OWASP KeyBox

=Main=



{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 * valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

OWASP KeyBox Project
KeyBox is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users. KeyBox layers TLS/SSL on top of SSH and can act as a bastion host.



Description
KeyBox is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users. Administrators can login using two-factor authentication with FreeOTP or Google Authenticator . From there they can create and manage public SSH keys or connect to their assigned systems through a web-shell. Commands can be shared across shells to make patching easier and eliminate redundant command execution. KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding. More details can be found in the following whitepaper: The Security Implications of SSH. Also, SSH key management is enabled by default to prevent unmanaged public keys and enforce best practices.

Licensing
Apache 2.0


 * valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

Download
Download now

Project Leader
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]

Links

 * KeyBox on Github
 * README
 * Website

Classifications

 * valign="top" style="padding-left:25px;width:200px;" |

News and Events

 * 2015-04-21: Release - KeyBox v2.83.00
 * 2015-03-13: Release - KeyBox v2.82.00
 * 2015-03-03: Release - KeyBox v2.80.00
 * 2015-02-25: Release - KeyBox v2.76.00


 * }

=FAQs=


 * How do I import my own SSL cert?


 * keytool -keystore keystore -import -alias jetty -file mycert.crt
 * then just replace the keystore in the jetty/etc/ directory and you set the passwords in the jetty/modules/ssl.mod file (see Configuring Security Secure Passwords to set the password format)
 * More information can be found at How to Configure SSL


 * I have a reverse-proxy that already terminates TLS/SSL, how do I disable TLS/SSL?


 * In the jetty directory edit the start.ini file and set


 * --module=https


 * to


 * --module=http


 * and change jetty.port=8443 to the needed port to be and restart. More information on jetty can be found - Jetty Documentation

= Acknowledgements =

Contributors
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]

Special Thanks
JSch Java Secure Channel - by ymnk

terms.js A terminal written in javascript - by chjj

= Road Map and Getting Involved =

Road Map
Add ability to save session and command line information to a large data store so it can be audited and reviewed. Compute and flag irregularities that could point security issues or improper use. Deploy to embedded network devices to act as a proxy for SSH connections.

Getting Involved
=Minimum Viable Product=

Currently packaged along with a web-server and can be downloaded from github

https://github.com/skavanagh/KeyBox/releases