KeyBox is a Web-based SSH console that centrally manages administrative access to systems. The web-based administration is combined with management and distribution of user’s public SSH keys. Key management and administration are based on profiles assigned to defined users.
KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling/port forwarding. More details can be found in the following whitepaper: The Security Implications of SSH. Also, SSH key management is enabled by default to prevent unmanaged public keys and enforce best practices.
- Java JDK 1.8 or greater
- Browser with Web Socket support
- Maven 3 or greater
- FreeOTP or Google Authenticator to enable two-factor authentication with Android or iOS.
- Centralized user control – Grant access to systems through administrative profiles and user accounts.
- Prevent SSH key sprawl and access mismanagement – Administrators set keys and distribute to systems through profiles. Strong passphrases are enforced by default for SSH keys on registered systems. Also, any administrative key can be disabled forcing key rotation.
- Productivity – Instead of making the same changes on systems individually, share commands across systems. Eliminates redundancy when patching or debugging issues.
- Portability – Run SSH through the browser without requiring client software or browser plugins.
- Layered Protocols – Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling/port forwarding.
- Infrastructure protection – A hardened version of KeyBox could act as a bastion host allowing for centralized administration through SSH, proxying traffic into a DMZ or perimeter network.
- Auditable (experimental) – Audit the administrative activity on the systems. Prevents malicious users from deleting history or logs.