox is an open-source web-based SSH console that centrally manages administrative access to systems. KeyBox combines key management and administration through profiles assigned to defined users.

View on Github » Download Latest »

Easy Install & Setup

Requires JDK 1.7 or greater
A web socket supported browser

View README »

Contact

Do you have questions or ideas?
Feel free to reach out.

If you find these projects useful please feel free to contribute, spread the word, take a look at my Amazon wishlist, or donate.


About KeyBox

KeyBox generates its own public/private SSH key upon initial startup (To specify a custom SSH key pair, see here). This key is placed in the authorized_key file of the registered systems. KeyBox allows you to share terminal commands and upload files to multiple systems simultaneously. Once the sessions have been opened you can select a single terminal window or any combination to run your commands. Additional system administrators can be added and their terminal sessions and history audited. Also, KeyBox can manage, distribute, and disable public keys that have been setup within the application.

KeyBox layers TLS/SSL on top of SSH and can act as a bastion host for administration. Layering protocols for security is described in detail in The Security Implications of SSH whitepaper. SSH key management is enabled by default to prevent unmanaged public keys and enforce best practices.

Composite SSH Terminals

Composite SSH terminals. Total control.

Execute commands on multiple systems simultaneously. Upload files to selected systems. Once the sessions have been opened you can select a single terminal window or any combination to run your commands.

Select Invidual Terminals

Two-Factor Authentication. Secure your users.

Supports Two-Factor via FreeOTP or Google Authenticator on your Android or iOS device.

FreeOTP
Android Google Play
iOS iTunes
Google Authenticator
Android Google Play
iOS iTunes
Two-Factor Authentication

Control user access. Secure your systems.

Create users and assign system profiles. Users can login to KeyBox via the web-console, but have limited privileges and can only access systems that have been assigned through their profile.

Manage Users

Manage, distribute, & disable public SSH keys

KeyBox works through the authorized_keys file on systems that are registered. Users can generate an SSH key and distribute to any systems set in their profile. Strong passphrases are enforced when keys are set to be generated through the application. Users with full-privileges may review and disable any administrative key forcing rotation.

Manage SSH Public Keys

Audit SSH sessions

Users with full-privileges may audit other administrative user sessions. Ensure systems are managed within organizational guidelines. (Disabled by default)

Audit SSH Sessions

Why KeyBox

Some of the ideas explored with this project...

  • Centralized user control - Grant access to systems through administrative profiles and user accounts.
  • Auditable (experimental) - Audit the administrative activity on the systems. Prevents malicious users from deleting history or logs.
  • Prevent SSH key sprawl and access mismanagement - Administrators set keys and distribute to systems through profiles. Strong passphrases are enforced by default for SSH keys on registered systems. Also, any administrative key can be disabled forcing key rotation.
  • Productivity - Instead of making the same changes on systems individually, share commands across systems. Eliminates redundancy when patching or debugging issues.
  • Portability - Run SSH through the browser without requiring client software or browser plugins.
  • Layered Protocols - Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding.
  • Infrastructure protection - A hardened version of KeyBox could act as a bastion host allowing for centralized administration through SSH, proxying traffic into a DMZ or perimeter network. (see diagram)
Audit SSH Sessions

EC2Box

A web-based ssh console to execute commands and manage multiple EC2 instances simultaneously running on Amazon Web Services (AWS). EC2Box allows you to share terminal commands and upload files to all your EC2 instances. Once the sessions have been opened you can select a single EC2 instance or any combination to run your commands. Also, additional instance administrators can be added and their terminal sessions and history can be audited.

View on Github »

EC2Box: Web-based SSH console for AWS EC2

KeyBox-OpenShift

A web-based SSH console for OpenShift. Connect and share terminal commands on multiple gears simultaneously.

View on Github »

KeyBox-OpenShift: Web-based SSH console for OpenShfit