KeyBox is a free, Web-based SSH Console – an open source application that can be used to manage multiple SSH sessions on multiple systems.
It allows you to execute commands on multiple shells, manage keys, share terminal commands, and upload files to multiple systems simultaneously. It will generate a private/public key pair on initial startup, also you can define your own custom key if you like. Moreover, you can add additional system admins, and audit terminal history of them.
KeyBox allows you to control the users, so that you can define which users can access which systems. After starting the web-based SSH session, you’ll be able to manage single or multiple systems via a web browser of your choice more easily and effectively.
Administrators can login using two-factor authentication with FreeOTP or Google Authenticatior. From there they can manage their public SSH keys or connect to their systems through a web-shell. Commands can be shared across shells to make patching easier and eliminate redundant command execution.
KeyBox layers TLS/SSL on top of SSH and can act as a bastion host for administration. Layering protocols for security is described in detail in The Security Implications of SSH whitepaper. SSH key management is enabled by default to prevent unmanaged public keys and enforce best practices.
Features of this Web-based SSH Console
- Web-based SSH
- Manage systems and system profiles
- Manage users access and assign system profiles
- Generate and distribute public keys to authorized key file
- Create shell scripts and execute on systems or system profiles
- Create composite ssh terminals so commands can be shared across sessions
Why Keybox: Some of the ideas explored with this project…
- Centralized user control – Grant access to systems through administrative profiles and user accounts.
- Auditable (experimental) – Audit the administrative activity on the systems. Prevents malicious users from deleting history or logs.
- Prevent SSH key sprawl and access mismanagement – Administrators set keys and distribute to systems through profiles. Strong passphrases are enforced by default for SSH keys on registered systems. Also, any administrative key can be disabled forcing key rotation.
- Productivity – Instead of making the same changes on systems individually, share commands across systems. Eliminates redundancy when patching or debugging issues.
- Portability – Run SSH through the browser without requiring client software or browser plugins.
- Layered Protocols – Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding.
- Infrastructure protection – A hardened version of KeyBox could act as a bastion host allowing for centralized administration through SSH, proxying traffic into a DMZ or perimeter network.
Open browser to https://
1. Create systems
2. Create profiles
3. Assign systems to profile
4. Assign profiles to users
5. Users can login to create sessions on assigned systems
6. Start a composite SSH session or create and execute a script across multiple sessions
7. Add additional public keys to syste
Supplying a Custom SSH Key Pair
KeyBox generates its own public/private SSH key upon initial startup for use when registering systems. You can specify a custom SSH key pair though the KeyBoxConfig.properties file. This file is located in the jetty/keybox/WEB-INF/classes directory. (or the src/main/resources directory if building from source)
#set to true to regenerate and import SSH keys --set to true resetApplicationSSHKey=true #SSH Key Type 'dsa' or 'rsa' sshKeyType=rsa #private key --set pvt key privateKey=/Users/kavanagh/.ssh/id_rsa #public key --set pub key publicKey=/Users/kavanagh/.ssh/id_rsa.pub #default passphrase --leave blank if passphrase is empty defaultSSHPassphrase=myPa$$w0rd