KeyBox Features

  • Centralized user control - Grant access to systems through administrative profiles and user accounts.
  • Prevent SSH key sprawl and access mismanagement - Administrators set keys and distribute to systems through profiles. Strong passphrases are enforced by default for SSH keys on registered systems. Also, any administrative key can be disabled forcing key rotation.
  • Productivity - Instead of making the same changes on systems individually, share commands across systems. Eliminates redundancy when patching or debugging issues.
  • Portability - Run SSH through the browser without requiring client software or browser plugins.
  • Layered Protocols - Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding.
  • Infrastructure protection - A hardened version of KeyBox could act as a bastion host allowing for centralized administration through SSH, proxying traffic into a DMZ or perimeter network. (see diagram)
  • Auditable (experimental) - Audit the administrative activity on the systems. Prevents malicious users from deleting history or logs.
Audit SSH Sessions

Composite SSH terminals. Total control.

Execute commands on multiple systems simultaneously. Upload files to selected systems. Once the sessions have been opened you can select a single terminal window or any combination to run your commands.

Select Invidual Terminals

Manage, distribute, & disable public SSH keys

KeyBox works through the authorized_keys file on systems that are registered. Users can generate an SSH key and distribute to any systems set in their profile. Strong passphrases are enforced when keys are set to be generated through the application. Users with full-privileges may review and disable any administrative key forcing rotation.

With KeyBox users set or generate their own keys, discouraging private keys from being shared, sent over email, etc..

Manage SSH Public Keys

Two-Factor Authentication. Secure your users.

Supports Two-Factor via FreeOTP or Google Authenticator on your Android or iOS device.

FreeOTP
Android Google Play
iOS iTunes
Google Authenticator
Android Google Play
iOS iTunes
Two-Factor Authentication

Control user access. Secure your systems.

Create users and assign system profiles. Users can login to KeyBox via the web-console, but have limited privileges and can only access systems that have been assigned through their profile. System access can be removed at anytime removing any keys the user has associated with the system. Authentication may be integrated with LDAP in which roles can be mapped to profiles defined in KeyBox. Users will be added/removed from defined profiles as they login and when the role name matches the profile name.

Manage Users

Audit SSH sessions

Once enabled, users with full-privileges may audit other administrative user sessions. Ensure systems are managed within organizational guidelines. Through its logging utility, KeyBox can be configured to send logs to a central logging server. (eg. logstash)

Audit SSH Sessions