https://wiki.owasp.org/api.php?action=feedcontributions&feedformat=atom&user=SkavanaghOWASP - User contributions [en]2026-04-03T18:44:19ZUser contributionsMediaWiki 1.27.2https://wiki.owasp.org/index.php?title=OWASP_KeyBox&diff=236446OWASP KeyBox2017-12-27T20:11:52Z<p>Skavanagh: Blanked the page</p>
<hr />
<div></div>Skavanaghhttps://wiki.owasp.org/index.php?title=OWASP_KeyBox&diff=234656OWASP KeyBox2017-10-26T10:57:36Z<p>Skavanagh: Add release</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP KeyBox Project==<br />
<br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users. KeyBox layers TLS/SSL on top of SSH and can act as a bastion host.<br />
<br />
<br/><br />
[[File:KeyBox-Terminals.png|400px]]<br />
<br />
==Description==<br />
<br />
<p><br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users.<br />
</p><br />
<p><br />
Administrators can login using two-factor authentication with<br />
[https://fedorahosted.org/freeotp FreeOTP]<br />
or<br />
[https://github.com/google/google-authenticator Google Authenticator]<br />
. From there they can create and manage public SSH keys or connect to their assigned systems through a web-shell. Commands can be shared across shells to make patching easier and eliminate redundant command execution.<br />
</p><br />
<p><br />
KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding. More details can be found in the following whitepaper: [http://www.sans.org/reading-room/whitepapers/vpns/security-implications-ssh-1180 The Security Implications of SSH]. Also, SSH key management is enabled by default to prevent unmanaged public keys and enforce best practices.<br />
</p><br />
<br/><br />
[[File:KeyBox-Arch.jpg|500px]]<br />
<br />
==Licensing==<br />
[https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Download ==<br />
[https://github.com/skavanagh/KeyBox/releases Download now]<br />
<br />
== Project Leader ==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
== Links ==<br />
*[https://github.com/skavanagh/KeyBox KeyBox on Github]<br />
*[https://github.com/skavanagh/KeyBox/blob/master/README.md README]<br />
*[http://sshkeybox.com Website]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" | [https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
|}<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== News and Events ==<br />
<span style="color:#ff0000"><br />
* 2017-09-20: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.90.02 KeyBox v2.90.02]<br />
* 2017-09-05: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.90.01 KeyBox v2.90.01]<br />
* 2017-06-04: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.90.00 KeyBox v2.90.00]<br />
* 2017-03-19: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.89.00 KeyBox v2.89.00]<br />
* 2017-03-16: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.88.02 KeyBox v2.88.02]<br />
* 2017-01-28: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.88.01 KeyBox v2.88.01]<br />
* 2017-01-01: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.88.00 KeyBox v2.88.00]<br />
* 2016-11-09: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.87.01 KeyBox v2.87.01]<br />
* 2016-10-22: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.87.00 KeyBox v2.87.00]<br />
* 2016-07-24: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.86.00 KeyBox v2.86.00]<br />
* 2016-04-24: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.85.03 KeyBox v2.85.03]<br />
* 2016-03-29: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.85.02 KeyBox v2.85.02]<br />
* 2015-12-09: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.85.01 KeyBox v2.85.01]<br />
* 2015-11-30: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.85.00 KeyBox v2.85.00]<br />
* 2015-11-06: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.84.01 KeyBox v2.84.01]<br />
* 2015-10-03: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.84.00 KeyBox v2.84.00]<br />
* 2015-06-07: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.83.02 KeyBox v2.83.02]<br />
* 2015-05-16: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.83.01 KeyBox v2.83.01]<br />
* 2015-04-21: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.83.00 KeyBox v2.83.00]<br />
* 2015-03-13: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.82.00 KeyBox v2.82.00]<br />
* 2015-03-03: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.80.00 KeyBox v2.80.00]<br />
* 2015-02-25: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.76.00 KeyBox v2.76.00]<br />
</span><br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
* How do I import my own SSL cert?<br />
<br />
::keytool -keystore keystore -import -alias jetty -file mycert.crt<br />
::then just replace the keystore in the jetty/etc/ directory and you set the passwords in the jetty/modules/ssl.mod file (see [http://www.eclipse.org/jetty/documentation/current/configuring-security-secure-passwords.html Configuring Security Secure Passwords] to set the password format)<br />
::More information can be found at [http://wiki.eclipse.org/Jetty/Howto/Configure_SSL How to Configure SSL]<br />
<br />
<br />
* I have a reverse-proxy that already terminates TLS/SSL, how do I disable TLS/SSL?<br />
<br />
::In the jetty directory edit the start.ini file and set<br />
<br />
::--module=https<br />
<br />
::to<br />
<br />
::--module=http<br />
<br />
::and change jetty.port=8443 to the needed port to be and restart. More information on jetty can be found - [http://www.eclipse.org/jetty/documentation/current/ Jetty Documentation]<br />
<br />
= Acknowledgements =<br />
<br />
==Contributors==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
==Special Thanks==<br />
<br />
[http://www.jcraft.com/jsch JSch] Java Secure Channel - by [https://github.com/ymnk ymnk]<br />
<br />
[https://github.com/chjj/term.js terms.js] A terminal written in javascript - by [https://github.com/chjj chjj]<br />
<br />
= Road Map and Getting Involved =<br />
<br />
==Road Map==<br />
<br />
Add ability to save session and command line information to a large data store so it can be audited and reviewed. Compute and flag irregularities that could point security issues or improper use. Deploy to embedded network devices to act as a proxy for SSH connections.<br />
<br />
==Getting Involved==<br />
<br />
<br />
=Minimum Viable Product=<br />
<br />
Currently packaged along with a web-server and can be downloaded from github<br />
<br />
[https://github.com/skavanagh/KeyBox/releases https://github.com/skavanagh/KeyBox/releases]<br />
<br />
<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Skavanaghhttps://wiki.owasp.org/index.php?title=OWASP_KeyBox&diff=232898OWASP KeyBox2017-09-06T01:29:11Z<p>Skavanagh: Added new release</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP KeyBox Project==<br />
<br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users. KeyBox layers TLS/SSL on top of SSH and can act as a bastion host.<br />
<br />
<br/><br />
[[File:KeyBox-Terminals.png|400px]]<br />
<br />
==Description==<br />
<br />
<p><br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users.<br />
</p><br />
<p><br />
Administrators can login using two-factor authentication with<br />
[https://fedorahosted.org/freeotp FreeOTP]<br />
or<br />
[https://github.com/google/google-authenticator Google Authenticator]<br />
. From there they can create and manage public SSH keys or connect to their assigned systems through a web-shell. Commands can be shared across shells to make patching easier and eliminate redundant command execution.<br />
</p><br />
<p><br />
KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding. More details can be found in the following whitepaper: [http://www.sans.org/reading-room/whitepapers/vpns/security-implications-ssh-1180 The Security Implications of SSH]. Also, SSH key management is enabled by default to prevent unmanaged public keys and enforce best practices.<br />
</p><br />
<br/><br />
[[File:KeyBox-Arch.jpg|500px]]<br />
<br />
==Licensing==<br />
[https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Download ==<br />
[https://github.com/skavanagh/KeyBox/releases Download now]<br />
<br />
== Project Leader ==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
== Links ==<br />
*[https://github.com/skavanagh/KeyBox KeyBox on Github]<br />
*[https://github.com/skavanagh/KeyBox/blob/master/README.md README]<br />
*[http://sshkeybox.com Website]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" | [https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
|}<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== News and Events ==<br />
<span style="color:#ff0000"><br />
* 2017-09-05: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.90.01 KeyBox v2.90.01]<br />
* 2017-06-04: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.90.00 KeyBox v2.90.00]<br />
* 2017-03-19: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.89.00 KeyBox v2.89.00]<br />
* 2017-03-16: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.88.02 KeyBox v2.88.02]<br />
* 2017-01-28: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.88.01 KeyBox v2.88.01]<br />
* 2017-01-01: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.88.00 KeyBox v2.88.00]<br />
* 2016-11-09: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.87.01 KeyBox v2.87.01]<br />
* 2016-10-22: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.87.00 KeyBox v2.87.00]<br />
* 2016-07-24: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.86.00 KeyBox v2.86.00]<br />
* 2016-04-24: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.85.03 KeyBox v2.85.03]<br />
* 2016-03-29: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.85.02 KeyBox v2.85.02]<br />
* 2015-12-09: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.85.01 KeyBox v2.85.01]<br />
* 2015-11-30: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.85.00 KeyBox v2.85.00]<br />
* 2015-11-06: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.84.01 KeyBox v2.84.01]<br />
* 2015-10-03: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.84.00 KeyBox v2.84.00]<br />
* 2015-06-07: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.83.02 KeyBox v2.83.02]<br />
* 2015-05-16: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.83.01 KeyBox v2.83.01]<br />
* 2015-04-21: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.83.00 KeyBox v2.83.00]<br />
* 2015-03-13: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.82.00 KeyBox v2.82.00]<br />
* 2015-03-03: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.80.00 KeyBox v2.80.00]<br />
* 2015-02-25: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.76.00 KeyBox v2.76.00]<br />
</span><br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
* How do I import my own SSL cert?<br />
<br />
::keytool -keystore keystore -import -alias jetty -file mycert.crt<br />
::then just replace the keystore in the jetty/etc/ directory and you set the passwords in the jetty/modules/ssl.mod file (see [http://www.eclipse.org/jetty/documentation/current/configuring-security-secure-passwords.html Configuring Security Secure Passwords] to set the password format)<br />
::More information can be found at [http://wiki.eclipse.org/Jetty/Howto/Configure_SSL How to Configure SSL]<br />
<br />
<br />
* I have a reverse-proxy that already terminates TLS/SSL, how do I disable TLS/SSL?<br />
<br />
::In the jetty directory edit the start.ini file and set<br />
<br />
::--module=https<br />
<br />
::to<br />
<br />
::--module=http<br />
<br />
::and change jetty.port=8443 to the needed port to be and restart. More information on jetty can be found - [http://www.eclipse.org/jetty/documentation/current/ Jetty Documentation]<br />
<br />
= Acknowledgements =<br />
<br />
==Contributors==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
==Special Thanks==<br />
<br />
[http://www.jcraft.com/jsch JSch] Java Secure Channel - by [https://github.com/ymnk ymnk]<br />
<br />
[https://github.com/chjj/term.js terms.js] A terminal written in javascript - by [https://github.com/chjj chjj]<br />
<br />
= Road Map and Getting Involved =<br />
<br />
==Road Map==<br />
<br />
Add ability to save session and command line information to a large data store so it can be audited and reviewed. Compute and flag irregularities that could point security issues or improper use. Deploy to embedded network devices to act as a proxy for SSH connections.<br />
<br />
==Getting Involved==<br />
<br />
<br />
=Minimum Viable Product=<br />
<br />
Currently packaged along with a web-server and can be downloaded from github<br />
<br />
[https://github.com/skavanagh/KeyBox/releases https://github.com/skavanagh/KeyBox/releases]<br />
<br />
<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Skavanaghhttps://wiki.owasp.org/index.php?title=OWASP_KeyBox&diff=230367OWASP KeyBox2017-06-04T15:07:24Z<p>Skavanagh: added new release</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP KeyBox Project==<br />
<br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users. KeyBox layers TLS/SSL on top of SSH and can act as a bastion host.<br />
<br />
<br/><br />
[[File:KeyBox-Terminals.png|400px]]<br />
<br />
==Description==<br />
<br />
<p><br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users.<br />
</p><br />
<p><br />
Administrators can login using two-factor authentication with<br />
[https://fedorahosted.org/freeotp FreeOTP]<br />
or<br />
[https://github.com/google/google-authenticator Google Authenticator]<br />
. From there they can create and manage public SSH keys or connect to their assigned systems through a web-shell. Commands can be shared across shells to make patching easier and eliminate redundant command execution.<br />
</p><br />
<p><br />
KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding. More details can be found in the following whitepaper: [http://www.sans.org/reading-room/whitepapers/vpns/security-implications-ssh-1180 The Security Implications of SSH]. Also, SSH key management is enabled by default to prevent unmanaged public keys and enforce best practices.<br />
</p><br />
<br/><br />
[[File:KeyBox-Arch.jpg|500px]]<br />
<br />
==Licensing==<br />
[https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Download ==<br />
[https://github.com/skavanagh/KeyBox/releases Download now]<br />
<br />
== Project Leader ==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
== Links ==<br />
*[https://github.com/skavanagh/KeyBox KeyBox on Github]<br />
*[https://github.com/skavanagh/KeyBox/blob/master/README.md README]<br />
*[http://sshkeybox.com Website]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" | [https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
|}<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== News and Events ==<br />
<span style="color:#ff0000"><br />
* 2017-06-04: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.90.00 KeyBox v2.90.00]<br />
* 2017-03-19: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.89.00 KeyBox v2.89.00]<br />
* 2017-03-16: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.88.02 KeyBox v2.88.02]<br />
* 2017-01-28: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.88.01 KeyBox v2.88.01]<br />
* 2017-01-01: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.88.00 KeyBox v2.88.00]<br />
* 2016-11-09: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.87.01 KeyBox v2.87.01]<br />
* 2016-10-22: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.87.00 KeyBox v2.87.00]<br />
* 2016-07-24: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.86.00 KeyBox v2.86.00]<br />
* 2016-04-24: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.85.03 KeyBox v2.85.03]<br />
* 2016-03-29: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.85.02 KeyBox v2.85.02]<br />
* 2015-12-09: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.85.01 KeyBox v2.85.01]<br />
* 2015-11-30: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.85.00 KeyBox v2.85.00]<br />
* 2015-11-06: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.84.01 KeyBox v2.84.01]<br />
* 2015-10-03: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.84.00 KeyBox v2.84.00]<br />
* 2015-06-07: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.83.02 KeyBox v2.83.02]<br />
* 2015-05-16: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.83.01 KeyBox v2.83.01]<br />
* 2015-04-21: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.83.00 KeyBox v2.83.00]<br />
* 2015-03-13: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.82.00 KeyBox v2.82.00]<br />
* 2015-03-03: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.80.00 KeyBox v2.80.00]<br />
* 2015-02-25: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.76.00 KeyBox v2.76.00]<br />
</span><br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
* How do I import my own SSL cert?<br />
<br />
::keytool -keystore keystore -import -alias jetty -file mycert.crt<br />
::then just replace the keystore in the jetty/etc/ directory and you set the passwords in the jetty/modules/ssl.mod file (see [http://www.eclipse.org/jetty/documentation/current/configuring-security-secure-passwords.html Configuring Security Secure Passwords] to set the password format)<br />
::More information can be found at [http://wiki.eclipse.org/Jetty/Howto/Configure_SSL How to Configure SSL]<br />
<br />
<br />
* I have a reverse-proxy that already terminates TLS/SSL, how do I disable TLS/SSL?<br />
<br />
::In the jetty directory edit the start.ini file and set<br />
<br />
::--module=https<br />
<br />
::to<br />
<br />
::--module=http<br />
<br />
::and change jetty.port=8443 to the needed port to be and restart. More information on jetty can be found - [http://www.eclipse.org/jetty/documentation/current/ Jetty Documentation]<br />
<br />
= Acknowledgements =<br />
<br />
==Contributors==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
==Special Thanks==<br />
<br />
[http://www.jcraft.com/jsch JSch] Java Secure Channel - by [https://github.com/ymnk ymnk]<br />
<br />
[https://github.com/chjj/term.js terms.js] A terminal written in javascript - by [https://github.com/chjj chjj]<br />
<br />
= Road Map and Getting Involved =<br />
<br />
==Road Map==<br />
<br />
Add ability to save session and command line information to a large data store so it can be audited and reviewed. Compute and flag irregularities that could point security issues or improper use. Deploy to embedded network devices to act as a proxy for SSH connections.<br />
<br />
==Getting Involved==<br />
<br />
<br />
=Minimum Viable Product=<br />
<br />
Currently packaged along with a web-server and can be downloaded from github<br />
<br />
[https://github.com/skavanagh/KeyBox/releases https://github.com/skavanagh/KeyBox/releases]<br />
<br />
<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Skavanaghhttps://wiki.owasp.org/index.php?title=OWASP_KeyBox&diff=227615OWASP KeyBox2017-03-19T11:55:16Z<p>Skavanagh: added new release link</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP KeyBox Project==<br />
<br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users. KeyBox layers TLS/SSL on top of SSH and can act as a bastion host.<br />
<br />
<br/><br />
[[File:KeyBox-Terminals.png|400px]]<br />
<br />
==Description==<br />
<br />
<p><br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users.<br />
</p><br />
<p><br />
Administrators can login using two-factor authentication with<br />
[https://fedorahosted.org/freeotp FreeOTP]<br />
or<br />
[https://github.com/google/google-authenticator Google Authenticator]<br />
. From there they can create and manage public SSH keys or connect to their assigned systems through a web-shell. Commands can be shared across shells to make patching easier and eliminate redundant command execution.<br />
</p><br />
<p><br />
KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding. More details can be found in the following whitepaper: [http://www.sans.org/reading-room/whitepapers/vpns/security-implications-ssh-1180 The Security Implications of SSH]. Also, SSH key management is enabled by default to prevent unmanaged public keys and enforce best practices.<br />
</p><br />
<br/><br />
[[File:KeyBox-Arch.jpg|500px]]<br />
<br />
==Licensing==<br />
[https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Download ==<br />
[https://github.com/skavanagh/KeyBox/releases Download now]<br />
<br />
== Project Leader ==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
== Links ==<br />
*[https://github.com/skavanagh/KeyBox KeyBox on Github]<br />
*[https://github.com/skavanagh/KeyBox/blob/master/README.md README]<br />
*[http://sshkeybox.com Website]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" | [https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
|}<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== News and Events ==<br />
<span style="color:#ff0000"><br />
* 2017-03-19: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.89.00 KeyBox v2.89.00]<br />
* 2017-03-16: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.88.02 KeyBox v2.88.02]<br />
* 2017-01-28: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.88.01 KeyBox v2.88.01]<br />
* 2017-01-01: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.88.00 KeyBox v2.88.00]<br />
* 2016-11-09: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.87.01 KeyBox v2.87.01]<br />
* 2016-10-22: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.87.00 KeyBox v2.87.00]<br />
* 2016-07-24: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.86.00 KeyBox v2.86.00]<br />
* 2016-04-24: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.85.03 KeyBox v2.85.03]<br />
* 2016-03-29: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.85.02 KeyBox v2.85.02]<br />
* 2015-12-09: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.85.01 KeyBox v2.85.01]<br />
* 2015-11-30: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.85.00 KeyBox v2.85.00]<br />
* 2015-11-06: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.84.01 KeyBox v2.84.01]<br />
* 2015-10-03: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.84.00 KeyBox v2.84.00]<br />
* 2015-06-07: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.83.02 KeyBox v2.83.02]<br />
* 2015-05-16: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.83.01 KeyBox v2.83.01]<br />
* 2015-04-21: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.83.00 KeyBox v2.83.00]<br />
* 2015-03-13: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.82.00 KeyBox v2.82.00]<br />
* 2015-03-03: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.80.00 KeyBox v2.80.00]<br />
* 2015-02-25: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.76.00 KeyBox v2.76.00]<br />
</span><br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
* How do I import my own SSL cert?<br />
<br />
::keytool -keystore keystore -import -alias jetty -file mycert.crt<br />
::then just replace the keystore in the jetty/etc/ directory and you set the passwords in the jetty/modules/ssl.mod file (see [http://www.eclipse.org/jetty/documentation/current/configuring-security-secure-passwords.html Configuring Security Secure Passwords] to set the password format)<br />
::More information can be found at [http://wiki.eclipse.org/Jetty/Howto/Configure_SSL How to Configure SSL]<br />
<br />
<br />
* I have a reverse-proxy that already terminates TLS/SSL, how do I disable TLS/SSL?<br />
<br />
::In the jetty directory edit the start.ini file and set<br />
<br />
::--module=https<br />
<br />
::to<br />
<br />
::--module=http<br />
<br />
::and change jetty.port=8443 to the needed port to be and restart. More information on jetty can be found - [http://www.eclipse.org/jetty/documentation/current/ Jetty Documentation]<br />
<br />
= Acknowledgements =<br />
<br />
==Contributors==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
==Special Thanks==<br />
<br />
[http://www.jcraft.com/jsch JSch] Java Secure Channel - by [https://github.com/ymnk ymnk]<br />
<br />
[https://github.com/chjj/term.js terms.js] A terminal written in javascript - by [https://github.com/chjj chjj]<br />
<br />
= Road Map and Getting Involved =<br />
<br />
==Road Map==<br />
<br />
Add ability to save session and command line information to a large data store so it can be audited and reviewed. Compute and flag irregularities that could point security issues or improper use. Deploy to embedded network devices to act as a proxy for SSH connections.<br />
<br />
==Getting Involved==<br />
<br />
<br />
=Minimum Viable Product=<br />
<br />
Currently packaged along with a web-server and can be downloaded from github<br />
<br />
[https://github.com/skavanagh/KeyBox/releases https://github.com/skavanagh/KeyBox/releases]<br />
<br />
<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Skavanaghhttps://wiki.owasp.org/index.php?title=OWASP_KeyBox&diff=227614OWASP KeyBox2017-03-18T22:35:17Z<p>Skavanagh: added release link</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP KeyBox Project==<br />
<br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users. KeyBox layers TLS/SSL on top of SSH and can act as a bastion host.<br />
<br />
<br/><br />
[[File:KeyBox-Terminals.png|400px]]<br />
<br />
==Description==<br />
<br />
<p><br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users.<br />
</p><br />
<p><br />
Administrators can login using two-factor authentication with<br />
[https://fedorahosted.org/freeotp FreeOTP]<br />
or<br />
[https://github.com/google/google-authenticator Google Authenticator]<br />
. From there they can create and manage public SSH keys or connect to their assigned systems through a web-shell. Commands can be shared across shells to make patching easier and eliminate redundant command execution.<br />
</p><br />
<p><br />
KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding. More details can be found in the following whitepaper: [http://www.sans.org/reading-room/whitepapers/vpns/security-implications-ssh-1180 The Security Implications of SSH]. Also, SSH key management is enabled by default to prevent unmanaged public keys and enforce best practices.<br />
</p><br />
<br/><br />
[[File:KeyBox-Arch.jpg|500px]]<br />
<br />
==Licensing==<br />
[https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Download ==<br />
[https://github.com/skavanagh/KeyBox/releases Download now]<br />
<br />
== Project Leader ==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
== Links ==<br />
*[https://github.com/skavanagh/KeyBox KeyBox on Github]<br />
*[https://github.com/skavanagh/KeyBox/blob/master/README.md README]<br />
*[http://sshkeybox.com Website]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" | [https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
|}<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== News and Events ==<br />
<span style="color:#ff0000"><br />
* 2017-03-16: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.88.02 KeyBox v2.88.02]<br />
* 2017-01-28: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.88.01 KeyBox v2.88.01]<br />
* 2017-01-01: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.88.00 KeyBox v2.88.00]<br />
* 2016-11-09: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.87.01 KeyBox v2.87.01]<br />
* 2016-10-22: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.87.00 KeyBox v2.87.00]<br />
* 2016-07-24: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.86.00 KeyBox v2.86.00]<br />
* 2016-04-24: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.85.03 KeyBox v2.85.03]<br />
* 2016-03-29: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.85.02 KeyBox v2.85.02]<br />
* 2015-12-09: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.85.01 KeyBox v2.85.01]<br />
* 2015-11-30: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.85.00 KeyBox v2.85.00]<br />
* 2015-11-06: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.84.01 KeyBox v2.84.01]<br />
* 2015-10-03: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.84.00 KeyBox v2.84.00]<br />
* 2015-06-07: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.83.02 KeyBox v2.83.02]<br />
* 2015-05-16: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.83.01 KeyBox v2.83.01]<br />
* 2015-04-21: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.83.00 KeyBox v2.83.00]<br />
* 2015-03-13: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.82.00 KeyBox v2.82.00]<br />
* 2015-03-03: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.80.00 KeyBox v2.80.00]<br />
* 2015-02-25: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.76.00 KeyBox v2.76.00]<br />
</span><br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
* How do I import my own SSL cert?<br />
<br />
::keytool -keystore keystore -import -alias jetty -file mycert.crt<br />
::then just replace the keystore in the jetty/etc/ directory and you set the passwords in the jetty/modules/ssl.mod file (see [http://www.eclipse.org/jetty/documentation/current/configuring-security-secure-passwords.html Configuring Security Secure Passwords] to set the password format)<br />
::More information can be found at [http://wiki.eclipse.org/Jetty/Howto/Configure_SSL How to Configure SSL]<br />
<br />
<br />
* I have a reverse-proxy that already terminates TLS/SSL, how do I disable TLS/SSL?<br />
<br />
::In the jetty directory edit the start.ini file and set<br />
<br />
::--module=https<br />
<br />
::to<br />
<br />
::--module=http<br />
<br />
::and change jetty.port=8443 to the needed port to be and restart. More information on jetty can be found - [http://www.eclipse.org/jetty/documentation/current/ Jetty Documentation]<br />
<br />
= Acknowledgements =<br />
<br />
==Contributors==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
==Special Thanks==<br />
<br />
[http://www.jcraft.com/jsch JSch] Java Secure Channel - by [https://github.com/ymnk ymnk]<br />
<br />
[https://github.com/chjj/term.js terms.js] A terminal written in javascript - by [https://github.com/chjj chjj]<br />
<br />
= Road Map and Getting Involved =<br />
<br />
==Road Map==<br />
<br />
Add ability to save session and command line information to a large data store so it can be audited and reviewed. Compute and flag irregularities that could point security issues or improper use. Deploy to embedded network devices to act as a proxy for SSH connections.<br />
<br />
==Getting Involved==<br />
<br />
<br />
=Minimum Viable Product=<br />
<br />
Currently packaged along with a web-server and can be downloaded from github<br />
<br />
[https://github.com/skavanagh/KeyBox/releases https://github.com/skavanagh/KeyBox/releases]<br />
<br />
<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Skavanaghhttps://wiki.owasp.org/index.php?title=OWASP_KeyBox&diff=227176OWASP KeyBox2017-03-09T00:35:10Z<p>Skavanagh: </p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP KeyBox Project==<br />
<br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users. KeyBox layers TLS/SSL on top of SSH and can act as a bastion host.<br />
<br />
<br/><br />
[[File:KeyBox-Terminals.png|400px]]<br />
<br />
==Description==<br />
<br />
<p><br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users.<br />
</p><br />
<p><br />
Administrators can login using two-factor authentication with<br />
[https://fedorahosted.org/freeotp FreeOTP]<br />
or<br />
[https://github.com/google/google-authenticator Google Authenticator]<br />
. From there they can create and manage public SSH keys or connect to their assigned systems through a web-shell. Commands can be shared across shells to make patching easier and eliminate redundant command execution.<br />
</p><br />
<p><br />
KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding. More details can be found in the following whitepaper: [http://www.sans.org/reading-room/whitepapers/vpns/security-implications-ssh-1180 The Security Implications of SSH]. Also, SSH key management is enabled by default to prevent unmanaged public keys and enforce best practices.<br />
</p><br />
<br/><br />
[[File:KeyBox-Arch.jpg|500px]]<br />
<br />
==Licensing==<br />
[https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Download ==<br />
[https://github.com/skavanagh/KeyBox/releases Download now]<br />
<br />
== Project Leader ==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
== Links ==<br />
*[https://github.com/skavanagh/KeyBox KeyBox on Github]<br />
*[https://github.com/skavanagh/KeyBox/blob/master/README.md README]<br />
*[http://sshkeybox.com Website]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" | [https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
|}<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== News and Events ==<br />
<span style="color:#ff0000"><br />
* 2017-01-28: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.88.01 KeyBox v2.88.01]<br />
* 2017-01-01: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.88.00 KeyBox v2.88.00]<br />
* 2016-11-09: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.87.01 KeyBox v2.87.01]<br />
* 2016-10-22: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.87.00 KeyBox v2.87.00]<br />
* 2016-07-24: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.86.00 KeyBox v2.86.00]<br />
* 2016-04-24: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.85.03 KeyBox v2.85.03]<br />
* 2016-03-29: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.85.02 KeyBox v2.85.02]<br />
* 2015-12-09: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.85.01 KeyBox v2.85.01]<br />
* 2015-11-30: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.85.00 KeyBox v2.85.00]<br />
* 2015-11-06: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.84.01 KeyBox v2.84.01]<br />
* 2015-10-03: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.84.00 KeyBox v2.84.00]<br />
* 2015-06-07: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.83.02 KeyBox v2.83.02]<br />
* 2015-05-16: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.83.01 KeyBox v2.83.01]<br />
* 2015-04-21: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.83.00 KeyBox v2.83.00]<br />
* 2015-03-13: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.82.00 KeyBox v2.82.00]<br />
* 2015-03-03: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.80.00 KeyBox v2.80.00]<br />
* 2015-02-25: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.76.00 KeyBox v2.76.00]<br />
</span><br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
* How do I import my own SSL cert?<br />
<br />
::keytool -keystore keystore -import -alias jetty -file mycert.crt<br />
::then just replace the keystore in the jetty/etc/ directory and you set the passwords in the jetty/modules/ssl.mod file (see [http://www.eclipse.org/jetty/documentation/current/configuring-security-secure-passwords.html Configuring Security Secure Passwords] to set the password format)<br />
::More information can be found at [http://wiki.eclipse.org/Jetty/Howto/Configure_SSL How to Configure SSL]<br />
<br />
<br />
* I have a reverse-proxy that already terminates TLS/SSL, how do I disable TLS/SSL?<br />
<br />
::In the jetty directory edit the start.ini file and set<br />
<br />
::--module=https<br />
<br />
::to<br />
<br />
::--module=http<br />
<br />
::and change jetty.port=8443 to the needed port to be and restart. More information on jetty can be found - [http://www.eclipse.org/jetty/documentation/current/ Jetty Documentation]<br />
<br />
= Acknowledgements =<br />
<br />
==Contributors==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
==Special Thanks==<br />
<br />
[http://www.jcraft.com/jsch JSch] Java Secure Channel - by [https://github.com/ymnk ymnk]<br />
<br />
[https://github.com/chjj/term.js terms.js] A terminal written in javascript - by [https://github.com/chjj chjj]<br />
<br />
= Road Map and Getting Involved =<br />
<br />
==Road Map==<br />
<br />
Add ability to save session and command line information to a large data store so it can be audited and reviewed. Compute and flag irregularities that could point security issues or improper use. Deploy to embedded network devices to act as a proxy for SSH connections.<br />
<br />
==Getting Involved==<br />
<br />
<br />
=Minimum Viable Product=<br />
<br />
Currently packaged along with a web-server and can be downloaded from github<br />
<br />
[https://github.com/skavanagh/KeyBox/releases https://github.com/skavanagh/KeyBox/releases]<br />
<br />
<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Skavanaghhttps://wiki.owasp.org/index.php?title=OWASP_KeyBox&diff=224662OWASP KeyBox2017-01-04T01:17:57Z<p>Skavanagh: </p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP KeyBox Project==<br />
<br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users. KeyBox layers TLS/SSL on top of SSH and can act as a bastion host.<br />
<br />
<br/><br />
[[File:KeyBox-Terminals.png|400px]]<br />
<br />
==Description==<br />
<br />
<p><br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users.<br />
</p><br />
<p><br />
Administrators can login using two-factor authentication with<br />
[https://fedorahosted.org/freeotp FreeOTP]<br />
or<br />
[https://github.com/google/google-authenticator Google Authenticator]<br />
. From there they can create and manage public SSH keys or connect to their assigned systems through a web-shell. Commands can be shared across shells to make patching easier and eliminate redundant command execution.<br />
</p><br />
<p><br />
KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding. More details can be found in the following whitepaper: [http://www.sans.org/reading-room/whitepapers/vpns/security-implications-ssh-1180 The Security Implications of SSH]. Also, SSH key management is enabled by default to prevent unmanaged public keys and enforce best practices.<br />
</p><br />
<br/><br />
[[File:KeyBox-Arch.jpg|500px]]<br />
<br />
==Licensing==<br />
[https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Download ==<br />
[https://github.com/skavanagh/KeyBox/releases Download now]<br />
<br />
== Project Leader ==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
== Links ==<br />
*[https://github.com/skavanagh/KeyBox KeyBox on Github]<br />
*[https://github.com/skavanagh/KeyBox/blob/master/README.md README]<br />
*[http://sshkeybox.com Website]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" | [https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
|}<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== News and Events ==<br />
<span style="color:#ff0000"><br />
* 2017-01-01: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.88.00 KeyBox v2.88.00]<br />
* 2016-11-09: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.87.01 KeyBox v2.87.01]<br />
* 2016-10-22: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.87.00 KeyBox v2.87.00]<br />
* 2016-07-24: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.86.00 KeyBox v2.86.00]<br />
* 2016-04-24: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.85.03 KeyBox v2.85.03]<br />
* 2016-03-29: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.85.02 KeyBox v2.85.02]<br />
* 2015-12-09: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.85.01 KeyBox v2.85.01]<br />
* 2015-11-30: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.85.00 KeyBox v2.85.00]<br />
* 2015-11-06: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.84.01 KeyBox v2.84.01]<br />
* 2015-10-03: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.84.00 KeyBox v2.84.00]<br />
* 2015-06-07: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.83.02 KeyBox v2.83.02]<br />
* 2015-05-16: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.83.01 KeyBox v2.83.01]<br />
* 2015-04-21: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.83.00 KeyBox v2.83.00]<br />
* 2015-03-13: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.82.00 KeyBox v2.82.00]<br />
* 2015-03-03: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.80.00 KeyBox v2.80.00]<br />
* 2015-02-25: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.76.00 KeyBox v2.76.00]<br />
</span><br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
* How do I import my own SSL cert?<br />
<br />
::keytool -keystore keystore -import -alias jetty -file mycert.crt<br />
::then just replace the keystore in the jetty/etc/ directory and you set the passwords in the jetty/modules/ssl.mod file (see [http://www.eclipse.org/jetty/documentation/current/configuring-security-secure-passwords.html Configuring Security Secure Passwords] to set the password format)<br />
::More information can be found at [http://wiki.eclipse.org/Jetty/Howto/Configure_SSL How to Configure SSL]<br />
<br />
<br />
* I have a reverse-proxy that already terminates TLS/SSL, how do I disable TLS/SSL?<br />
<br />
::In the jetty directory edit the start.ini file and set<br />
<br />
::--module=https<br />
<br />
::to<br />
<br />
::--module=http<br />
<br />
::and change jetty.port=8443 to the needed port to be and restart. More information on jetty can be found - [http://www.eclipse.org/jetty/documentation/current/ Jetty Documentation]<br />
<br />
= Acknowledgements =<br />
<br />
==Contributors==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
==Special Thanks==<br />
<br />
[http://www.jcraft.com/jsch JSch] Java Secure Channel - by [https://github.com/ymnk ymnk]<br />
<br />
[https://github.com/chjj/term.js terms.js] A terminal written in javascript - by [https://github.com/chjj chjj]<br />
<br />
= Road Map and Getting Involved =<br />
<br />
==Road Map==<br />
<br />
Add ability to save session and command line information to a large data store so it can be audited and reviewed. Compute and flag irregularities that could point security issues or improper use. Deploy to embedded network devices to act as a proxy for SSH connections.<br />
<br />
==Getting Involved==<br />
<br />
<br />
=Minimum Viable Product=<br />
<br />
Currently packaged along with a web-server and can be downloaded from github<br />
<br />
[https://github.com/skavanagh/KeyBox/releases https://github.com/skavanagh/KeyBox/releases]<br />
<br />
<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Skavanaghhttps://wiki.owasp.org/index.php?title=OWASP_KeyBox&diff=219956OWASP KeyBox2016-08-02T00:59:36Z<p>Skavanagh: </p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP KeyBox Project==<br />
<br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users. KeyBox layers TLS/SSL on top of SSH and can act as a bastion host.<br />
<br />
<br/><br />
[[File:KeyBox-Terminals.png|400px]]<br />
<br />
==Description==<br />
<br />
<p><br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users.<br />
</p><br />
<p><br />
Administrators can login using two-factor authentication with<br />
[https://fedorahosted.org/freeotp FreeOTP]<br />
or<br />
[https://github.com/google/google-authenticator Google Authenticator]<br />
. From there they can create and manage public SSH keys or connect to their assigned systems through a web-shell. Commands can be shared across shells to make patching easier and eliminate redundant command execution.<br />
</p><br />
<p><br />
KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding. More details can be found in the following whitepaper: [http://www.sans.org/reading-room/whitepapers/vpns/security-implications-ssh-1180 The Security Implications of SSH]. Also, SSH key management is enabled by default to prevent unmanaged public keys and enforce best practices.<br />
</p><br />
<br/><br />
[[File:KeyBox-Arch.jpg|500px]]<br />
<br />
==Licensing==<br />
[https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Download ==<br />
[https://github.com/skavanagh/KeyBox/releases Download now]<br />
<br />
== Project Leader ==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
== Links ==<br />
*[https://github.com/skavanagh/KeyBox KeyBox on Github]<br />
*[https://github.com/skavanagh/KeyBox/blob/master/README.md README]<br />
*[http://sshkeybox.com Website]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" | [https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
|}<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== News and Events ==<br />
<span style="color:#ff0000"><br />
* 2016-07-24: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.86.00 KeyBox v2.86.00]<br />
* 2016-04-24: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.85.03 KeyBox v2.85.03]<br />
* 2016-03-29: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.85.02 KeyBox v2.85.02]<br />
* 2015-12-09: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.85.01 KeyBox v2.85.01]<br />
* 2015-11-30: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.85.00 KeyBox v2.85.00]<br />
* 2015-11-06: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.84.01 KeyBox v2.84.01]<br />
* 2015-10-03: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.84.00 KeyBox v2.84.00]<br />
* 2015-06-07: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.83.02 KeyBox v2.83.02]<br />
* 2015-05-16: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.83.01 KeyBox v2.83.01]<br />
* 2015-04-21: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.83.00 KeyBox v2.83.00]<br />
* 2015-03-13: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.82.00 KeyBox v2.82.00]<br />
* 2015-03-03: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.80.00 KeyBox v2.80.00]<br />
* 2015-02-25: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.76.00 KeyBox v2.76.00]<br />
</span><br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
* How do I import my own SSL cert?<br />
<br />
::keytool -keystore keystore -import -alias jetty -file mycert.crt<br />
::then just replace the keystore in the jetty/etc/ directory and you set the passwords in the jetty/modules/ssl.mod file (see [http://www.eclipse.org/jetty/documentation/current/configuring-security-secure-passwords.html Configuring Security Secure Passwords] to set the password format)<br />
::More information can be found at [http://wiki.eclipse.org/Jetty/Howto/Configure_SSL How to Configure SSL]<br />
<br />
<br />
* I have a reverse-proxy that already terminates TLS/SSL, how do I disable TLS/SSL?<br />
<br />
::In the jetty directory edit the start.ini file and set<br />
<br />
::--module=https<br />
<br />
::to<br />
<br />
::--module=http<br />
<br />
::and change jetty.port=8443 to the needed port to be and restart. More information on jetty can be found - [http://www.eclipse.org/jetty/documentation/current/ Jetty Documentation]<br />
<br />
= Acknowledgements =<br />
<br />
==Contributors==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
==Special Thanks==<br />
<br />
[http://www.jcraft.com/jsch JSch] Java Secure Channel - by [https://github.com/ymnk ymnk]<br />
<br />
[https://github.com/chjj/term.js terms.js] A terminal written in javascript - by [https://github.com/chjj chjj]<br />
<br />
= Road Map and Getting Involved =<br />
<br />
==Road Map==<br />
<br />
Add ability to save session and command line information to a large data store so it can be audited and reviewed. Compute and flag irregularities that could point security issues or improper use. Deploy to embedded network devices to act as a proxy for SSH connections.<br />
<br />
==Getting Involved==<br />
<br />
<br />
=Minimum Viable Product=<br />
<br />
Currently packaged along with a web-server and can be downloaded from github<br />
<br />
[https://github.com/skavanagh/KeyBox/releases https://github.com/skavanagh/KeyBox/releases]<br />
<br />
<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Skavanaghhttps://wiki.owasp.org/index.php?title=OWASP_KeyBox&diff=215860OWASP KeyBox2016-04-24T10:48:06Z<p>Skavanagh: /* News and Events */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP KeyBox Project==<br />
<br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users. KeyBox layers TLS/SSL on top of SSH and can act as a bastion host.<br />
<br />
<br/><br />
[[File:KeyBox-Terminals.png|400px]]<br />
<br />
==Description==<br />
<br />
<p><br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users.<br />
</p><br />
<p><br />
Administrators can login using two-factor authentication with<br />
[https://fedorahosted.org/freeotp FreeOTP]<br />
or<br />
[https://github.com/google/google-authenticator Google Authenticator]<br />
. From there they can create and manage public SSH keys or connect to their assigned systems through a web-shell. Commands can be shared across shells to make patching easier and eliminate redundant command execution.<br />
</p><br />
<p><br />
KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding. More details can be found in the following whitepaper: [http://www.sans.org/reading-room/whitepapers/vpns/security-implications-ssh-1180 The Security Implications of SSH]. Also, SSH key management is enabled by default to prevent unmanaged public keys and enforce best practices.<br />
</p><br />
<br/><br />
[[File:KeyBox-Arch.jpg|500px]]<br />
<br />
==Licensing==<br />
[https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Download ==<br />
[https://github.com/skavanagh/KeyBox/releases Download now]<br />
<br />
== Project Leader ==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
== Links ==<br />
*[https://github.com/skavanagh/KeyBox KeyBox on Github]<br />
*[https://github.com/skavanagh/KeyBox/blob/master/README.md README]<br />
*[http://sshkeybox.com Website]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" | [https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
|}<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== News and Events ==<br />
<span style="color:#ff0000"><br />
* 2016-04-24: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.85.03 KeyBox v2.85.03]<br />
* 2016-03-29: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.85.02 KeyBox v2.85.02]<br />
* 2015-12-09: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.85.01 KeyBox v2.85.01]<br />
* 2015-11-30: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.85.00 KeyBox v2.85.00]<br />
* 2015-11-06: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.84.01 KeyBox v2.84.01]<br />
* 2015-10-03: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.84.00 KeyBox v2.84.00]<br />
* 2015-06-07: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.83.02 KeyBox v2.83.02]<br />
* 2015-05-16: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.83.01 KeyBox v2.83.01]<br />
* 2015-04-21: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.83.00 KeyBox v2.83.00]<br />
* 2015-03-13: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.82.00 KeyBox v2.82.00]<br />
* 2015-03-03: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.80.00 KeyBox v2.80.00]<br />
* 2015-02-25: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.76.00 KeyBox v2.76.00]<br />
</span><br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
* How do I import my own SSL cert?<br />
<br />
::keytool -keystore keystore -import -alias jetty -file mycert.crt<br />
::then just replace the keystore in the jetty/etc/ directory and you set the passwords in the jetty/modules/ssl.mod file (see [http://www.eclipse.org/jetty/documentation/current/configuring-security-secure-passwords.html Configuring Security Secure Passwords] to set the password format)<br />
::More information can be found at [http://wiki.eclipse.org/Jetty/Howto/Configure_SSL How to Configure SSL]<br />
<br />
<br />
* I have a reverse-proxy that already terminates TLS/SSL, how do I disable TLS/SSL?<br />
<br />
::In the jetty directory edit the start.ini file and set<br />
<br />
::--module=https<br />
<br />
::to<br />
<br />
::--module=http<br />
<br />
::and change jetty.port=8443 to the needed port to be and restart. More information on jetty can be found - [http://www.eclipse.org/jetty/documentation/current/ Jetty Documentation]<br />
<br />
= Acknowledgements =<br />
<br />
==Contributors==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
==Special Thanks==<br />
<br />
[http://www.jcraft.com/jsch JSch] Java Secure Channel - by [https://github.com/ymnk ymnk]<br />
<br />
[https://github.com/chjj/term.js terms.js] A terminal written in javascript - by [https://github.com/chjj chjj]<br />
<br />
= Road Map and Getting Involved =<br />
<br />
==Road Map==<br />
<br />
Add ability to save session and command line information to a large data store so it can be audited and reviewed. Compute and flag irregularities that could point security issues or improper use. Deploy to embedded network devices to act as a proxy for SSH connections.<br />
<br />
==Getting Involved==<br />
<br />
<br />
=Minimum Viable Product=<br />
<br />
Currently packaged along with a web-server and can be downloaded from github<br />
<br />
[https://github.com/skavanagh/KeyBox/releases https://github.com/skavanagh/KeyBox/releases]<br />
<br />
<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Skavanaghhttps://wiki.owasp.org/index.php?title=OWASP_KeyBox&diff=212512OWASP KeyBox2016-04-06T00:56:59Z<p>Skavanagh: </p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP KeyBox Project==<br />
<br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users. KeyBox layers TLS/SSL on top of SSH and can act as a bastion host.<br />
<br />
<br/><br />
[[File:KeyBox-Terminals.png|400px]]<br />
<br />
==Description==<br />
<br />
<p><br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users.<br />
</p><br />
<p><br />
Administrators can login using two-factor authentication with<br />
[https://fedorahosted.org/freeotp FreeOTP]<br />
or<br />
[https://github.com/google/google-authenticator Google Authenticator]<br />
. From there they can create and manage public SSH keys or connect to their assigned systems through a web-shell. Commands can be shared across shells to make patching easier and eliminate redundant command execution.<br />
</p><br />
<p><br />
KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding. More details can be found in the following whitepaper: [http://www.sans.org/reading-room/whitepapers/vpns/security-implications-ssh-1180 The Security Implications of SSH]. Also, SSH key management is enabled by default to prevent unmanaged public keys and enforce best practices.<br />
</p><br />
<br/><br />
[[File:KeyBox-Arch.jpg|500px]]<br />
<br />
==Licensing==<br />
[https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Download ==<br />
[https://github.com/skavanagh/KeyBox/releases Download now]<br />
<br />
== Project Leader ==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
== Links ==<br />
*[https://github.com/skavanagh/KeyBox KeyBox on Github]<br />
*[https://github.com/skavanagh/KeyBox/blob/master/README.md README]<br />
*[http://sshkeybox.com Website]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" | [https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
|}<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== News and Events ==<br />
<span style="color:#ff0000"><br />
* 2016-03-29: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.85.02 KeyBox v2.85.02]<br />
* 2015-12-09: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.85.01 KeyBox v2.85.01]<br />
* 2015-11-30: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.85.00 KeyBox v2.85.00]<br />
* 2015-11-06: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.84.01 KeyBox v2.84.01]<br />
* 2015-10-03: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.84.00 KeyBox v2.84.00]<br />
* 2015-06-07: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.83.02 KeyBox v2.83.02]<br />
* 2015-05-16: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.83.01 KeyBox v2.83.01]<br />
* 2015-04-21: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.83.00 KeyBox v2.83.00]<br />
* 2015-03-13: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.82.00 KeyBox v2.82.00]<br />
* 2015-03-03: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.80.00 KeyBox v2.80.00]<br />
* 2015-02-25: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.76.00 KeyBox v2.76.00]<br />
</span><br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
* How do I import my own SSL cert?<br />
<br />
::keytool -keystore keystore -import -alias jetty -file mycert.crt<br />
::then just replace the keystore in the jetty/etc/ directory and you set the passwords in the jetty/modules/ssl.mod file (see [http://www.eclipse.org/jetty/documentation/current/configuring-security-secure-passwords.html Configuring Security Secure Passwords] to set the password format)<br />
::More information can be found at [http://wiki.eclipse.org/Jetty/Howto/Configure_SSL How to Configure SSL]<br />
<br />
<br />
* I have a reverse-proxy that already terminates TLS/SSL, how do I disable TLS/SSL?<br />
<br />
::In the jetty directory edit the start.ini file and set<br />
<br />
::--module=https<br />
<br />
::to<br />
<br />
::--module=http<br />
<br />
::and change jetty.port=8443 to the needed port to be and restart. More information on jetty can be found - [http://www.eclipse.org/jetty/documentation/current/ Jetty Documentation]<br />
<br />
= Acknowledgements =<br />
<br />
==Contributors==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
==Special Thanks==<br />
<br />
[http://www.jcraft.com/jsch JSch] Java Secure Channel - by [https://github.com/ymnk ymnk]<br />
<br />
[https://github.com/chjj/term.js terms.js] A terminal written in javascript - by [https://github.com/chjj chjj]<br />
<br />
= Road Map and Getting Involved =<br />
<br />
==Road Map==<br />
<br />
Add ability to save session and command line information to a large data store so it can be audited and reviewed. Compute and flag irregularities that could point security issues or improper use. Deploy to embedded network devices to act as a proxy for SSH connections.<br />
<br />
==Getting Involved==<br />
<br />
<br />
=Minimum Viable Product=<br />
<br />
Currently packaged along with a web-server and can be downloaded from github<br />
<br />
[https://github.com/skavanagh/KeyBox/releases https://github.com/skavanagh/KeyBox/releases]<br />
<br />
<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Skavanaghhttps://wiki.owasp.org/index.php?title=OWASP_KeyBox&diff=204958OWASP KeyBox2015-12-10T01:43:55Z<p>Skavanagh: /* News and Events */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP KeyBox Project==<br />
<br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users. KeyBox layers TLS/SSL on top of SSH and can act as a bastion host.<br />
<br />
<br/><br />
[[File:KeyBox-Terminals.png|400px]]<br />
<br />
==Description==<br />
<br />
<p><br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users.<br />
</p><br />
<p><br />
Administrators can login using two-factor authentication with<br />
[https://fedorahosted.org/freeotp FreeOTP]<br />
or<br />
[https://github.com/google/google-authenticator Google Authenticator]<br />
. From there they can create and manage public SSH keys or connect to their assigned systems through a web-shell. Commands can be shared across shells to make patching easier and eliminate redundant command execution.<br />
</p><br />
<p><br />
KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding. More details can be found in the following whitepaper: [http://www.sans.org/reading-room/whitepapers/vpns/security-implications-ssh-1180 The Security Implications of SSH]. Also, SSH key management is enabled by default to prevent unmanaged public keys and enforce best practices.<br />
</p><br />
<br/><br />
[[File:KeyBox-Arch.jpg|500px]]<br />
<br />
==Licensing==<br />
[https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Download ==<br />
[https://github.com/skavanagh/KeyBox/releases Download now]<br />
<br />
== Project Leader ==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
== Links ==<br />
*[https://github.com/skavanagh/KeyBox KeyBox on Github]<br />
*[https://github.com/skavanagh/KeyBox/blob/master/README.md README]<br />
*[http://sshkeybox.com Website]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" | [https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
|}<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== News and Events ==<br />
<span style="color:#ff0000"><br />
* 2015-12-09: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.85.01 KeyBox v2.85.01]<br />
* 2015-11-30: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.85.00 KeyBox v2.85.00]<br />
* 2015-11-06: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.84.01 KeyBox v2.84.01]<br />
* 2015-10-03: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.84.00 KeyBox v2.84.00]<br />
* 2015-06-07: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.83.02 KeyBox v2.83.02]<br />
* 2015-05-16: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.83.01 KeyBox v2.83.01]<br />
* 2015-04-21: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.83.00 KeyBox v2.83.00]<br />
* 2015-03-13: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.82.00 KeyBox v2.82.00]<br />
* 2015-03-03: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.80.00 KeyBox v2.80.00]<br />
* 2015-02-25: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.76.00 KeyBox v2.76.00]<br />
</span><br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
* How do I import my own SSL cert?<br />
<br />
::keytool -keystore keystore -import -alias jetty -file mycert.crt<br />
::then just replace the keystore in the jetty/etc/ directory and you set the passwords in the jetty/modules/ssl.mod file (see [http://www.eclipse.org/jetty/documentation/current/configuring-security-secure-passwords.html Configuring Security Secure Passwords] to set the password format)<br />
::More information can be found at [http://wiki.eclipse.org/Jetty/Howto/Configure_SSL How to Configure SSL]<br />
<br />
<br />
* I have a reverse-proxy that already terminates TLS/SSL, how do I disable TLS/SSL?<br />
<br />
::In the jetty directory edit the start.ini file and set<br />
<br />
::--module=https<br />
<br />
::to<br />
<br />
::--module=http<br />
<br />
::and change jetty.port=8443 to the needed port to be and restart. More information on jetty can be found - [http://www.eclipse.org/jetty/documentation/current/ Jetty Documentation]<br />
<br />
= Acknowledgements =<br />
<br />
==Contributors==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
==Special Thanks==<br />
<br />
[http://www.jcraft.com/jsch JSch] Java Secure Channel - by [https://github.com/ymnk ymnk]<br />
<br />
[https://github.com/chjj/term.js terms.js] A terminal written in javascript - by [https://github.com/chjj chjj]<br />
<br />
= Road Map and Getting Involved =<br />
<br />
==Road Map==<br />
<br />
Add ability to save session and command line information to a large data store so it can be audited and reviewed. Compute and flag irregularities that could point security issues or improper use. Deploy to embedded network devices to act as a proxy for SSH connections.<br />
<br />
==Getting Involved==<br />
<br />
<br />
=Minimum Viable Product=<br />
<br />
Currently packaged along with a web-server and can be downloaded from github<br />
<br />
[https://github.com/skavanagh/KeyBox/releases https://github.com/skavanagh/KeyBox/releases]<br />
<br />
<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Skavanaghhttps://wiki.owasp.org/index.php?title=OWASP_KeyBox&diff=204858OWASP KeyBox2015-12-08T00:28:10Z<p>Skavanagh: /* News and Events */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP KeyBox Project==<br />
<br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users. KeyBox layers TLS/SSL on top of SSH and can act as a bastion host.<br />
<br />
<br/><br />
[[File:KeyBox-Terminals.png|400px]]<br />
<br />
==Description==<br />
<br />
<p><br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users.<br />
</p><br />
<p><br />
Administrators can login using two-factor authentication with<br />
[https://fedorahosted.org/freeotp FreeOTP]<br />
or<br />
[https://github.com/google/google-authenticator Google Authenticator]<br />
. From there they can create and manage public SSH keys or connect to their assigned systems through a web-shell. Commands can be shared across shells to make patching easier and eliminate redundant command execution.<br />
</p><br />
<p><br />
KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding. More details can be found in the following whitepaper: [http://www.sans.org/reading-room/whitepapers/vpns/security-implications-ssh-1180 The Security Implications of SSH]. Also, SSH key management is enabled by default to prevent unmanaged public keys and enforce best practices.<br />
</p><br />
<br/><br />
[[File:KeyBox-Arch.jpg|500px]]<br />
<br />
==Licensing==<br />
[https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Download ==<br />
[https://github.com/skavanagh/KeyBox/releases Download now]<br />
<br />
== Project Leader ==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
== Links ==<br />
*[https://github.com/skavanagh/KeyBox KeyBox on Github]<br />
*[https://github.com/skavanagh/KeyBox/blob/master/README.md README]<br />
*[http://sshkeybox.com Website]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" | [https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
|}<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== News and Events ==<br />
<span style="color:#ff0000"><br />
* 2015-11-30: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.85.00 KeyBox v2.85.00]<br />
* 2015-11-06: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.84.01 KeyBox v2.84.01]<br />
* 2015-10-03: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.84.00 KeyBox v2.84.00]<br />
* 2015-06-07: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.83.02 KeyBox v2.83.02]<br />
* 2015-05-16: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.83.01 KeyBox v2.83.01]<br />
* 2015-04-21: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.83.00 KeyBox v2.83.00]<br />
* 2015-03-13: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.82.00 KeyBox v2.82.00]<br />
* 2015-03-03: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.80.00 KeyBox v2.80.00]<br />
* 2015-02-25: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.76.00 KeyBox v2.76.00]<br />
</span><br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
* How do I import my own SSL cert?<br />
<br />
::keytool -keystore keystore -import -alias jetty -file mycert.crt<br />
::then just replace the keystore in the jetty/etc/ directory and you set the passwords in the jetty/modules/ssl.mod file (see [http://www.eclipse.org/jetty/documentation/current/configuring-security-secure-passwords.html Configuring Security Secure Passwords] to set the password format)<br />
::More information can be found at [http://wiki.eclipse.org/Jetty/Howto/Configure_SSL How to Configure SSL]<br />
<br />
<br />
* I have a reverse-proxy that already terminates TLS/SSL, how do I disable TLS/SSL?<br />
<br />
::In the jetty directory edit the start.ini file and set<br />
<br />
::--module=https<br />
<br />
::to<br />
<br />
::--module=http<br />
<br />
::and change jetty.port=8443 to the needed port to be and restart. More information on jetty can be found - [http://www.eclipse.org/jetty/documentation/current/ Jetty Documentation]<br />
<br />
= Acknowledgements =<br />
<br />
==Contributors==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
==Special Thanks==<br />
<br />
[http://www.jcraft.com/jsch JSch] Java Secure Channel - by [https://github.com/ymnk ymnk]<br />
<br />
[https://github.com/chjj/term.js terms.js] A terminal written in javascript - by [https://github.com/chjj chjj]<br />
<br />
= Road Map and Getting Involved =<br />
<br />
==Road Map==<br />
<br />
Add ability to save session and command line information to a large data store so it can be audited and reviewed. Compute and flag irregularities that could point security issues or improper use. Deploy to embedded network devices to act as a proxy for SSH connections.<br />
<br />
==Getting Involved==<br />
<br />
<br />
=Minimum Viable Product=<br />
<br />
Currently packaged along with a web-server and can be downloaded from github<br />
<br />
[https://github.com/skavanagh/KeyBox/releases https://github.com/skavanagh/KeyBox/releases]<br />
<br />
<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Skavanaghhttps://wiki.owasp.org/index.php?title=OWASP_KeyBox&diff=203321OWASP KeyBox2015-11-12T02:55:38Z<p>Skavanagh: /* News and Events */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP KeyBox Project==<br />
<br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users. KeyBox layers TLS/SSL on top of SSH and can act as a bastion host.<br />
<br />
<br/><br />
[[File:KeyBox-Terminals.png|400px]]<br />
<br />
==Description==<br />
<br />
<p><br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users.<br />
</p><br />
<p><br />
Administrators can login using two-factor authentication with<br />
[https://fedorahosted.org/freeotp FreeOTP]<br />
or<br />
[https://github.com/google/google-authenticator Google Authenticator]<br />
. From there they can create and manage public SSH keys or connect to their assigned systems through a web-shell. Commands can be shared across shells to make patching easier and eliminate redundant command execution.<br />
</p><br />
<p><br />
KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding. More details can be found in the following whitepaper: [http://www.sans.org/reading-room/whitepapers/vpns/security-implications-ssh-1180 The Security Implications of SSH]. Also, SSH key management is enabled by default to prevent unmanaged public keys and enforce best practices.<br />
</p><br />
<br/><br />
[[File:KeyBox-Arch.jpg|500px]]<br />
<br />
==Licensing==<br />
[https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Download ==<br />
[https://github.com/skavanagh/KeyBox/releases Download now]<br />
<br />
== Project Leader ==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
== Links ==<br />
*[https://github.com/skavanagh/KeyBox KeyBox on Github]<br />
*[https://github.com/skavanagh/KeyBox/blob/master/README.md README]<br />
*[http://sshkeybox.com Website]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" | [https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
|}<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== News and Events ==<br />
<span style="color:#ff0000"><br />
* 2015-11-06: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.84.01 KeyBox v2.84.01]<br />
* 2015-10-03: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.84.00 KeyBox v2.84.00]<br />
* 2015-06-07: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.83.02 KeyBox v2.83.02]<br />
* 2015-05-16: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.83.01 KeyBox v2.83.01]<br />
* 2015-04-21: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.83.00 KeyBox v2.83.00]<br />
* 2015-03-13: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.82.00 KeyBox v2.82.00]<br />
* 2015-03-03: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.80.00 KeyBox v2.80.00]<br />
* 2015-02-25: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.76.00 KeyBox v2.76.00]<br />
</span><br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
* How do I import my own SSL cert?<br />
<br />
::keytool -keystore keystore -import -alias jetty -file mycert.crt<br />
::then just replace the keystore in the jetty/etc/ directory and you set the passwords in the jetty/modules/ssl.mod file (see [http://www.eclipse.org/jetty/documentation/current/configuring-security-secure-passwords.html Configuring Security Secure Passwords] to set the password format)<br />
::More information can be found at [http://wiki.eclipse.org/Jetty/Howto/Configure_SSL How to Configure SSL]<br />
<br />
<br />
* I have a reverse-proxy that already terminates TLS/SSL, how do I disable TLS/SSL?<br />
<br />
::In the jetty directory edit the start.ini file and set<br />
<br />
::--module=https<br />
<br />
::to<br />
<br />
::--module=http<br />
<br />
::and change jetty.port=8443 to the needed port to be and restart. More information on jetty can be found - [http://www.eclipse.org/jetty/documentation/current/ Jetty Documentation]<br />
<br />
= Acknowledgements =<br />
<br />
==Contributors==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
==Special Thanks==<br />
<br />
[http://www.jcraft.com/jsch JSch] Java Secure Channel - by [https://github.com/ymnk ymnk]<br />
<br />
[https://github.com/chjj/term.js terms.js] A terminal written in javascript - by [https://github.com/chjj chjj]<br />
<br />
= Road Map and Getting Involved =<br />
<br />
==Road Map==<br />
<br />
Add ability to save session and command line information to a large data store so it can be audited and reviewed. Compute and flag irregularities that could point security issues or improper use. Deploy to embedded network devices to act as a proxy for SSH connections.<br />
<br />
==Getting Involved==<br />
<br />
<br />
=Minimum Viable Product=<br />
<br />
Currently packaged along with a web-server and can be downloaded from github<br />
<br />
[https://github.com/skavanagh/KeyBox/releases https://github.com/skavanagh/KeyBox/releases]<br />
<br />
<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Skavanaghhttps://wiki.owasp.org/index.php?title=OWASP_KeyBox&diff=201589OWASP KeyBox2015-10-04T00:58:17Z<p>Skavanagh: /* News and Events */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP KeyBox Project==<br />
<br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users. KeyBox layers TLS/SSL on top of SSH and can act as a bastion host.<br />
<br />
<br/><br />
[[File:KeyBox-Terminals.png|400px]]<br />
<br />
==Description==<br />
<br />
<p><br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users.<br />
</p><br />
<p><br />
Administrators can login using two-factor authentication with<br />
[https://fedorahosted.org/freeotp FreeOTP]<br />
or<br />
[https://github.com/google/google-authenticator Google Authenticator]<br />
. From there they can create and manage public SSH keys or connect to their assigned systems through a web-shell. Commands can be shared across shells to make patching easier and eliminate redundant command execution.<br />
</p><br />
<p><br />
KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding. More details can be found in the following whitepaper: [http://www.sans.org/reading-room/whitepapers/vpns/security-implications-ssh-1180 The Security Implications of SSH]. Also, SSH key management is enabled by default to prevent unmanaged public keys and enforce best practices.<br />
</p><br />
<br/><br />
[[File:KeyBox-Arch.jpg|500px]]<br />
<br />
==Licensing==<br />
[https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Download ==<br />
[https://github.com/skavanagh/KeyBox/releases Download now]<br />
<br />
== Project Leader ==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
== Links ==<br />
*[https://github.com/skavanagh/KeyBox KeyBox on Github]<br />
*[https://github.com/skavanagh/KeyBox/blob/master/README.md README]<br />
*[http://sshkeybox.com Website]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" | [https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
|}<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== News and Events ==<br />
<span style="color:#ff0000"><br />
* 2015-10-03: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.84.00 KeyBox v2.84.00]<br />
* 2015-06-07: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.83.02 KeyBox v2.83.02]<br />
* 2015-05-16: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.83.01 KeyBox v2.83.01]<br />
* 2015-04-21: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.83.00 KeyBox v2.83.00]<br />
* 2015-03-13: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.82.00 KeyBox v2.82.00]<br />
* 2015-03-03: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.80.00 KeyBox v2.80.00]<br />
* 2015-02-25: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.76.00 KeyBox v2.76.00]<br />
</span><br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
* How do I import my own SSL cert?<br />
<br />
::keytool -keystore keystore -import -alias jetty -file mycert.crt<br />
::then just replace the keystore in the jetty/etc/ directory and you set the passwords in the jetty/modules/ssl.mod file (see [http://www.eclipse.org/jetty/documentation/current/configuring-security-secure-passwords.html Configuring Security Secure Passwords] to set the password format)<br />
::More information can be found at [http://wiki.eclipse.org/Jetty/Howto/Configure_SSL How to Configure SSL]<br />
<br />
<br />
* I have a reverse-proxy that already terminates TLS/SSL, how do I disable TLS/SSL?<br />
<br />
::In the jetty directory edit the start.ini file and set<br />
<br />
::--module=https<br />
<br />
::to<br />
<br />
::--module=http<br />
<br />
::and change jetty.port=8443 to the needed port to be and restart. More information on jetty can be found - [http://www.eclipse.org/jetty/documentation/current/ Jetty Documentation]<br />
<br />
= Acknowledgements =<br />
<br />
==Contributors==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
==Special Thanks==<br />
<br />
[http://www.jcraft.com/jsch JSch] Java Secure Channel - by [https://github.com/ymnk ymnk]<br />
<br />
[https://github.com/chjj/term.js terms.js] A terminal written in javascript - by [https://github.com/chjj chjj]<br />
<br />
= Road Map and Getting Involved =<br />
<br />
==Road Map==<br />
<br />
Add ability to save session and command line information to a large data store so it can be audited and reviewed. Compute and flag irregularities that could point security issues or improper use. Deploy to embedded network devices to act as a proxy for SSH connections.<br />
<br />
==Getting Involved==<br />
<br />
<br />
=Minimum Viable Product=<br />
<br />
Currently packaged along with a web-server and can be downloaded from github<br />
<br />
[https://github.com/skavanagh/KeyBox/releases https://github.com/skavanagh/KeyBox/releases]<br />
<br />
<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Skavanaghhttps://wiki.owasp.org/index.php?title=OWASP_KeyBox&diff=195861OWASP KeyBox2015-06-08T01:06:59Z<p>Skavanagh: /* News and Events */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP KeyBox Project==<br />
<br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users. KeyBox layers TLS/SSL on top of SSH and can act as a bastion host.<br />
<br />
<br/><br />
[[File:KeyBox-Terminals.png|400px]]<br />
<br />
==Description==<br />
<br />
<p><br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users.<br />
</p><br />
<p><br />
Administrators can login using two-factor authentication with<br />
[https://fedorahosted.org/freeotp FreeOTP]<br />
or<br />
[https://github.com/google/google-authenticator Google Authenticator]<br />
. From there they can create and manage public SSH keys or connect to their assigned systems through a web-shell. Commands can be shared across shells to make patching easier and eliminate redundant command execution.<br />
</p><br />
<p><br />
KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding. More details can be found in the following whitepaper: [http://www.sans.org/reading-room/whitepapers/vpns/security-implications-ssh-1180 The Security Implications of SSH]. Also, SSH key management is enabled by default to prevent unmanaged public keys and enforce best practices.<br />
</p><br />
<br/><br />
[[File:KeyBox-Arch.jpg|500px]]<br />
<br />
==Licensing==<br />
[https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Download ==<br />
[https://github.com/skavanagh/KeyBox/releases Download now]<br />
<br />
== Project Leader ==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
== Links ==<br />
*[https://github.com/skavanagh/KeyBox KeyBox on Github]<br />
*[https://github.com/skavanagh/KeyBox/blob/master/README.md README]<br />
*[http://sshkeybox.com Website]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" | [https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
|}<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== News and Events ==<br />
<span style="color:#ff0000"><br />
* 2015-06-07: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.83.02 KeyBox v2.83.02]<br />
* 2015-05-16: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.83.01 KeyBox v2.83.01]<br />
* 2015-04-21: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.83.00 KeyBox v2.83.00]<br />
* 2015-03-13: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.82.00 KeyBox v2.82.00]<br />
* 2015-03-03: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.80.00 KeyBox v2.80.00]<br />
* 2015-02-25: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.76.00 KeyBox v2.76.00]<br />
</span><br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
* How do I import my own SSL cert?<br />
<br />
::keytool -keystore keystore -import -alias jetty -file mycert.crt<br />
::then just replace the keystore in the jetty/etc/ directory and you set the passwords in the jetty/modules/ssl.mod file (see [http://www.eclipse.org/jetty/documentation/current/configuring-security-secure-passwords.html Configuring Security Secure Passwords] to set the password format)<br />
::More information can be found at [http://wiki.eclipse.org/Jetty/Howto/Configure_SSL How to Configure SSL]<br />
<br />
<br />
* I have a reverse-proxy that already terminates TLS/SSL, how do I disable TLS/SSL?<br />
<br />
::In the jetty directory edit the start.ini file and set<br />
<br />
::--module=https<br />
<br />
::to<br />
<br />
::--module=http<br />
<br />
::and change jetty.port=8443 to the needed port to be and restart. More information on jetty can be found - [http://www.eclipse.org/jetty/documentation/current/ Jetty Documentation]<br />
<br />
= Acknowledgements =<br />
<br />
==Contributors==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
==Special Thanks==<br />
<br />
[http://www.jcraft.com/jsch JSch] Java Secure Channel - by [https://github.com/ymnk ymnk]<br />
<br />
[https://github.com/chjj/term.js terms.js] A terminal written in javascript - by [https://github.com/chjj chjj]<br />
<br />
= Road Map and Getting Involved =<br />
<br />
==Road Map==<br />
<br />
Add ability to save session and command line information to a large data store so it can be audited and reviewed. Compute and flag irregularities that could point security issues or improper use. Deploy to embedded network devices to act as a proxy for SSH connections.<br />
<br />
==Getting Involved==<br />
<br />
<br />
=Minimum Viable Product=<br />
<br />
Currently packaged along with a web-server and can be downloaded from github<br />
<br />
[https://github.com/skavanagh/KeyBox/releases https://github.com/skavanagh/KeyBox/releases]<br />
<br />
<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Skavanaghhttps://wiki.owasp.org/index.php?title=OWASP_KeyBox&diff=194917OWASP KeyBox2015-05-16T11:50:00Z<p>Skavanagh: /* News and Events */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP KeyBox Project==<br />
<br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users. KeyBox layers TLS/SSL on top of SSH and can act as a bastion host.<br />
<br />
<br/><br />
[[File:KeyBox-Terminals.png|400px]]<br />
<br />
==Description==<br />
<br />
<p><br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users.<br />
</p><br />
<p><br />
Administrators can login using two-factor authentication with<br />
[https://fedorahosted.org/freeotp FreeOTP]<br />
or<br />
[https://github.com/google/google-authenticator Google Authenticator]<br />
. From there they can create and manage public SSH keys or connect to their assigned systems through a web-shell. Commands can be shared across shells to make patching easier and eliminate redundant command execution.<br />
</p><br />
<p><br />
KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding. More details can be found in the following whitepaper: [http://www.sans.org/reading-room/whitepapers/vpns/security-implications-ssh-1180 The Security Implications of SSH]. Also, SSH key management is enabled by default to prevent unmanaged public keys and enforce best practices.<br />
</p><br />
<br/><br />
[[File:KeyBox-Arch.jpg|500px]]<br />
<br />
==Licensing==<br />
[https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Download ==<br />
[https://github.com/skavanagh/KeyBox/releases Download now]<br />
<br />
== Project Leader ==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
== Links ==<br />
*[https://github.com/skavanagh/KeyBox KeyBox on Github]<br />
*[https://github.com/skavanagh/KeyBox/blob/master/README.md README]<br />
*[http://sshkeybox.com Website]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" | [https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
|}<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== News and Events ==<br />
<span style="color:#ff0000"><br />
* 2015-05-16: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.83.01 KeyBox v2.83.01]<br />
* 2015-04-21: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.83.00 KeyBox v2.83.00]<br />
* 2015-03-13: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.82.00 KeyBox v2.82.00]<br />
* 2015-03-03: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.80.00 KeyBox v2.80.00]<br />
* 2015-02-25: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.76.00 KeyBox v2.76.00]<br />
</span><br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
* How do I import my own SSL cert?<br />
<br />
::keytool -keystore keystore -import -alias jetty -file mycert.crt<br />
::then just replace the keystore in the jetty/etc/ directory and you set the passwords in the jetty/modules/ssl.mod file (see [http://www.eclipse.org/jetty/documentation/current/configuring-security-secure-passwords.html Configuring Security Secure Passwords] to set the password format)<br />
::More information can be found at [http://wiki.eclipse.org/Jetty/Howto/Configure_SSL How to Configure SSL]<br />
<br />
<br />
* I have a reverse-proxy that already terminates TLS/SSL, how do I disable TLS/SSL?<br />
<br />
::In the jetty directory edit the start.ini file and set<br />
<br />
::--module=https<br />
<br />
::to<br />
<br />
::--module=http<br />
<br />
::and change jetty.port=8443 to the needed port to be and restart. More information on jetty can be found - [http://www.eclipse.org/jetty/documentation/current/ Jetty Documentation]<br />
<br />
= Acknowledgements =<br />
<br />
==Contributors==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
==Special Thanks==<br />
<br />
[http://www.jcraft.com/jsch JSch] Java Secure Channel - by [https://github.com/ymnk ymnk]<br />
<br />
[https://github.com/chjj/term.js terms.js] A terminal written in javascript - by [https://github.com/chjj chjj]<br />
<br />
= Road Map and Getting Involved =<br />
<br />
==Road Map==<br />
<br />
Add ability to save session and command line information to a large data store so it can be audited and reviewed. Compute and flag irregularities that could point security issues or improper use. Deploy to embedded network devices to act as a proxy for SSH connections.<br />
<br />
==Getting Involved==<br />
<br />
<br />
=Minimum Viable Product=<br />
<br />
Currently packaged along with a web-server and can be downloaded from github<br />
<br />
[https://github.com/skavanagh/KeyBox/releases https://github.com/skavanagh/KeyBox/releases]<br />
<br />
<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Skavanaghhttps://wiki.owasp.org/index.php?title=OWASP_KeyBox&diff=193962OWASP KeyBox2015-04-26T11:49:18Z<p>Skavanagh: </p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP KeyBox Project==<br />
<br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users. KeyBox layers TLS/SSL on top of SSH and can act as a bastion host.<br />
<br />
<br/><br />
[[File:KeyBox-Terminals.png|400px]]<br />
<br />
==Description==<br />
<br />
<p><br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users.<br />
</p><br />
<p><br />
Administrators can login using two-factor authentication with<br />
[https://fedorahosted.org/freeotp FreeOTP]<br />
or<br />
[https://github.com/google/google-authenticator Google Authenticator]<br />
. From there they can create and manage public SSH keys or connect to their assigned systems through a web-shell. Commands can be shared across shells to make patching easier and eliminate redundant command execution.<br />
</p><br />
<p><br />
KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding. More details can be found in the following whitepaper: [http://www.sans.org/reading-room/whitepapers/vpns/security-implications-ssh-1180 The Security Implications of SSH]. Also, SSH key management is enabled by default to prevent unmanaged public keys and enforce best practices.<br />
</p><br />
<br/><br />
[[File:KeyBox-Arch.jpg|500px]]<br />
<br />
==Licensing==<br />
[https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Download ==<br />
[https://github.com/skavanagh/KeyBox/releases Download now]<br />
<br />
== Project Leader ==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
== Links ==<br />
*[https://github.com/skavanagh/KeyBox KeyBox on Github]<br />
*[https://github.com/skavanagh/KeyBox/blob/master/README.md README]<br />
*[http://sshkeybox.com Website]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" | [https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
|}<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== News and Events ==<br />
<span style="color:#ff0000"><br />
* 2015-04-21: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.83.00 KeyBox v2.83.00]<br />
* 2015-03-13: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.82.00 KeyBox v2.82.00]<br />
* 2015-03-03: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.80.00 KeyBox v2.80.00]<br />
* 2015-02-25: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.76.00 KeyBox v2.76.00]<br />
</span><br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
* How do I import my own SSL cert?<br />
<br />
::keytool -keystore keystore -import -alias jetty -file mycert.crt<br />
::then just replace the keystore in the jetty/etc/ directory and you set the passwords in the jetty/modules/ssl.mod file (see [http://www.eclipse.org/jetty/documentation/current/configuring-security-secure-passwords.html Configuring Security Secure Passwords] to set the password format)<br />
::More information can be found at [http://wiki.eclipse.org/Jetty/Howto/Configure_SSL How to Configure SSL]<br />
<br />
<br />
* I have a reverse-proxy that already terminates TLS/SSL, how do I disable TLS/SSL?<br />
<br />
::In the jetty directory edit the start.ini file and set<br />
<br />
::--module=https<br />
<br />
::to<br />
<br />
::--module=http<br />
<br />
::and change jetty.port=8443 to the needed port to be and restart. More information on jetty can be found - [http://www.eclipse.org/jetty/documentation/current/ Jetty Documentation]<br />
<br />
= Acknowledgements =<br />
<br />
==Contributors==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
==Special Thanks==<br />
<br />
[http://www.jcraft.com/jsch JSch] Java Secure Channel - by [https://github.com/ymnk ymnk]<br />
<br />
[https://github.com/chjj/term.js terms.js] A terminal written in javascript - by [https://github.com/chjj chjj]<br />
<br />
= Road Map and Getting Involved =<br />
<br />
==Road Map==<br />
<br />
Add ability to save session and command line information to a large data store so it can be audited and reviewed. Compute and flag irregularities that could point security issues or improper use. Deploy to embedded network devices to act as a proxy for SSH connections.<br />
<br />
==Getting Involved==<br />
<br />
<br />
=Minimum Viable Product=<br />
<br />
Currently packaged along with a web-server and can be downloaded from github<br />
<br />
[https://github.com/skavanagh/KeyBox/releases https://github.com/skavanagh/KeyBox/releases]<br />
<br />
<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Skavanaghhttps://wiki.owasp.org/index.php?title=OWASP_KeyBox&diff=193829OWASP KeyBox2015-04-22T00:28:27Z<p>Skavanagh: /* News and Events */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP KeyBox Project==<br />
<br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. It combines key management and administration through profiles assigned to defined users. KeyBox layers TLS/SSL on top of SSH and can act as a bastion host.<br />
<br />
<br/><br />
[[File:KeyBox-Terminals.png|400px]]<br />
<br />
==Description==<br />
<br />
<p><br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. KeyBox combines key management and administration through profiles assigned to defined users.<br />
</p><br />
<p><br />
Administrators can login using two-factor authentication with<br />
[https://fedorahosted.org/freeotp FreeOTP]<br />
or<br />
[https://github.com/google/google-authenticator Google Authenticator]<br />
. From there they can create and manage public SSH keys or connect to their assigned systems through a web-shell. Commands can be shared across shells to make patching easier and eliminate redundant command execution.<br />
</p><br />
<p><br />
KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding. More details can be found in the following whitepaper: [http://www.sans.org/reading-room/whitepapers/vpns/security-implications-ssh-1180 The Security Implications of SSH]. Also, SSH key management is enabled by default to prevent unmanaged public keys and enforce best practices.<br />
</p><br />
<br/><br />
[[File:KeyBox-Arch.jpg|500px]]<br />
<br />
==Licensing==<br />
[https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Download ==<br />
[https://github.com/skavanagh/KeyBox/releases Download now]<br />
<br />
== Project Leader ==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
== Links ==<br />
*[https://github.com/skavanagh/KeyBox KeyBox on Github]<br />
*[https://github.com/skavanagh/KeyBox/blob/master/README.md README]<br />
*[http://sshkeybox.com Website]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" | [https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
|}<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== News and Events ==<br />
<span style="color:#ff0000"><br />
* 2015-04-21: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.83.00 KeyBox v2.83.00]<br />
* 2015-03-13: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.82.00 KeyBox v2.82.00]<br />
* 2015-03-03: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.80.00 KeyBox v2.80.00]<br />
* 2015-02-25: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.76.00 KeyBox v2.76.00]<br />
</span><br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
* How do I import my own SSL cert?<br />
<br />
::keytool -keystore keystore -import -alias jetty -file mycert.crt<br />
::then just replace the keystore in the jetty/etc/ directory and you set the passwords in the jetty/modules/ssl.mod file (see [http://www.eclipse.org/jetty/documentation/current/configuring-security-secure-passwords.html Configuring Security Secure Passwords] to set the password format)<br />
::More information can be found at [http://wiki.eclipse.org/Jetty/Howto/Configure_SSL How to Configure SSL]<br />
<br />
<br />
* I have a reverse-proxy that already terminates TLS/SSL, how do I disable TLS/SSL?<br />
<br />
::In the jetty directory edit the start.ini file and set<br />
<br />
::--module=https<br />
<br />
::to<br />
<br />
::--module=http<br />
<br />
::and change jetty.port=8443 to the needed port to be and restart. More information on jetty can be found - [http://www.eclipse.org/jetty/documentation/current/ Jetty Documentation]<br />
<br />
= Acknowledgements =<br />
<br />
==Contributors==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
==Special Thanks==<br />
<br />
[http://www.jcraft.com/jsch JSch] Java Secure Channel - by [https://github.com/ymnk ymnk]<br />
<br />
[https://github.com/chjj/term.js terms.js] A terminal written in javascript - by [https://github.com/chjj chjj]<br />
<br />
= Road Map and Getting Involved =<br />
<br />
==Road Map==<br />
<br />
Add ability to save session and command line information to a large data store so it can be audited and reviewed. Compute and flag irregularities that could point security issues or improper use. Deploy to embedded network devices to act as a proxy for SSH connections.<br />
<br />
==Getting Involved==<br />
<br />
<br />
=Minimum Viable Product=<br />
<br />
Currently packaged along with a web-server and can be downloaded from github<br />
<br />
[https://github.com/skavanagh/KeyBox/releases https://github.com/skavanagh/KeyBox/releases]<br />
<br />
<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Skavanaghhttps://wiki.owasp.org/index.php?title=OWASP_KeyBox&diff=192369OWASP KeyBox2015-03-29T11:18:12Z<p>Skavanagh: /* FAQs */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP KeyBox Project==<br />
<br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. It combines key management and administration through profiles assigned to defined users. KeyBox layers TLS/SSL on top of SSH and can act as a bastion host.<br />
<br />
<br/><br />
[[File:KeyBox-Terminals.png|400px]]<br />
<br />
==Description==<br />
<br />
<p><br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. KeyBox combines key management and administration through profiles assigned to defined users.<br />
</p><br />
<p><br />
Administrators can login using two-factor authentication with<br />
[https://fedorahosted.org/freeotp FreeOTP]<br />
or<br />
[https://github.com/google/google-authenticator Google Authenticator]<br />
. From there they can create and manage public SSH keys or connect to their assigned systems through a web-shell. Commands can be shared across shells to make patching easier and eliminate redundant command execution.<br />
</p><br />
<p><br />
KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding. More details can be found in the following whitepaper: [http://www.sans.org/reading-room/whitepapers/vpns/security-implications-ssh-1180 The Security Implications of SSH]. Also, SSH key management is enabled by default to prevent unmanaged public keys and enforce best practices.<br />
</p><br />
<br/><br />
[[File:KeyBox-Arch.jpg|500px]]<br />
<br />
==Licensing==<br />
[https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Download ==<br />
[https://github.com/skavanagh/KeyBox/releases Download now]<br />
<br />
== Project Leader ==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
== Links ==<br />
*[https://github.com/skavanagh/KeyBox KeyBox on Github]<br />
*[https://github.com/skavanagh/KeyBox/blob/master/README.md README]<br />
*[http://sshkeybox.com Website]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" | [https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
|}<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== News and Events ==<br />
<span style="color:#ff0000"><br />
* 2015-03-13: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.82.00 KeyBox v2.82.00]<br />
* 2015-03-03: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.80.00 KeyBox v2.80.00]<br />
* 2015-02-25: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.76.00 KeyBox v2.76.00]<br />
</span><br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
* How do I import my own SSL cert?<br />
<br />
::keytool -keystore keystore -import -alias jetty -file mycert.crt<br />
::then just replace the keystore in the jetty/etc/ directory and you set the passwords in the jetty/modules/ssl.mod file (see [http://www.eclipse.org/jetty/documentation/current/configuring-security-secure-passwords.html Configuring Security Secure Passwords] to set the password format)<br />
::More information can be found at [http://wiki.eclipse.org/Jetty/Howto/Configure_SSL How to Configure SSL]<br />
<br />
<br />
* I have a reverse-proxy that already terminates TLS/SSL, how do I disable TLS/SSL?<br />
<br />
::In the jetty directory edit the start.ini file and set<br />
<br />
::--module=https<br />
<br />
::to<br />
<br />
::--module=http<br />
<br />
::and change jetty.port=8443 to the needed port to be and restart. More information on jetty can be found - [http://www.eclipse.org/jetty/documentation/current/ Jetty Documentation]<br />
<br />
= Acknowledgements =<br />
<br />
==Contributors==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
==Special Thanks==<br />
<br />
[http://www.jcraft.com/jsch JSch] Java Secure Channel - by [https://github.com/ymnk ymnk]<br />
<br />
[https://github.com/chjj/term.js terms.js] A terminal written in javascript - by [https://github.com/chjj chjj]<br />
<br />
= Road Map and Getting Involved =<br />
<br />
==Road Map==<br />
<br />
Add ability to save session and command line information to a large data store so it can be audited and reviewed. Compute and flag irregularities that could point security issues or improper use. Deploy to embedded network devices to act as a proxy for SSH connections.<br />
<br />
==Getting Involved==<br />
<br />
<br />
=Minimum Viable Product=<br />
<br />
Currently packaged along with a web-server and can be downloaded from github<br />
<br />
[https://github.com/skavanagh/KeyBox/releases https://github.com/skavanagh/KeyBox/releases]<br />
<br />
<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Skavanaghhttps://wiki.owasp.org/index.php?title=OWASP_KeyBox&diff=192368OWASP KeyBox2015-03-29T11:17:49Z<p>Skavanagh: /* FAQs */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP KeyBox Project==<br />
<br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. It combines key management and administration through profiles assigned to defined users. KeyBox layers TLS/SSL on top of SSH and can act as a bastion host.<br />
<br />
<br/><br />
[[File:KeyBox-Terminals.png|400px]]<br />
<br />
==Description==<br />
<br />
<p><br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. KeyBox combines key management and administration through profiles assigned to defined users.<br />
</p><br />
<p><br />
Administrators can login using two-factor authentication with<br />
[https://fedorahosted.org/freeotp FreeOTP]<br />
or<br />
[https://github.com/google/google-authenticator Google Authenticator]<br />
. From there they can create and manage public SSH keys or connect to their assigned systems through a web-shell. Commands can be shared across shells to make patching easier and eliminate redundant command execution.<br />
</p><br />
<p><br />
KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding. More details can be found in the following whitepaper: [http://www.sans.org/reading-room/whitepapers/vpns/security-implications-ssh-1180 The Security Implications of SSH]. Also, SSH key management is enabled by default to prevent unmanaged public keys and enforce best practices.<br />
</p><br />
<br/><br />
[[File:KeyBox-Arch.jpg|500px]]<br />
<br />
==Licensing==<br />
[https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Download ==<br />
[https://github.com/skavanagh/KeyBox/releases Download now]<br />
<br />
== Project Leader ==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
== Links ==<br />
*[https://github.com/skavanagh/KeyBox KeyBox on Github]<br />
*[https://github.com/skavanagh/KeyBox/blob/master/README.md README]<br />
*[http://sshkeybox.com Website]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" | [https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
|}<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== News and Events ==<br />
<span style="color:#ff0000"><br />
* 2015-03-13: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.82.00 KeyBox v2.82.00]<br />
* 2015-03-03: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.80.00 KeyBox v2.80.00]<br />
* 2015-02-25: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.76.00 KeyBox v2.76.00]<br />
</span><br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
* How do I import my own SSL cert?<br />
<br />
::keytool -keystore keystore -import -alias jetty -file mycert.crt<br />
::then just replace the keystore in the jetty/etc/ directory and you set the passwords in the jetty/modules/ssl.mod file (see [http://www.eclipse.org/jetty/documentation/current/configuring-security-secure-passwords.html Configuring Security Secure Passwords] to set the password format)<br />
::More information can be found at -[http://wiki.eclipse.org/Jetty/Howto/Configure_SSL How to Configure SSL]<br />
<br />
<br />
* I have a reverse-proxy that already terminates TLS/SSL, how do I disable TLS/SSL?<br />
<br />
::In the jetty directory edit the start.ini file and set<br />
<br />
::--module=https<br />
<br />
::to<br />
<br />
::--module=http<br />
<br />
::and change jetty.port=8443 to the needed port to be and restart. More information on jetty can be found - [http://www.eclipse.org/jetty/documentation/current/ Jetty Documentation]<br />
<br />
= Acknowledgements =<br />
<br />
==Contributors==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
==Special Thanks==<br />
<br />
[http://www.jcraft.com/jsch JSch] Java Secure Channel - by [https://github.com/ymnk ymnk]<br />
<br />
[https://github.com/chjj/term.js terms.js] A terminal written in javascript - by [https://github.com/chjj chjj]<br />
<br />
= Road Map and Getting Involved =<br />
<br />
==Road Map==<br />
<br />
Add ability to save session and command line information to a large data store so it can be audited and reviewed. Compute and flag irregularities that could point security issues or improper use. Deploy to embedded network devices to act as a proxy for SSH connections.<br />
<br />
==Getting Involved==<br />
<br />
<br />
=Minimum Viable Product=<br />
<br />
Currently packaged along with a web-server and can be downloaded from github<br />
<br />
[https://github.com/skavanagh/KeyBox/releases https://github.com/skavanagh/KeyBox/releases]<br />
<br />
<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Skavanaghhttps://wiki.owasp.org/index.php?title=OWASP_KeyBox&diff=192344OWASP KeyBox2015-03-28T01:37:25Z<p>Skavanagh: </p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP KeyBox Project==<br />
<br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. It combines key management and administration through profiles assigned to defined users. KeyBox layers TLS/SSL on top of SSH and can act as a bastion host.<br />
<br />
<br/><br />
[[File:KeyBox-Terminals.png|400px]]<br />
<br />
==Description==<br />
<br />
<p><br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. KeyBox combines key management and administration through profiles assigned to defined users.<br />
</p><br />
<p><br />
Administrators can login using two-factor authentication with<br />
[https://fedorahosted.org/freeotp FreeOTP]<br />
or<br />
[https://github.com/google/google-authenticator Google Authenticator]<br />
. From there they can create and manage public SSH keys or connect to their assigned systems through a web-shell. Commands can be shared across shells to make patching easier and eliminate redundant command execution.<br />
</p><br />
<p><br />
KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding. More details can be found in the following whitepaper: [http://www.sans.org/reading-room/whitepapers/vpns/security-implications-ssh-1180 The Security Implications of SSH]. Also, SSH key management is enabled by default to prevent unmanaged public keys and enforce best practices.<br />
</p><br />
<br/><br />
[[File:KeyBox-Arch.jpg|500px]]<br />
<br />
==Licensing==<br />
[https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Download ==<br />
[https://github.com/skavanagh/KeyBox/releases Download now]<br />
<br />
== Project Leader ==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
== Links ==<br />
*[https://github.com/skavanagh/KeyBox KeyBox on Github]<br />
*[https://github.com/skavanagh/KeyBox/blob/master/README.md README]<br />
*[http://sshkeybox.com Website]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" | [https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
|}<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== News and Events ==<br />
<span style="color:#ff0000"><br />
* 2015-03-13: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.82.00 KeyBox v2.82.00]<br />
* 2015-03-03: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.80.00 KeyBox v2.80.00]<br />
* 2015-02-25: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.76.00 KeyBox v2.76.00]<br />
</span><br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
* I have a reverse-proxy that already terminates TLS/SSL, how do I disable TLS/SSL?<br />
<br />
::In the jetty directory edit the start.ini file and set<br />
<br />
::--module=https<br />
<br />
::to<br />
<br />
::--module=http<br />
<br />
::and change jetty.port=8443 to the needed port to be and restart. More information on jetty can be found - [http://www.eclipse.org/jetty/documentation/current/ Jetty Documentation]<br />
<br />
= Acknowledgements =<br />
<br />
==Contributors==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
==Special Thanks==<br />
<br />
[http://www.jcraft.com/jsch JSch] Java Secure Channel - by [https://github.com/ymnk ymnk]<br />
<br />
[https://github.com/chjj/term.js terms.js] A terminal written in javascript - by [https://github.com/chjj chjj]<br />
<br />
= Road Map and Getting Involved =<br />
<br />
==Road Map==<br />
<br />
Add ability to save session and command line information to a large data store so it can be audited and reviewed. Compute and flag irregularities that could point security issues or improper use. Deploy to embedded network devices to act as a proxy for SSH connections.<br />
<br />
==Getting Involved==<br />
<br />
<br />
=Minimum Viable Product=<br />
<br />
Currently packaged along with a web-server and can be downloaded from github<br />
<br />
[https://github.com/skavanagh/KeyBox/releases https://github.com/skavanagh/KeyBox/releases]<br />
<br />
<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Skavanaghhttps://wiki.owasp.org/index.php?title=File:KeyBox-Arch.jpg&diff=192343File:KeyBox-Arch.jpg2015-03-28T01:35:09Z<p>Skavanagh: Skavanagh uploaded a new version of &quot;File:KeyBox-Arch.jpg&quot;</p>
<hr />
<div>Keybox Architecture diagram</div>Skavanaghhttps://wiki.owasp.org/index.php?title=OWASP_KeyBox&diff=192342OWASP KeyBox2015-03-28T01:33:44Z<p>Skavanagh: </p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP KeyBox Project==<br />
<br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. It combines key management and administration through profiles assigned to defined users. KeyBox layers TLS/SSL on top of SSH and can act as a bastion host.<br />
<br />
<br/><br />
[[File:KeyBox-Terminals.png|400px]]<br />
<br />
==Description==<br />
<br />
<p><br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. KeyBox combines key management and administration through profiles assigned to defined users.<br />
</p><br />
<p><br />
Administrators can login using two-factor authentication with<br />
[https://fedorahosted.org/freeotp FreeOTP]<br />
or<br />
[https://github.com/google/google-authenticator Google Authenticator]<br />
. From there they can create and manage public SSH keys or connect to their assigned systems through a web-shell. Commands can be shared across shells to make patching easier and eliminate redundant command execution.<br />
</p><br />
<p><br />
KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding. More details can be found in the following whitepaper: [http://www.sans.org/reading-room/whitepapers/vpns/security-implications-ssh-1180 The Security Implications of SSH]. Also, SSH key management is enabled by default to prevent unmanaged public keys and enforce best practices.<br />
</p><br />
<br/><br />
[[File:KeyBox-Arch.jpg]]<br />
<br />
==Licensing==<br />
[https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Download ==<br />
[https://github.com/skavanagh/KeyBox/releases Download now]<br />
<br />
== Project Leader ==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
== Links ==<br />
*[https://github.com/skavanagh/KeyBox KeyBox on Github]<br />
*[https://github.com/skavanagh/KeyBox/blob/master/README.md README]<br />
*[http://sshkeybox.com Website]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" | [https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
|}<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== News and Events ==<br />
<span style="color:#ff0000"><br />
* 2015-03-13: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.82.00 KeyBox v2.82.00]<br />
* 2015-03-03: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.80.00 KeyBox v2.80.00]<br />
* 2015-02-25: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.76.00 KeyBox v2.76.00]<br />
</span><br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
* I have a reverse-proxy that already terminates TLS/SSL, how do I disable TLS/SSL?<br />
<br />
::In the jetty directory edit the start.ini file and set<br />
<br />
::--module=https<br />
<br />
::to<br />
<br />
::--module=http<br />
<br />
::and change jetty.port=8443 to the needed port to be and restart. More information on jetty can be found - [http://www.eclipse.org/jetty/documentation/current/ Jetty Documentation]<br />
<br />
= Acknowledgements =<br />
<br />
==Contributors==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
==Special Thanks==<br />
<br />
[http://www.jcraft.com/jsch JSch] Java Secure Channel - by [https://github.com/ymnk ymnk]<br />
<br />
[https://github.com/chjj/term.js terms.js] A terminal written in javascript - by [https://github.com/chjj chjj]<br />
<br />
= Road Map and Getting Involved =<br />
<br />
==Road Map==<br />
<br />
Add ability to save session and command line information to a large data store so it can be audited and reviewed. Compute and flag irregularities that could point security issues or improper use. Deploy to embedded network devices to act as a proxy for SSH connections.<br />
<br />
==Getting Involved==<br />
<br />
<br />
=Minimum Viable Product=<br />
<br />
Currently packaged along with a web-server and can be downloaded from github<br />
<br />
[https://github.com/skavanagh/KeyBox/releases https://github.com/skavanagh/KeyBox/releases]<br />
<br />
<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Skavanaghhttps://wiki.owasp.org/index.php?title=File:KeyBox-ManageUsers.png&diff=192341File:KeyBox-ManageUsers.png2015-03-28T01:23:36Z<p>Skavanagh: KeyBox screenshot - Manage Users</p>
<hr />
<div>KeyBox screenshot - Manage Users</div>Skavanaghhttps://wiki.owasp.org/index.php?title=File:KeyBox-DisableKeys.png&diff=192340File:KeyBox-DisableKeys.png2015-03-28T01:23:20Z<p>Skavanagh: KeyBox screenshot - Disable SSH Keys</p>
<hr />
<div>KeyBox screenshot - Disable SSH Keys</div>Skavanaghhttps://wiki.owasp.org/index.php?title=File:KeyBox-DefineKeys.png&diff=192339File:KeyBox-DefineKeys.png2015-03-28T01:22:40Z<p>Skavanagh: KeyBox screenshot - Define SSH Keys</p>
<hr />
<div>KeyBox screenshot - Define SSH Keys</div>Skavanaghhttps://wiki.owasp.org/index.php?title=OWASP_KeyBox&diff=192338OWASP KeyBox2015-03-28T01:19:02Z<p>Skavanagh: /* Description */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP KeyBox Project==<br />
<br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. It combines key management and administration through profiles assigned to defined users. KeyBox layers TLS/SSL on top of SSH and can act as a bastion host.<br />
<br />
==Description==<br />
<br />
<br />
<p><br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. KeyBox combines key management and administration through profiles assigned to defined users.<br />
</p><br />
<p><br />
Administrators can login using two-factor authentication with<br />
[https://fedorahosted.org/freeotp FreeOTP]<br />
or<br />
[https://github.com/google/google-authenticator Google Authenticator]<br />
. From there they can create and manage public SSH keys or connect to their assigned systems through a web-shell. Commands can be shared across shells to make patching easier and eliminate redundant command execution.<br />
</p><br />
<p><br />
KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding. More details can be found in the following whitepaper: [http://www.sans.org/reading-room/whitepapers/vpns/security-implications-ssh-1180 The Security Implications of SSH]. Also, SSH key management is enabled by default to prevent unmanaged public keys and enforce best practices.<br />
</p><br />
<br />
[[File:KeyBox-Arch.jpg]]<br />
<br />
==Licensing==<br />
[https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Download ==<br />
[https://github.com/skavanagh/KeyBox/releases Download now]<br />
<br />
== Project Leader ==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
== Links ==<br />
*[https://github.com/skavanagh/KeyBox KeyBox on Github]<br />
*[https://github.com/skavanagh/KeyBox/blob/master/README.md README]<br />
*[http://sshkeybox.com Website]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" | [https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
|}<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== News and Events ==<br />
<span style="color:#ff0000"><br />
* 2015-03-13: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.82.00 KeyBox v2.82.00]<br />
* 2015-03-03: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.80.00 KeyBox v2.80.00]<br />
* 2015-02-25: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.76.00 KeyBox v2.76.00]<br />
</span><br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
* I have a reverse-proxy that already terminates TLS/SSL, how do I disable TLS/SSL?<br />
<br />
::In the jetty directory edit the start.ini file and set<br />
<br />
::--module=https<br />
<br />
::to<br />
<br />
::--module=http<br />
<br />
::and change jetty.port=8443 to the needed port to be and restart. More information on jetty can be found - [http://www.eclipse.org/jetty/documentation/current/ Jetty Documentation]<br />
<br />
= Acknowledgements =<br />
<br />
==Contributors==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
==Special Thanks==<br />
<br />
[http://www.jcraft.com/jsch JSch] Java Secure Channel - by [https://github.com/ymnk ymnk]<br />
<br />
[https://github.com/chjj/term.js terms.js] A terminal written in javascript - by [https://github.com/chjj chjj]<br />
<br />
= Road Map and Getting Involved =<br />
<br />
==Road Map==<br />
<br />
Add ability to save session and command line information to a large data store so it can be audited and reviewed. Compute and flag irregularities that could point security issues or improper use. Deploy to embedded network devices to act as a proxy for SSH connections.<br />
<br />
==Getting Involved==<br />
<br />
<br />
=Minimum Viable Product=<br />
<br />
Currently packaged along with a web-server and can be downloaded from github<br />
<br />
[https://github.com/skavanagh/KeyBox/releases https://github.com/skavanagh/KeyBox/releases]<br />
<br />
<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Skavanaghhttps://wiki.owasp.org/index.php?title=File:KeyBox-Terminals.png&diff=192337File:KeyBox-Terminals.png2015-03-28T01:15:04Z<p>Skavanagh: KeyBox screenshot - Terminals</p>
<hr />
<div>KeyBox screenshot - Terminals</div>Skavanaghhttps://wiki.owasp.org/index.php?title=File:KeyBox-Arch.jpg&diff=192336File:KeyBox-Arch.jpg2015-03-28T01:14:23Z<p>Skavanagh: Keybox Architecture diagram</p>
<hr />
<div>Keybox Architecture diagram</div>Skavanaghhttps://wiki.owasp.org/index.php?title=OWASP_KeyBox&diff=191398OWASP KeyBox2015-03-13T23:44:10Z<p>Skavanagh: /* News and Events */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP KeyBox Project==<br />
<br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. It combines key management and administration through profiles assigned to defined users. KeyBox layers TLS/SSL on top of SSH and can act as a bastion host.<br />
<br />
==Description==<br />
<br />
<br />
<p><br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. KeyBox combines key management and administration through profiles assigned to defined users.<br />
</p><br />
<p><br />
Administrators can login using two-factor authentication with<br />
[https://fedorahosted.org/freeotp FreeOTP]<br />
or<br />
[https://github.com/google/google-authenticator Google Authenticator]<br />
. From there they can create and manage public SSH keys or connect to their assigned systems through a web-shell. Commands can be shared across shells to make patching easier and eliminate redundant command execution.<br />
</p><br />
<p><br />
KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding. More details can be found in the following whitepaper: [http://www.sans.org/reading-room/whitepapers/vpns/security-implications-ssh-1180 The Security Implications of SSH]. Also, SSH key management is enabled by default to prevent unmanaged public keys and enforce best practices.<br />
</p><br />
<br />
==Licensing==<br />
[https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Download ==<br />
[https://github.com/skavanagh/KeyBox/releases Download now]<br />
<br />
== Project Leader ==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
== Links ==<br />
*[https://github.com/skavanagh/KeyBox KeyBox on Github]<br />
*[https://github.com/skavanagh/KeyBox/blob/master/README.md README]<br />
*[http://sshkeybox.com Website]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" | [https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
|}<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== News and Events ==<br />
<span style="color:#ff0000"><br />
* 2015-03-13: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.82.00 KeyBox v2.82.00]<br />
* 2015-03-03: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.80.00 KeyBox v2.80.00]<br />
* 2015-02-25: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.76.00 KeyBox v2.76.00]<br />
</span><br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
* I have a reverse-proxy that already terminates TLS/SSL, how do I disable TLS/SSL?<br />
<br />
::In the jetty directory edit the start.ini file and set<br />
<br />
::--module=https<br />
<br />
::to<br />
<br />
::--module=http<br />
<br />
::and change jetty.port=8443 to the needed port to be and restart. More information on jetty can be found - [http://www.eclipse.org/jetty/documentation/current/ Jetty Documentation]<br />
<br />
= Acknowledgements =<br />
<br />
==Contributors==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
==Special Thanks==<br />
<br />
[http://www.jcraft.com/jsch JSch] Java Secure Channel - by [https://github.com/ymnk ymnk]<br />
<br />
[https://github.com/chjj/term.js terms.js] A terminal written in javascript - by [https://github.com/chjj chjj]<br />
<br />
= Road Map and Getting Involved =<br />
<br />
==Road Map==<br />
<br />
Add ability to save session and command line information to a large data store so it can be audited and reviewed. Compute and flag irregularities that could point security issues or improper use. Deploy to embedded network devices to act as a proxy for SSH connections.<br />
<br />
==Getting Involved==<br />
<br />
<br />
=Minimum Viable Product=<br />
<br />
Currently packaged along with a web-server and can be downloaded from github<br />
<br />
[https://github.com/skavanagh/KeyBox/releases https://github.com/skavanagh/KeyBox/releases]<br />
<br />
<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Skavanaghhttps://wiki.owasp.org/index.php?title=OWASP_KeyBox&diff=191356OWASP KeyBox2015-03-13T13:35:31Z<p>Skavanagh: /* Links */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP KeyBox Project==<br />
<br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. It combines key management and administration through profiles assigned to defined users. KeyBox layers TLS/SSL on top of SSH and can act as a bastion host.<br />
<br />
==Description==<br />
<br />
<br />
<p><br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. KeyBox combines key management and administration through profiles assigned to defined users.<br />
</p><br />
<p><br />
Administrators can login using two-factor authentication with<br />
[https://fedorahosted.org/freeotp FreeOTP]<br />
or<br />
[https://github.com/google/google-authenticator Google Authenticator]<br />
. From there they can create and manage public SSH keys or connect to their assigned systems through a web-shell. Commands can be shared across shells to make patching easier and eliminate redundant command execution.<br />
</p><br />
<p><br />
KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding. More details can be found in the following whitepaper: [http://www.sans.org/reading-room/whitepapers/vpns/security-implications-ssh-1180 The Security Implications of SSH]. Also, SSH key management is enabled by default to prevent unmanaged public keys and enforce best practices.<br />
</p><br />
<br />
==Licensing==<br />
[https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Download ==<br />
[https://github.com/skavanagh/KeyBox/releases Download now]<br />
<br />
== Project Leader ==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
== Links ==<br />
*[https://github.com/skavanagh/KeyBox KeyBox on Github]<br />
*[https://github.com/skavanagh/KeyBox/blob/master/README.md README]<br />
*[http://sshkeybox.com Website]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" | [https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
|}<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== News and Events ==<br />
<span style="color:#ff0000"><br />
* 2015-03-03: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.80.00 KeyBox v2.80.00]<br />
* 2015-02-25: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.76.00 KeyBox v2.76.00]<br />
</span><br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
* I have a reverse-proxy that already terminates TLS/SSL, how do I disable TLS/SSL?<br />
<br />
::In the jetty directory edit the start.ini file and set<br />
<br />
::--module=https<br />
<br />
::to<br />
<br />
::--module=http<br />
<br />
::and change jetty.port=8443 to the needed port to be and restart. More information on jetty can be found - [http://www.eclipse.org/jetty/documentation/current/ Jetty Documentation]<br />
<br />
= Acknowledgements =<br />
<br />
==Contributors==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
==Special Thanks==<br />
<br />
[http://www.jcraft.com/jsch JSch] Java Secure Channel - by [https://github.com/ymnk ymnk]<br />
<br />
[https://github.com/chjj/term.js terms.js] A terminal written in javascript - by [https://github.com/chjj chjj]<br />
<br />
= Road Map and Getting Involved =<br />
<br />
==Road Map==<br />
<br />
Add ability to save session and command line information to a large data store so it can be audited and reviewed. Compute and flag irregularities that could point security issues or improper use. Deploy to embedded network devices to act as a proxy for SSH connections.<br />
<br />
==Getting Involved==<br />
<br />
<br />
=Minimum Viable Product=<br />
<br />
Currently packaged along with a web-server and can be downloaded from github<br />
<br />
[https://github.com/skavanagh/KeyBox/releases https://github.com/skavanagh/KeyBox/releases]<br />
<br />
<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Skavanaghhttps://wiki.owasp.org/index.php?title=OWASP_KeyBox&diff=191355OWASP KeyBox2015-03-13T13:34:45Z<p>Skavanagh: /* Quick Download */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP KeyBox Project==<br />
<br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. It combines key management and administration through profiles assigned to defined users. KeyBox layers TLS/SSL on top of SSH and can act as a bastion host.<br />
<br />
==Description==<br />
<br />
<br />
<p><br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. KeyBox combines key management and administration through profiles assigned to defined users.<br />
</p><br />
<p><br />
Administrators can login using two-factor authentication with<br />
[https://fedorahosted.org/freeotp FreeOTP]<br />
or<br />
[https://github.com/google/google-authenticator Google Authenticator]<br />
. From there they can create and manage public SSH keys or connect to their assigned systems through a web-shell. Commands can be shared across shells to make patching easier and eliminate redundant command execution.<br />
</p><br />
<p><br />
KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding. More details can be found in the following whitepaper: [http://www.sans.org/reading-room/whitepapers/vpns/security-implications-ssh-1180 The Security Implications of SSH]. Also, SSH key management is enabled by default to prevent unmanaged public keys and enforce best practices.<br />
</p><br />
<br />
==Licensing==<br />
[https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Download ==<br />
[https://github.com/skavanagh/KeyBox/releases Download now]<br />
<br />
== Project Leader ==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
== Links ==<br />
*[https://github.com/skavanagh/KeyBox KeyBox on Github]<br />
*[http://sshkeybox.com Website]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" | [https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
|}<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== News and Events ==<br />
<span style="color:#ff0000"><br />
* 2015-03-03: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.80.00 KeyBox v2.80.00]<br />
* 2015-02-25: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.76.00 KeyBox v2.76.00]<br />
</span><br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
* I have a reverse-proxy that already terminates TLS/SSL, how do I disable TLS/SSL?<br />
<br />
::In the jetty directory edit the start.ini file and set<br />
<br />
::--module=https<br />
<br />
::to<br />
<br />
::--module=http<br />
<br />
::and change jetty.port=8443 to the needed port to be and restart. More information on jetty can be found - [http://www.eclipse.org/jetty/documentation/current/ Jetty Documentation]<br />
<br />
= Acknowledgements =<br />
<br />
==Contributors==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
==Special Thanks==<br />
<br />
[http://www.jcraft.com/jsch JSch] Java Secure Channel - by [https://github.com/ymnk ymnk]<br />
<br />
[https://github.com/chjj/term.js terms.js] A terminal written in javascript - by [https://github.com/chjj chjj]<br />
<br />
= Road Map and Getting Involved =<br />
<br />
==Road Map==<br />
<br />
Add ability to save session and command line information to a large data store so it can be audited and reviewed. Compute and flag irregularities that could point security issues or improper use. Deploy to embedded network devices to act as a proxy for SSH connections.<br />
<br />
==Getting Involved==<br />
<br />
<br />
=Minimum Viable Product=<br />
<br />
Currently packaged along with a web-server and can be downloaded from github<br />
<br />
[https://github.com/skavanagh/KeyBox/releases https://github.com/skavanagh/KeyBox/releases]<br />
<br />
<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Skavanaghhttps://wiki.owasp.org/index.php?title=OWASP_KeyBox&diff=191354OWASP KeyBox2015-03-13T13:34:25Z<p>Skavanagh: /* Links */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP KeyBox Project==<br />
<br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. It combines key management and administration through profiles assigned to defined users. KeyBox layers TLS/SSL on top of SSH and can act as a bastion host.<br />
<br />
==Description==<br />
<br />
<br />
<p><br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. KeyBox combines key management and administration through profiles assigned to defined users.<br />
</p><br />
<p><br />
Administrators can login using two-factor authentication with<br />
[https://fedorahosted.org/freeotp FreeOTP]<br />
or<br />
[https://github.com/google/google-authenticator Google Authenticator]<br />
. From there they can create and manage public SSH keys or connect to their assigned systems through a web-shell. Commands can be shared across shells to make patching easier and eliminate redundant command execution.<br />
</p><br />
<p><br />
KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding. More details can be found in the following whitepaper: [http://www.sans.org/reading-room/whitepapers/vpns/security-implications-ssh-1180 The Security Implications of SSH]. Also, SSH key management is enabled by default to prevent unmanaged public keys and enforce best practices.<br />
</p><br />
<br />
==Licensing==<br />
[https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Quick Download ==<br />
[https://github.com/skavanagh/KeyBox/releases Download now]<br />
<br />
== Project Leader ==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
== Links ==<br />
*[https://github.com/skavanagh/KeyBox KeyBox on Github]<br />
*[http://sshkeybox.com Website]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" | [https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
|}<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== News and Events ==<br />
<span style="color:#ff0000"><br />
* 2015-03-03: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.80.00 KeyBox v2.80.00]<br />
* 2015-02-25: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.76.00 KeyBox v2.76.00]<br />
</span><br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
* I have a reverse-proxy that already terminates TLS/SSL, how do I disable TLS/SSL?<br />
<br />
::In the jetty directory edit the start.ini file and set<br />
<br />
::--module=https<br />
<br />
::to<br />
<br />
::--module=http<br />
<br />
::and change jetty.port=8443 to the needed port to be and restart. More information on jetty can be found - [http://www.eclipse.org/jetty/documentation/current/ Jetty Documentation]<br />
<br />
= Acknowledgements =<br />
<br />
==Contributors==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
==Special Thanks==<br />
<br />
[http://www.jcraft.com/jsch JSch] Java Secure Channel - by [https://github.com/ymnk ymnk]<br />
<br />
[https://github.com/chjj/term.js terms.js] A terminal written in javascript - by [https://github.com/chjj chjj]<br />
<br />
= Road Map and Getting Involved =<br />
<br />
==Road Map==<br />
<br />
Add ability to save session and command line information to a large data store so it can be audited and reviewed. Compute and flag irregularities that could point security issues or improper use. Deploy to embedded network devices to act as a proxy for SSH connections.<br />
<br />
==Getting Involved==<br />
<br />
<br />
=Minimum Viable Product=<br />
<br />
Currently packaged along with a web-server and can be downloaded from github<br />
<br />
[https://github.com/skavanagh/KeyBox/releases https://github.com/skavanagh/KeyBox/releases]<br />
<br />
<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Skavanaghhttps://wiki.owasp.org/index.php?title=OWASP_KeyBox&diff=191353OWASP KeyBox2015-03-13T13:34:05Z<p>Skavanagh: /* Repository */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP KeyBox Project==<br />
<br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. It combines key management and administration through profiles assigned to defined users. KeyBox layers TLS/SSL on top of SSH and can act as a bastion host.<br />
<br />
==Description==<br />
<br />
<br />
<p><br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. KeyBox combines key management and administration through profiles assigned to defined users.<br />
</p><br />
<p><br />
Administrators can login using two-factor authentication with<br />
[https://fedorahosted.org/freeotp FreeOTP]<br />
or<br />
[https://github.com/google/google-authenticator Google Authenticator]<br />
. From there they can create and manage public SSH keys or connect to their assigned systems through a web-shell. Commands can be shared across shells to make patching easier and eliminate redundant command execution.<br />
</p><br />
<p><br />
KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding. More details can be found in the following whitepaper: [http://www.sans.org/reading-room/whitepapers/vpns/security-implications-ssh-1180 The Security Implications of SSH]. Also, SSH key management is enabled by default to prevent unmanaged public keys and enforce best practices.<br />
</p><br />
<br />
==Licensing==<br />
[https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Quick Download ==<br />
[https://github.com/skavanagh/KeyBox/releases Download now]<br />
<br />
== Project Leader ==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
== Links ==<br />
[https://github.com/skavanagh/KeyBox KeyBox on Github]<br />
[http://sshkeybox.com Website]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" | [https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
|}<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== News and Events ==<br />
<span style="color:#ff0000"><br />
* 2015-03-03: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.80.00 KeyBox v2.80.00]<br />
* 2015-02-25: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.76.00 KeyBox v2.76.00]<br />
</span><br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
* I have a reverse-proxy that already terminates TLS/SSL, how do I disable TLS/SSL?<br />
<br />
::In the jetty directory edit the start.ini file and set<br />
<br />
::--module=https<br />
<br />
::to<br />
<br />
::--module=http<br />
<br />
::and change jetty.port=8443 to the needed port to be and restart. More information on jetty can be found - [http://www.eclipse.org/jetty/documentation/current/ Jetty Documentation]<br />
<br />
= Acknowledgements =<br />
<br />
==Contributors==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
==Special Thanks==<br />
<br />
[http://www.jcraft.com/jsch JSch] Java Secure Channel - by [https://github.com/ymnk ymnk]<br />
<br />
[https://github.com/chjj/term.js terms.js] A terminal written in javascript - by [https://github.com/chjj chjj]<br />
<br />
= Road Map and Getting Involved =<br />
<br />
==Road Map==<br />
<br />
Add ability to save session and command line information to a large data store so it can be audited and reviewed. Compute and flag irregularities that could point security issues or improper use. Deploy to embedded network devices to act as a proxy for SSH connections.<br />
<br />
==Getting Involved==<br />
<br />
<br />
=Minimum Viable Product=<br />
<br />
Currently packaged along with a web-server and can be downloaded from github<br />
<br />
[https://github.com/skavanagh/KeyBox/releases https://github.com/skavanagh/KeyBox/releases]<br />
<br />
<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Skavanaghhttps://wiki.owasp.org/index.php?title=OWASP_KeyBox&diff=191352OWASP KeyBox2015-03-13T13:33:09Z<p>Skavanagh: </p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP KeyBox Project==<br />
<br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. It combines key management and administration through profiles assigned to defined users. KeyBox layers TLS/SSL on top of SSH and can act as a bastion host.<br />
<br />
==Description==<br />
<br />
<br />
<p><br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. KeyBox combines key management and administration through profiles assigned to defined users.<br />
</p><br />
<p><br />
Administrators can login using two-factor authentication with<br />
[https://fedorahosted.org/freeotp FreeOTP]<br />
or<br />
[https://github.com/google/google-authenticator Google Authenticator]<br />
. From there they can create and manage public SSH keys or connect to their assigned systems through a web-shell. Commands can be shared across shells to make patching easier and eliminate redundant command execution.<br />
</p><br />
<p><br />
KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding. More details can be found in the following whitepaper: [http://www.sans.org/reading-room/whitepapers/vpns/security-implications-ssh-1180 The Security Implications of SSH]. Also, SSH key management is enabled by default to prevent unmanaged public keys and enforce best practices.<br />
</p><br />
<br />
==Licensing==<br />
[https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Quick Download ==<br />
[https://github.com/skavanagh/KeyBox/releases Download now]<br />
<br />
== Project Leader ==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
== Repository ==<br />
[https://github.com/skavanagh/KeyBox KeyBox on Github]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" | [https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
|}<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== News and Events ==<br />
<span style="color:#ff0000"><br />
* 2015-03-03: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.80.00 KeyBox v2.80.00]<br />
* 2015-02-25: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.76.00 KeyBox v2.76.00]<br />
</span><br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
* I have a reverse-proxy that already terminates TLS/SSL, how do I disable TLS/SSL?<br />
<br />
::In the jetty directory edit the start.ini file and set<br />
<br />
::--module=https<br />
<br />
::to<br />
<br />
::--module=http<br />
<br />
::and change jetty.port=8443 to the needed port to be and restart. More information on jetty can be found - [http://www.eclipse.org/jetty/documentation/current/ Jetty Documentation]<br />
<br />
= Acknowledgements =<br />
<br />
==Contributors==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
==Special Thanks==<br />
<br />
[http://www.jcraft.com/jsch JSch] Java Secure Channel - by [https://github.com/ymnk ymnk]<br />
<br />
[https://github.com/chjj/term.js terms.js] A terminal written in javascript - by [https://github.com/chjj chjj]<br />
<br />
= Road Map and Getting Involved =<br />
<br />
==Road Map==<br />
<br />
Add ability to save session and command line information to a large data store so it can be audited and reviewed. Compute and flag irregularities that could point security issues or improper use. Deploy to embedded network devices to act as a proxy for SSH connections.<br />
<br />
==Getting Involved==<br />
<br />
<br />
=Minimum Viable Product=<br />
<br />
Currently packaged along with a web-server and can be downloaded from github<br />
<br />
[https://github.com/skavanagh/KeyBox/releases https://github.com/skavanagh/KeyBox/releases]<br />
<br />
<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Skavanaghhttps://wiki.owasp.org/index.php?title=OWASP_KeyBox&diff=191351OWASP KeyBox2015-03-13T13:31:33Z<p>Skavanagh: /* FAQs */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
<span style="color:#ff0000"><br />
Instructions are in RED text and should be removed from your document by deleting the text with the span tags. This document is intended to serve as an example of what is required of an OWASP project wiki page. The text in red serves as instructions, while the text in black serves as an example. Text in black is expected to be replaced entirely with information specific to your OWASP project.<br />
</span><br />
<br />
==OWASP KeyBox Project==<br />
<br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. It combines key management and administration through profiles assigned to defined users. KeyBox layers TLS/SSL on top of SSH and can act as a bastion host.<br />
<br />
==Description==<br />
<br />
<br />
<p><br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. KeyBox combines key management and administration through profiles assigned to defined users.<br />
</p><br />
<p><br />
Administrators can login using two-factor authentication with<br />
[https://fedorahosted.org/freeotp FreeOTP]<br />
or<br />
[https://github.com/google/google-authenticator Google Authenticator]<br />
. From there they can create and manage public SSH keys or connect to their assigned systems through a web-shell. Commands can be shared across shells to make patching easier and eliminate redundant command execution.<br />
</p><br />
<p><br />
KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding. More details can be found in the following whitepaper: [http://www.sans.org/reading-room/whitepapers/vpns/security-implications-ssh-1180 The Security Implications of SSH]. Also, SSH key management is enabled by default to prevent unmanaged public keys and enforce best practices.<br />
</p><br />
<br />
==Licensing==<br />
[https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Quick Download ==<br />
[https://github.com/skavanagh/KeyBox/releases Download now]<br />
<br />
== Project Leader ==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
== Repository ==<br />
[https://github.com/skavanagh/KeyBox KeyBox on Github]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" | [https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
|}<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== News and Events ==<br />
<span style="color:#ff0000"><br />
* 2015-03-03: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.80.00 KeyBox v2.80.00]<br />
* 2015-02-25: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.76.00 KeyBox v2.76.00]<br />
</span><br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
* I have a reverse-proxy that already terminates TLS/SSL, how do I disable TLS/SSL?<br />
<br />
::In the jetty directory edit the start.ini file and set<br />
<br />
::--module=https<br />
<br />
::to<br />
<br />
::--module=http<br />
<br />
::and change jetty.port=8443 to the needed port to be and restart. More information on jetty can be found - [http://www.eclipse.org/jetty/documentation/current/ Jetty Documentation]<br />
<br />
= Acknowledgements =<br />
<br />
==Contributors==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
==Special Thanks==<br />
<br />
[http://www.jcraft.com/jsch JSch] Java Secure Channel - by [https://github.com/ymnk ymnk]<br />
<br />
[https://github.com/chjj/term.js terms.js] A terminal written in javascript - by [https://github.com/chjj chjj]<br />
<br />
= Road Map and Getting Involved =<br />
<br />
==Road Map==<br />
<br />
Add ability to save session and command line information to a large data store so it can be audited and reviewed. Compute and flag irregularities that could point security issues or improper use. Deploy to embedded network devices to act as a proxy for SSH connections.<br />
<br />
==Getting Involved==<br />
<br />
<br />
=Minimum Viable Product=<br />
<br />
Currently packaged along with a web-server and can be downloaded from github<br />
<br />
[https://github.com/skavanagh/KeyBox/releases https://github.com/skavanagh/KeyBox/releases]<br />
<br />
<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Skavanaghhttps://wiki.owasp.org/index.php?title=OWASP_KeyBox&diff=191350OWASP KeyBox2015-03-13T13:31:13Z<p>Skavanagh: /* FAQs */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
<span style="color:#ff0000"><br />
Instructions are in RED text and should be removed from your document by deleting the text with the span tags. This document is intended to serve as an example of what is required of an OWASP project wiki page. The text in red serves as instructions, while the text in black serves as an example. Text in black is expected to be replaced entirely with information specific to your OWASP project.<br />
</span><br />
<br />
==OWASP KeyBox Project==<br />
<br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. It combines key management and administration through profiles assigned to defined users. KeyBox layers TLS/SSL on top of SSH and can act as a bastion host.<br />
<br />
==Description==<br />
<br />
<br />
<p><br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. KeyBox combines key management and administration through profiles assigned to defined users.<br />
</p><br />
<p><br />
Administrators can login using two-factor authentication with<br />
[https://fedorahosted.org/freeotp FreeOTP]<br />
or<br />
[https://github.com/google/google-authenticator Google Authenticator]<br />
. From there they can create and manage public SSH keys or connect to their assigned systems through a web-shell. Commands can be shared across shells to make patching easier and eliminate redundant command execution.<br />
</p><br />
<p><br />
KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding. More details can be found in the following whitepaper: [http://www.sans.org/reading-room/whitepapers/vpns/security-implications-ssh-1180 The Security Implications of SSH]. Also, SSH key management is enabled by default to prevent unmanaged public keys and enforce best practices.<br />
</p><br />
<br />
==Licensing==<br />
[https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Quick Download ==<br />
[https://github.com/skavanagh/KeyBox/releases Download now]<br />
<br />
== Project Leader ==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
== Repository ==<br />
[https://github.com/skavanagh/KeyBox KeyBox on Github]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" | [https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
|}<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== News and Events ==<br />
<span style="color:#ff0000"><br />
* 2015-03-03: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.80.00 KeyBox v2.80.00]<br />
* 2015-02-25: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.76.00 KeyBox v2.76.00]<br />
</span><br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
* I have a reverse-proxy that already terminates TLS/SSL, how do I disable TLS/SSL?<br />
<br />
::In the jetty directory edit the start.ini file and set<br />
<br />
::--module=https<br />
<br />
::to<br />
<br />
::--module=http<br />
<br />
::and change jetty.port=8443 to the needed port to be and restart. More information on jetty can be found:[http://www.eclipse.org/jetty/documentation/current/ Jetty Documentation]<br />
<br />
= Acknowledgements =<br />
<br />
==Contributors==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
==Special Thanks==<br />
<br />
[http://www.jcraft.com/jsch JSch] Java Secure Channel - by [https://github.com/ymnk ymnk]<br />
<br />
[https://github.com/chjj/term.js terms.js] A terminal written in javascript - by [https://github.com/chjj chjj]<br />
<br />
= Road Map and Getting Involved =<br />
<br />
==Road Map==<br />
<br />
Add ability to save session and command line information to a large data store so it can be audited and reviewed. Compute and flag irregularities that could point security issues or improper use. Deploy to embedded network devices to act as a proxy for SSH connections.<br />
<br />
==Getting Involved==<br />
<br />
<br />
=Minimum Viable Product=<br />
<br />
Currently packaged along with a web-server and can be downloaded from github<br />
<br />
[https://github.com/skavanagh/KeyBox/releases https://github.com/skavanagh/KeyBox/releases]<br />
<br />
<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Skavanaghhttps://wiki.owasp.org/index.php?title=OWASP_KeyBox&diff=191349OWASP KeyBox2015-03-13T13:21:20Z<p>Skavanagh: /* Minimum Viable Product */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
<span style="color:#ff0000"><br />
Instructions are in RED text and should be removed from your document by deleting the text with the span tags. This document is intended to serve as an example of what is required of an OWASP project wiki page. The text in red serves as instructions, while the text in black serves as an example. Text in black is expected to be replaced entirely with information specific to your OWASP project.<br />
</span><br />
<br />
==OWASP KeyBox Project==<br />
<br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. It combines key management and administration through profiles assigned to defined users. KeyBox layers TLS/SSL on top of SSH and can act as a bastion host.<br />
<br />
==Description==<br />
<br />
<br />
<p><br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. KeyBox combines key management and administration through profiles assigned to defined users.<br />
</p><br />
<p><br />
Administrators can login using two-factor authentication with<br />
[https://fedorahosted.org/freeotp FreeOTP]<br />
or<br />
[https://github.com/google/google-authenticator Google Authenticator]<br />
. From there they can create and manage public SSH keys or connect to their assigned systems through a web-shell. Commands can be shared across shells to make patching easier and eliminate redundant command execution.<br />
</p><br />
<p><br />
KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding. More details can be found in the following whitepaper: [http://www.sans.org/reading-room/whitepapers/vpns/security-implications-ssh-1180 The Security Implications of SSH]. Also, SSH key management is enabled by default to prevent unmanaged public keys and enforce best practices.<br />
</p><br />
<br />
==Licensing==<br />
[https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Quick Download ==<br />
[https://github.com/skavanagh/KeyBox/releases Download now]<br />
<br />
== Project Leader ==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
== Repository ==<br />
[https://github.com/skavanagh/KeyBox KeyBox on Github]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" | [https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
|}<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== News and Events ==<br />
<span style="color:#ff0000"><br />
* 2015-03-03: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.80.00 KeyBox v2.80.00]<br />
* 2015-02-25: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.76.00 KeyBox v2.76.00]<br />
</span><br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
<!-- Instructions are in RED and should be removed from your document by deleting the text with the span tags.--><br />
<span style="color:#ff0000"><br />
Many projects have "Frequently Asked Questions" documents or pages. However, the point of such a document is not the questions. ''The point of a document like this are the '''answers'''''. The document contains the answers that people would otherwise find themselves giving over and over again. The idea is that rather than laboriously compose and post the same answers repeatedly, people can refer to this page with pre-prepared answers. Use this space to communicate your projects 'Frequent Answers.'<br />
</span><br />
<br />
<br />
= Acknowledgements =<br />
<br />
==Contributors==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
==Special Thanks==<br />
<br />
[http://www.jcraft.com/jsch JSch] Java Secure Channel - by [https://github.com/ymnk ymnk]<br />
<br />
[https://github.com/chjj/term.js terms.js] A terminal written in javascript - by [https://github.com/chjj chjj]<br />
<br />
= Road Map and Getting Involved =<br />
<br />
==Road Map==<br />
<br />
Add ability to save session and command line information to a large data store so it can be audited and reviewed. Compute and flag irregularities that could point security issues or improper use. Deploy to embedded network devices to act as a proxy for SSH connections.<br />
<br />
==Getting Involved==<br />
<br />
<br />
=Minimum Viable Product=<br />
<br />
Currently packaged along with a web-server and can be downloaded from github<br />
<br />
[https://github.com/skavanagh/KeyBox/releases https://github.com/skavanagh/KeyBox/releases]<br />
<br />
<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Skavanaghhttps://wiki.owasp.org/index.php?title=OWASP_KeyBox&diff=191348OWASP KeyBox2015-03-13T13:20:30Z<p>Skavanagh: /* Contributors */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
<span style="color:#ff0000"><br />
Instructions are in RED text and should be removed from your document by deleting the text with the span tags. This document is intended to serve as an example of what is required of an OWASP project wiki page. The text in red serves as instructions, while the text in black serves as an example. Text in black is expected to be replaced entirely with information specific to your OWASP project.<br />
</span><br />
<br />
==OWASP KeyBox Project==<br />
<br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. It combines key management and administration through profiles assigned to defined users. KeyBox layers TLS/SSL on top of SSH and can act as a bastion host.<br />
<br />
==Description==<br />
<br />
<br />
<p><br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. KeyBox combines key management and administration through profiles assigned to defined users.<br />
</p><br />
<p><br />
Administrators can login using two-factor authentication with<br />
[https://fedorahosted.org/freeotp FreeOTP]<br />
or<br />
[https://github.com/google/google-authenticator Google Authenticator]<br />
. From there they can create and manage public SSH keys or connect to their assigned systems through a web-shell. Commands can be shared across shells to make patching easier and eliminate redundant command execution.<br />
</p><br />
<p><br />
KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding. More details can be found in the following whitepaper: [http://www.sans.org/reading-room/whitepapers/vpns/security-implications-ssh-1180 The Security Implications of SSH]. Also, SSH key management is enabled by default to prevent unmanaged public keys and enforce best practices.<br />
</p><br />
<br />
==Licensing==<br />
[https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Quick Download ==<br />
[https://github.com/skavanagh/KeyBox/releases Download now]<br />
<br />
== Project Leader ==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
== Repository ==<br />
[https://github.com/skavanagh/KeyBox KeyBox on Github]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" | [https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
|}<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== News and Events ==<br />
<span style="color:#ff0000"><br />
* 2015-03-03: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.80.00 KeyBox v2.80.00]<br />
* 2015-02-25: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.76.00 KeyBox v2.76.00]<br />
</span><br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
<!-- Instructions are in RED and should be removed from your document by deleting the text with the span tags.--><br />
<span style="color:#ff0000"><br />
Many projects have "Frequently Asked Questions" documents or pages. However, the point of such a document is not the questions. ''The point of a document like this are the '''answers'''''. The document contains the answers that people would otherwise find themselves giving over and over again. The idea is that rather than laboriously compose and post the same answers repeatedly, people can refer to this page with pre-prepared answers. Use this space to communicate your projects 'Frequent Answers.'<br />
</span><br />
<br />
<br />
= Acknowledgements =<br />
<br />
==Contributors==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
==Special Thanks==<br />
<br />
[http://www.jcraft.com/jsch JSch] Java Secure Channel - by [https://github.com/ymnk ymnk]<br />
<br />
[https://github.com/chjj/term.js terms.js] A terminal written in javascript - by [https://github.com/chjj chjj]<br />
<br />
= Road Map and Getting Involved =<br />
<br />
==Road Map==<br />
<br />
Add ability to save session and command line information to a large data store so it can be audited and reviewed. Compute and flag irregularities that could point security issues or improper use. Deploy to embedded network devices to act as a proxy for SSH connections.<br />
<br />
==Getting Involved==<br />
<br />
<br />
=Minimum Viable Product=<br />
<br />
It's currently packaged along with a web-server and can be downloaded by consumers from github<br />
<br />
[https://github.com/skavanagh/KeyBox/releases https://github.com/skavanagh/KeyBox/releases]<br />
<br />
<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Skavanaghhttps://wiki.owasp.org/index.php?title=OWASP_KeyBox&diff=191347OWASP KeyBox2015-03-13T13:20:20Z<p>Skavanagh: /* Contributors */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
<span style="color:#ff0000"><br />
Instructions are in RED text and should be removed from your document by deleting the text with the span tags. This document is intended to serve as an example of what is required of an OWASP project wiki page. The text in red serves as instructions, while the text in black serves as an example. Text in black is expected to be replaced entirely with information specific to your OWASP project.<br />
</span><br />
<br />
==OWASP KeyBox Project==<br />
<br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. It combines key management and administration through profiles assigned to defined users. KeyBox layers TLS/SSL on top of SSH and can act as a bastion host.<br />
<br />
==Description==<br />
<br />
<br />
<p><br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. KeyBox combines key management and administration through profiles assigned to defined users.<br />
</p><br />
<p><br />
Administrators can login using two-factor authentication with<br />
[https://fedorahosted.org/freeotp FreeOTP]<br />
or<br />
[https://github.com/google/google-authenticator Google Authenticator]<br />
. From there they can create and manage public SSH keys or connect to their assigned systems through a web-shell. Commands can be shared across shells to make patching easier and eliminate redundant command execution.<br />
</p><br />
<p><br />
KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding. More details can be found in the following whitepaper: [http://www.sans.org/reading-room/whitepapers/vpns/security-implications-ssh-1180 The Security Implications of SSH]. Also, SSH key management is enabled by default to prevent unmanaged public keys and enforce best practices.<br />
</p><br />
<br />
==Licensing==<br />
[https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Quick Download ==<br />
[https://github.com/skavanagh/KeyBox/releases Download now]<br />
<br />
== Project Leader ==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
== Repository ==<br />
[https://github.com/skavanagh/KeyBox KeyBox on Github]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" | [https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
|}<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== News and Events ==<br />
<span style="color:#ff0000"><br />
* 2015-03-03: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.80.00 KeyBox v2.80.00]<br />
* 2015-02-25: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.76.00 KeyBox v2.76.00]<br />
</span><br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
<!-- Instructions are in RED and should be removed from your document by deleting the text with the span tags.--><br />
<span style="color:#ff0000"><br />
Many projects have "Frequently Asked Questions" documents or pages. However, the point of such a document is not the questions. ''The point of a document like this are the '''answers'''''. The document contains the answers that people would otherwise find themselves giving over and over again. The idea is that rather than laboriously compose and post the same answers repeatedly, people can refer to this page with pre-prepared answers. Use this space to communicate your projects 'Frequent Answers.'<br />
</span><br />
<br />
<br />
= Acknowledgements =<br />
<br />
==Contributors==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
<br />
==Special Thanks==<br />
<br />
[http://www.jcraft.com/jsch JSch] Java Secure Channel - by [https://github.com/ymnk ymnk]<br />
<br />
[https://github.com/chjj/term.js terms.js] A terminal written in javascript - by [https://github.com/chjj chjj]<br />
<br />
= Road Map and Getting Involved =<br />
<br />
==Road Map==<br />
<br />
Add ability to save session and command line information to a large data store so it can be audited and reviewed. Compute and flag irregularities that could point security issues or improper use. Deploy to embedded network devices to act as a proxy for SSH connections.<br />
<br />
==Getting Involved==<br />
<br />
<br />
=Minimum Viable Product=<br />
<br />
It's currently packaged along with a web-server and can be downloaded by consumers from github<br />
<br />
[https://github.com/skavanagh/KeyBox/releases https://github.com/skavanagh/KeyBox/releases]<br />
<br />
<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Skavanaghhttps://wiki.owasp.org/index.php?title=OWASP_KeyBox&diff=191346OWASP KeyBox2015-03-13T13:05:05Z<p>Skavanagh: /* News and Events */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
<span style="color:#ff0000"><br />
Instructions are in RED text and should be removed from your document by deleting the text with the span tags. This document is intended to serve as an example of what is required of an OWASP project wiki page. The text in red serves as instructions, while the text in black serves as an example. Text in black is expected to be replaced entirely with information specific to your OWASP project.<br />
</span><br />
<br />
==OWASP KeyBox Project==<br />
<br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. It combines key management and administration through profiles assigned to defined users. KeyBox layers TLS/SSL on top of SSH and can act as a bastion host.<br />
<br />
==Description==<br />
<br />
<br />
<p><br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. KeyBox combines key management and administration through profiles assigned to defined users.<br />
</p><br />
<p><br />
Administrators can login using two-factor authentication with<br />
[https://fedorahosted.org/freeotp FreeOTP]<br />
or<br />
[https://github.com/google/google-authenticator Google Authenticator]<br />
. From there they can create and manage public SSH keys or connect to their assigned systems through a web-shell. Commands can be shared across shells to make patching easier and eliminate redundant command execution.<br />
</p><br />
<p><br />
KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding. More details can be found in the following whitepaper: [http://www.sans.org/reading-room/whitepapers/vpns/security-implications-ssh-1180 The Security Implications of SSH]. Also, SSH key management is enabled by default to prevent unmanaged public keys and enforce best practices.<br />
</p><br />
<br />
==Licensing==<br />
[https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Quick Download ==<br />
[https://github.com/skavanagh/KeyBox/releases Download now]<br />
<br />
== Project Leader ==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
== Repository ==<br />
[https://github.com/skavanagh/KeyBox KeyBox on Github]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" | [https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
|}<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== News and Events ==<br />
<span style="color:#ff0000"><br />
* 2015-03-03: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.80.00 KeyBox v2.80.00]<br />
* 2015-02-25: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.76.00 KeyBox v2.76.00]<br />
</span><br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
<!-- Instructions are in RED and should be removed from your document by deleting the text with the span tags.--><br />
<span style="color:#ff0000"><br />
Many projects have "Frequently Asked Questions" documents or pages. However, the point of such a document is not the questions. ''The point of a document like this are the '''answers'''''. The document contains the answers that people would otherwise find themselves giving over and over again. The idea is that rather than laboriously compose and post the same answers repeatedly, people can refer to this page with pre-prepared answers. Use this space to communicate your projects 'Frequent Answers.'<br />
</span><br />
<br />
<br />
= Acknowledgements =<br />
<br />
==Contributors==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
= Road Map and Getting Involved =<br />
<br />
==Road Map==<br />
<br />
Add ability to save session and command line information to a large data store so it can be audited and reviewed. Compute and flag irregularities that could point security issues or improper use. Deploy to embedded network devices to act as a proxy for SSH connections.<br />
<br />
==Getting Involved==<br />
<br />
<br />
=Minimum Viable Product=<br />
<br />
It's currently packaged along with a web-server and can be downloaded by consumers from github<br />
<br />
[https://github.com/skavanagh/KeyBox/releases https://github.com/skavanagh/KeyBox/releases]<br />
<br />
<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Skavanaghhttps://wiki.owasp.org/index.php?title=OWASP_KeyBox&diff=191345OWASP KeyBox2015-03-13T13:04:37Z<p>Skavanagh: /* Repository */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
<span style="color:#ff0000"><br />
Instructions are in RED text and should be removed from your document by deleting the text with the span tags. This document is intended to serve as an example of what is required of an OWASP project wiki page. The text in red serves as instructions, while the text in black serves as an example. Text in black is expected to be replaced entirely with information specific to your OWASP project.<br />
</span><br />
<br />
==OWASP KeyBox Project==<br />
<br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. It combines key management and administration through profiles assigned to defined users. KeyBox layers TLS/SSL on top of SSH and can act as a bastion host.<br />
<br />
==Description==<br />
<br />
<br />
<p><br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. KeyBox combines key management and administration through profiles assigned to defined users.<br />
</p><br />
<p><br />
Administrators can login using two-factor authentication with<br />
[https://fedorahosted.org/freeotp FreeOTP]<br />
or<br />
[https://github.com/google/google-authenticator Google Authenticator]<br />
. From there they can create and manage public SSH keys or connect to their assigned systems through a web-shell. Commands can be shared across shells to make patching easier and eliminate redundant command execution.<br />
</p><br />
<p><br />
KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding. More details can be found in the following whitepaper: [http://www.sans.org/reading-room/whitepapers/vpns/security-implications-ssh-1180 The Security Implications of SSH]. Also, SSH key management is enabled by default to prevent unmanaged public keys and enforce best practices.<br />
</p><br />
<br />
==Licensing==<br />
[https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Quick Download ==<br />
[https://github.com/skavanagh/KeyBox/releases Download now]<br />
<br />
== Project Leader ==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
== Repository ==<br />
[https://github.com/skavanagh/KeyBox KeyBox on Github]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" | [https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
|}<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== News and Events ==<br />
<span style="color:#ff0000"><br />
* 2015-03-03: [https://github.com/skavanagh/KeyBox/releases/tag/v2.80.00 KeyBox v2.80.00]<br />
* 2015-02-25: [https://github.com/skavanagh/KeyBox/releases/tag/v2.76.00 KeyBox v2.76.00]<br />
</span><br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
<!-- Instructions are in RED and should be removed from your document by deleting the text with the span tags.--><br />
<span style="color:#ff0000"><br />
Many projects have "Frequently Asked Questions" documents or pages. However, the point of such a document is not the questions. ''The point of a document like this are the '''answers'''''. The document contains the answers that people would otherwise find themselves giving over and over again. The idea is that rather than laboriously compose and post the same answers repeatedly, people can refer to this page with pre-prepared answers. Use this space to communicate your projects 'Frequent Answers.'<br />
</span><br />
<br />
<br />
= Acknowledgements =<br />
<br />
==Contributors==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
= Road Map and Getting Involved =<br />
<br />
==Road Map==<br />
<br />
Add ability to save session and command line information to a large data store so it can be audited and reviewed. Compute and flag irregularities that could point security issues or improper use. Deploy to embedded network devices to act as a proxy for SSH connections.<br />
<br />
==Getting Involved==<br />
<br />
<br />
=Minimum Viable Product=<br />
<br />
It's currently packaged along with a web-server and can be downloaded by consumers from github<br />
<br />
[https://github.com/skavanagh/KeyBox/releases https://github.com/skavanagh/KeyBox/releases]<br />
<br />
<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Skavanaghhttps://wiki.owasp.org/index.php?title=OWASP_KeyBox&diff=191344OWASP KeyBox2015-03-13T13:04:23Z<p>Skavanagh: /* Quick Download */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
<span style="color:#ff0000"><br />
Instructions are in RED text and should be removed from your document by deleting the text with the span tags. This document is intended to serve as an example of what is required of an OWASP project wiki page. The text in red serves as instructions, while the text in black serves as an example. Text in black is expected to be replaced entirely with information specific to your OWASP project.<br />
</span><br />
<br />
==OWASP KeyBox Project==<br />
<br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. It combines key management and administration through profiles assigned to defined users. KeyBox layers TLS/SSL on top of SSH and can act as a bastion host.<br />
<br />
==Description==<br />
<br />
<br />
<p><br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. KeyBox combines key management and administration through profiles assigned to defined users.<br />
</p><br />
<p><br />
Administrators can login using two-factor authentication with<br />
[https://fedorahosted.org/freeotp FreeOTP]<br />
or<br />
[https://github.com/google/google-authenticator Google Authenticator]<br />
. From there they can create and manage public SSH keys or connect to their assigned systems through a web-shell. Commands can be shared across shells to make patching easier and eliminate redundant command execution.<br />
</p><br />
<p><br />
KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding. More details can be found in the following whitepaper: [http://www.sans.org/reading-room/whitepapers/vpns/security-implications-ssh-1180 The Security Implications of SSH]. Also, SSH key management is enabled by default to prevent unmanaged public keys and enforce best practices.<br />
</p><br />
<br />
==Licensing==<br />
[https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Quick Download ==<br />
[https://github.com/skavanagh/KeyBox/releases Download now]<br />
<br />
== Project Leader ==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
== Repository ==<br />
<span style="color:#ff0000"><br />
[https://github.com/skavanagh/KeyBox KeyBox on Github]<br />
</span><br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" | [https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
|}<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== News and Events ==<br />
<span style="color:#ff0000"><br />
* 2015-03-03: [https://github.com/skavanagh/KeyBox/releases/tag/v2.80.00 KeyBox v2.80.00]<br />
* 2015-02-25: [https://github.com/skavanagh/KeyBox/releases/tag/v2.76.00 KeyBox v2.76.00]<br />
</span><br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
<!-- Instructions are in RED and should be removed from your document by deleting the text with the span tags.--><br />
<span style="color:#ff0000"><br />
Many projects have "Frequently Asked Questions" documents or pages. However, the point of such a document is not the questions. ''The point of a document like this are the '''answers'''''. The document contains the answers that people would otherwise find themselves giving over and over again. The idea is that rather than laboriously compose and post the same answers repeatedly, people can refer to this page with pre-prepared answers. Use this space to communicate your projects 'Frequent Answers.'<br />
</span><br />
<br />
<br />
= Acknowledgements =<br />
<br />
==Contributors==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
= Road Map and Getting Involved =<br />
<br />
==Road Map==<br />
<br />
Add ability to save session and command line information to a large data store so it can be audited and reviewed. Compute and flag irregularities that could point security issues or improper use. Deploy to embedded network devices to act as a proxy for SSH connections.<br />
<br />
==Getting Involved==<br />
<br />
<br />
=Minimum Viable Product=<br />
<br />
It's currently packaged along with a web-server and can be downloaded by consumers from github<br />
<br />
[https://github.com/skavanagh/KeyBox/releases https://github.com/skavanagh/KeyBox/releases]<br />
<br />
<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Skavanaghhttps://wiki.owasp.org/index.php?title=OWASP_KeyBox&diff=191343OWASP KeyBox2015-03-13T13:04:00Z<p>Skavanagh: /* Description */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
<span style="color:#ff0000"><br />
Instructions are in RED text and should be removed from your document by deleting the text with the span tags. This document is intended to serve as an example of what is required of an OWASP project wiki page. The text in red serves as instructions, while the text in black serves as an example. Text in black is expected to be replaced entirely with information specific to your OWASP project.<br />
</span><br />
<br />
==OWASP KeyBox Project==<br />
<br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. It combines key management and administration through profiles assigned to defined users. KeyBox layers TLS/SSL on top of SSH and can act as a bastion host.<br />
<br />
==Description==<br />
<br />
<br />
<p><br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. KeyBox combines key management and administration through profiles assigned to defined users.<br />
</p><br />
<p><br />
Administrators can login using two-factor authentication with<br />
[https://fedorahosted.org/freeotp FreeOTP]<br />
or<br />
[https://github.com/google/google-authenticator Google Authenticator]<br />
. From there they can create and manage public SSH keys or connect to their assigned systems through a web-shell. Commands can be shared across shells to make patching easier and eliminate redundant command execution.<br />
</p><br />
<p><br />
KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding. More details can be found in the following whitepaper: [http://www.sans.org/reading-room/whitepapers/vpns/security-implications-ssh-1180 The Security Implications of SSH]. Also, SSH key management is enabled by default to prevent unmanaged public keys and enforce best practices.<br />
</p><br />
<br />
==Licensing==<br />
[https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Quick Download ==<br />
<span style="color:#ff0000"><br />
[https://github.com/skavanagh/KeyBox/releases Download now]<br />
</span><br />
<br />
== Project Leader ==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
== Repository ==<br />
<span style="color:#ff0000"><br />
[https://github.com/skavanagh/KeyBox KeyBox on Github]<br />
</span><br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" | [https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
|}<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== News and Events ==<br />
<span style="color:#ff0000"><br />
* 2015-03-03: [https://github.com/skavanagh/KeyBox/releases/tag/v2.80.00 KeyBox v2.80.00]<br />
* 2015-02-25: [https://github.com/skavanagh/KeyBox/releases/tag/v2.76.00 KeyBox v2.76.00]<br />
</span><br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
<!-- Instructions are in RED and should be removed from your document by deleting the text with the span tags.--><br />
<span style="color:#ff0000"><br />
Many projects have "Frequently Asked Questions" documents or pages. However, the point of such a document is not the questions. ''The point of a document like this are the '''answers'''''. The document contains the answers that people would otherwise find themselves giving over and over again. The idea is that rather than laboriously compose and post the same answers repeatedly, people can refer to this page with pre-prepared answers. Use this space to communicate your projects 'Frequent Answers.'<br />
</span><br />
<br />
<br />
= Acknowledgements =<br />
<br />
==Contributors==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
= Road Map and Getting Involved =<br />
<br />
==Road Map==<br />
<br />
Add ability to save session and command line information to a large data store so it can be audited and reviewed. Compute and flag irregularities that could point security issues or improper use. Deploy to embedded network devices to act as a proxy for SSH connections.<br />
<br />
==Getting Involved==<br />
<br />
<br />
=Minimum Viable Product=<br />
<br />
It's currently packaged along with a web-server and can be downloaded by consumers from github<br />
<br />
[https://github.com/skavanagh/KeyBox/releases https://github.com/skavanagh/KeyBox/releases]<br />
<br />
<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Skavanaghhttps://wiki.owasp.org/index.php?title=OWASP_KeyBox&diff=191342OWASP KeyBox2015-03-13T13:03:04Z<p>Skavanagh: /* Related Projects */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
<span style="color:#ff0000"><br />
Instructions are in RED text and should be removed from your document by deleting the text with the span tags. This document is intended to serve as an example of what is required of an OWASP project wiki page. The text in red serves as instructions, while the text in black serves as an example. Text in black is expected to be replaced entirely with information specific to your OWASP project.<br />
</span><br />
<br />
==OWASP KeyBox Project==<br />
<br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. It combines key management and administration through profiles assigned to defined users. KeyBox layers TLS/SSL on top of SSH and can act as a bastion host.<br />
<br />
==Description==<br />
<br />
<span style="color:#ff0000"><br />
<p><br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. KeyBox combines key management and administration through profiles assigned to defined users.<br />
</p><br />
<p><br />
Administrators can login using two-factor authentication with<br />
[https://fedorahosted.org/freeotp FreeOTP]<br />
or<br />
[https://github.com/google/google-authenticator Google Authenticator]<br />
. From there they can create and manage public SSH keys or connect to their assigned systems through a web-shell. Commands can be shared across shells to make patching easier and eliminate redundant command execution.<br />
</p><br />
<p><br />
KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding. More details can be found in the following whitepaper: [http://www.sans.org/reading-room/whitepapers/vpns/security-implications-ssh-1180 The Security Implications of SSH]. Also, SSH key management is enabled by default to prevent unmanaged public keys and enforce best practices.<br />
</p><br />
</span><br />
<br />
==Licensing==<br />
[https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Quick Download ==<br />
<span style="color:#ff0000"><br />
[https://github.com/skavanagh/KeyBox/releases Download now]<br />
</span><br />
<br />
== Project Leader ==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
== Repository ==<br />
<span style="color:#ff0000"><br />
[https://github.com/skavanagh/KeyBox KeyBox on Github]<br />
</span><br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" | [https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
|}<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== News and Events ==<br />
<span style="color:#ff0000"><br />
* 2015-03-03: [https://github.com/skavanagh/KeyBox/releases/tag/v2.80.00 KeyBox v2.80.00]<br />
* 2015-02-25: [https://github.com/skavanagh/KeyBox/releases/tag/v2.76.00 KeyBox v2.76.00]<br />
</span><br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
<!-- Instructions are in RED and should be removed from your document by deleting the text with the span tags.--><br />
<span style="color:#ff0000"><br />
Many projects have "Frequently Asked Questions" documents or pages. However, the point of such a document is not the questions. ''The point of a document like this are the '''answers'''''. The document contains the answers that people would otherwise find themselves giving over and over again. The idea is that rather than laboriously compose and post the same answers repeatedly, people can refer to this page with pre-prepared answers. Use this space to communicate your projects 'Frequent Answers.'<br />
</span><br />
<br />
<br />
= Acknowledgements =<br />
<br />
==Contributors==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
= Road Map and Getting Involved =<br />
<br />
==Road Map==<br />
<br />
Add ability to save session and command line information to a large data store so it can be audited and reviewed. Compute and flag irregularities that could point security issues or improper use. Deploy to embedded network devices to act as a proxy for SSH connections.<br />
<br />
==Getting Involved==<br />
<br />
<br />
=Minimum Viable Product=<br />
<br />
It's currently packaged along with a web-server and can be downloaded by consumers from github<br />
<br />
[https://github.com/skavanagh/KeyBox/releases https://github.com/skavanagh/KeyBox/releases]<br />
<br />
<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Skavanaghhttps://wiki.owasp.org/index.php?title=OWASP_KeyBox&diff=191341OWASP KeyBox2015-03-13T13:01:46Z<p>Skavanagh: /* News and Events */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
<span style="color:#ff0000"><br />
Instructions are in RED text and should be removed from your document by deleting the text with the span tags. This document is intended to serve as an example of what is required of an OWASP project wiki page. The text in red serves as instructions, while the text in black serves as an example. Text in black is expected to be replaced entirely with information specific to your OWASP project.<br />
</span><br />
<br />
==OWASP KeyBox Project==<br />
<br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. It combines key management and administration through profiles assigned to defined users. KeyBox layers TLS/SSL on top of SSH and can act as a bastion host.<br />
<br />
==Description==<br />
<br />
<span style="color:#ff0000"><br />
<p><br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. KeyBox combines key management and administration through profiles assigned to defined users.<br />
</p><br />
<p><br />
Administrators can login using two-factor authentication with<br />
[https://fedorahosted.org/freeotp FreeOTP]<br />
or<br />
[https://github.com/google/google-authenticator Google Authenticator]<br />
. From there they can create and manage public SSH keys or connect to their assigned systems through a web-shell. Commands can be shared across shells to make patching easier and eliminate redundant command execution.<br />
</p><br />
<p><br />
KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding. More details can be found in the following whitepaper: [http://www.sans.org/reading-room/whitepapers/vpns/security-implications-ssh-1180 The Security Implications of SSH]. Also, SSH key management is enabled by default to prevent unmanaged public keys and enforce best practices.<br />
</p><br />
</span><br />
<br />
==Licensing==<br />
[https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Quick Download ==<br />
<span style="color:#ff0000"><br />
[https://github.com/skavanagh/KeyBox/releases Download now]<br />
</span><br />
<br />
== Project Leader ==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
== Related Projects ==<br />
<span style="color:#ff0000"><br />
This is where you can link to other OWASP Projects that are similar to yours. <br />
</span><br />
<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" | [https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
|}<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== News and Events ==<br />
<span style="color:#ff0000"><br />
* 2015-03-03: [https://github.com/skavanagh/KeyBox/releases/tag/v2.80.00 KeyBox v2.80.00]<br />
* 2015-02-25: [https://github.com/skavanagh/KeyBox/releases/tag/v2.76.00 KeyBox v2.76.00]<br />
</span><br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
<!-- Instructions are in RED and should be removed from your document by deleting the text with the span tags.--><br />
<span style="color:#ff0000"><br />
Many projects have "Frequently Asked Questions" documents or pages. However, the point of such a document is not the questions. ''The point of a document like this are the '''answers'''''. The document contains the answers that people would otherwise find themselves giving over and over again. The idea is that rather than laboriously compose and post the same answers repeatedly, people can refer to this page with pre-prepared answers. Use this space to communicate your projects 'Frequent Answers.'<br />
</span><br />
<br />
<br />
= Acknowledgements =<br />
<br />
==Contributors==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
= Road Map and Getting Involved =<br />
<br />
==Road Map==<br />
<br />
Add ability to save session and command line information to a large data store so it can be audited and reviewed. Compute and flag irregularities that could point security issues or improper use. Deploy to embedded network devices to act as a proxy for SSH connections.<br />
<br />
==Getting Involved==<br />
<br />
<br />
=Minimum Viable Product=<br />
<br />
It's currently packaged along with a web-server and can be downloaded by consumers from github<br />
<br />
[https://github.com/skavanagh/KeyBox/releases https://github.com/skavanagh/KeyBox/releases]<br />
<br />
<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Skavanaghhttps://wiki.owasp.org/index.php?title=OWASP_KeyBox&diff=191340OWASP KeyBox2015-03-13T13:01:14Z<p>Skavanagh: /* News and Events */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
<span style="color:#ff0000"><br />
Instructions are in RED text and should be removed from your document by deleting the text with the span tags. This document is intended to serve as an example of what is required of an OWASP project wiki page. The text in red serves as instructions, while the text in black serves as an example. Text in black is expected to be replaced entirely with information specific to your OWASP project.<br />
</span><br />
<br />
==OWASP KeyBox Project==<br />
<br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. It combines key management and administration through profiles assigned to defined users. KeyBox layers TLS/SSL on top of SSH and can act as a bastion host.<br />
<br />
==Description==<br />
<br />
<span style="color:#ff0000"><br />
<p><br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. KeyBox combines key management and administration through profiles assigned to defined users.<br />
</p><br />
<p><br />
Administrators can login using two-factor authentication with<br />
[https://fedorahosted.org/freeotp FreeOTP]<br />
or<br />
[https://github.com/google/google-authenticator Google Authenticator]<br />
. From there they can create and manage public SSH keys or connect to their assigned systems through a web-shell. Commands can be shared across shells to make patching easier and eliminate redundant command execution.<br />
</p><br />
<p><br />
KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding. More details can be found in the following whitepaper: [http://www.sans.org/reading-room/whitepapers/vpns/security-implications-ssh-1180 The Security Implications of SSH]. Also, SSH key management is enabled by default to prevent unmanaged public keys and enforce best practices.<br />
</p><br />
</span><br />
<br />
==Licensing==<br />
[https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Quick Download ==<br />
<span style="color:#ff0000"><br />
[https://github.com/skavanagh/KeyBox/releases Download now]<br />
</span><br />
<br />
== Project Leader ==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
== Related Projects ==<br />
<span style="color:#ff0000"><br />
This is where you can link to other OWASP Projects that are similar to yours. <br />
</span><br />
<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" | [https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
|}<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== News and Events ==<br />
<span style="color:#ff0000"><br />
* 2015-03-03: [https://github.com/skavanagh/KeyBox/releases/tag/v2.80.00 KeyBox v2.80.00] Released<br />
* 2015-02-25: [https://github.com/skavanagh/KeyBox/releases/tag/v2.76.00 KeyBox v2.76.00] Released<br />
</span><br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
<!-- Instructions are in RED and should be removed from your document by deleting the text with the span tags.--><br />
<span style="color:#ff0000"><br />
Many projects have "Frequently Asked Questions" documents or pages. However, the point of such a document is not the questions. ''The point of a document like this are the '''answers'''''. The document contains the answers that people would otherwise find themselves giving over and over again. The idea is that rather than laboriously compose and post the same answers repeatedly, people can refer to this page with pre-prepared answers. Use this space to communicate your projects 'Frequent Answers.'<br />
</span><br />
<br />
<br />
= Acknowledgements =<br />
<br />
==Contributors==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
= Road Map and Getting Involved =<br />
<br />
==Road Map==<br />
<br />
Add ability to save session and command line information to a large data store so it can be audited and reviewed. Compute and flag irregularities that could point security issues or improper use. Deploy to embedded network devices to act as a proxy for SSH connections.<br />
<br />
==Getting Involved==<br />
<br />
<br />
=Minimum Viable Product=<br />
<br />
It's currently packaged along with a web-server and can be downloaded by consumers from github<br />
<br />
[https://github.com/skavanagh/KeyBox/releases https://github.com/skavanagh/KeyBox/releases]<br />
<br />
<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Skavanaghhttps://wiki.owasp.org/index.php?title=OWASP_KeyBox&diff=191339OWASP KeyBox2015-03-13T13:00:45Z<p>Skavanagh: /* News and Events */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
<span style="color:#ff0000"><br />
Instructions are in RED text and should be removed from your document by deleting the text with the span tags. This document is intended to serve as an example of what is required of an OWASP project wiki page. The text in red serves as instructions, while the text in black serves as an example. Text in black is expected to be replaced entirely with information specific to your OWASP project.<br />
</span><br />
<br />
==OWASP KeyBox Project==<br />
<br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. It combines key management and administration through profiles assigned to defined users. KeyBox layers TLS/SSL on top of SSH and can act as a bastion host.<br />
<br />
==Description==<br />
<br />
<span style="color:#ff0000"><br />
<p><br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. KeyBox combines key management and administration through profiles assigned to defined users.<br />
</p><br />
<p><br />
Administrators can login using two-factor authentication with<br />
[https://fedorahosted.org/freeotp FreeOTP]<br />
or<br />
[https://github.com/google/google-authenticator Google Authenticator]<br />
. From there they can create and manage public SSH keys or connect to their assigned systems through a web-shell. Commands can be shared across shells to make patching easier and eliminate redundant command execution.<br />
</p><br />
<p><br />
KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding. More details can be found in the following whitepaper: [http://www.sans.org/reading-room/whitepapers/vpns/security-implications-ssh-1180 The Security Implications of SSH]. Also, SSH key management is enabled by default to prevent unmanaged public keys and enforce best practices.<br />
</p><br />
</span><br />
<br />
==Licensing==<br />
[https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Quick Download ==<br />
<span style="color:#ff0000"><br />
[https://github.com/skavanagh/KeyBox/releases Download now]<br />
</span><br />
<br />
== Project Leader ==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
== Related Projects ==<br />
<span style="color:#ff0000"><br />
This is where you can link to other OWASP Projects that are similar to yours. <br />
</span><br />
<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" | [https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
|}<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== News and Events ==<br />
<span style="color:#ff0000"><br />
* 2015-03-03: [https://github.com/skavanagh/KeyBox/releases/tag/v2.80.00 KeyBox v2.80.00 Released]<br />
* 2015-02-25: [https://github.com/skavanagh/KeyBox/releases/tag/v2.76.00 v2.76.00 Released]<br />
</span><br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
<!-- Instructions are in RED and should be removed from your document by deleting the text with the span tags.--><br />
<span style="color:#ff0000"><br />
Many projects have "Frequently Asked Questions" documents or pages. However, the point of such a document is not the questions. ''The point of a document like this are the '''answers'''''. The document contains the answers that people would otherwise find themselves giving over and over again. The idea is that rather than laboriously compose and post the same answers repeatedly, people can refer to this page with pre-prepared answers. Use this space to communicate your projects 'Frequent Answers.'<br />
</span><br />
<br />
<br />
= Acknowledgements =<br />
<br />
==Contributors==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
= Road Map and Getting Involved =<br />
<br />
==Road Map==<br />
<br />
Add ability to save session and command line information to a large data store so it can be audited and reviewed. Compute and flag irregularities that could point security issues or improper use. Deploy to embedded network devices to act as a proxy for SSH connections.<br />
<br />
==Getting Involved==<br />
<br />
<br />
=Minimum Viable Product=<br />
<br />
It's currently packaged along with a web-server and can be downloaded by consumers from github<br />
<br />
[https://github.com/skavanagh/KeyBox/releases https://github.com/skavanagh/KeyBox/releases]<br />
<br />
<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Skavanaghhttps://wiki.owasp.org/index.php?title=OWASP_KeyBox&diff=191338OWASP KeyBox2015-03-13T12:53:27Z<p>Skavanagh: /* OWASP KeyBox Project */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
<span style="color:#ff0000"><br />
Instructions are in RED text and should be removed from your document by deleting the text with the span tags. This document is intended to serve as an example of what is required of an OWASP project wiki page. The text in red serves as instructions, while the text in black serves as an example. Text in black is expected to be replaced entirely with information specific to your OWASP project.<br />
</span><br />
<br />
==OWASP KeyBox Project==<br />
<br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. It combines key management and administration through profiles assigned to defined users. KeyBox layers TLS/SSL on top of SSH and can act as a bastion host.<br />
<br />
==Description==<br />
<br />
<span style="color:#ff0000"><br />
<p><br />
KeyBox is a web-based SSH console that centrally manages administrative access to systems. KeyBox combines key management and administration through profiles assigned to defined users.<br />
</p><br />
<p><br />
Administrators can login using two-factor authentication with<br />
[https://fedorahosted.org/freeotp FreeOTP]<br />
or<br />
[https://github.com/google/google-authenticator Google Authenticator]<br />
. From there they can create and manage public SSH keys or connect to their assigned systems through a web-shell. Commands can be shared across shells to make patching easier and eliminate redundant command execution.<br />
</p><br />
<p><br />
KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding. More details can be found in the following whitepaper: [http://www.sans.org/reading-room/whitepapers/vpns/security-implications-ssh-1180 The Security Implications of SSH]. Also, SSH key management is enabled by default to prevent unmanaged public keys and enforce best practices.<br />
</p><br />
</span><br />
<br />
==Licensing==<br />
[https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Quick Download ==<br />
<span style="color:#ff0000"><br />
[https://github.com/skavanagh/KeyBox/releases Download now]<br />
</span><br />
<br />
== Project Leader ==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
== Related Projects ==<br />
<span style="color:#ff0000"><br />
This is where you can link to other OWASP Projects that are similar to yours. <br />
</span><br />
<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" | [https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]<br />
|}<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== News and Events ==<br />
<span style="color:#ff0000"><br />
This is where you can provide project updates, links to any events like conference presentations, Project Leader interviews, case studies on successful project implementations, and articles written about your project. <br />
</span><br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
<!-- Instructions are in RED and should be removed from your document by deleting the text with the span tags.--><br />
<span style="color:#ff0000"><br />
Many projects have "Frequently Asked Questions" documents or pages. However, the point of such a document is not the questions. ''The point of a document like this are the '''answers'''''. The document contains the answers that people would otherwise find themselves giving over and over again. The idea is that rather than laboriously compose and post the same answers repeatedly, people can refer to this page with pre-prepared answers. Use this space to communicate your projects 'Frequent Answers.'<br />
</span><br />
<br />
<br />
= Acknowledgements =<br />
<br />
==Contributors==<br />
<br />
[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]<br />
<br />
= Road Map and Getting Involved =<br />
<br />
==Road Map==<br />
<br />
Add ability to save session and command line information to a large data store so it can be audited and reviewed. Compute and flag irregularities that could point security issues or improper use. Deploy to embedded network devices to act as a proxy for SSH connections.<br />
<br />
==Getting Involved==<br />
<br />
<br />
=Minimum Viable Product=<br />
<br />
It's currently packaged along with a web-server and can be downloaded by consumers from github<br />
<br />
[https://github.com/skavanagh/KeyBox/releases https://github.com/skavanagh/KeyBox/releases]<br />
<br />
<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Skavanagh