This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP KeyBox"
(→News and Events) |
|||
| Line 8: | Line 8: | ||
==OWASP KeyBox Project== | ==OWASP KeyBox Project== | ||
| − | KeyBox is a web-based SSH console that centrally manages administrative access to systems. | + | KeyBox is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users. KeyBox layers TLS/SSL on top of SSH and can act as a bastion host. |
<br/> | <br/> | ||
| Line 16: | Line 16: | ||
<p> | <p> | ||
| − | KeyBox is a web-based SSH console that centrally manages administrative access to systems. | + | KeyBox is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users. |
</p> | </p> | ||
<p> | <p> | ||
Revision as of 11:49, 26 April 2015
OWASP KeyBox ProjectKeyBox is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users. KeyBox layers TLS/SSL on top of SSH and can act as a bastion host.
DescriptionKeyBox is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users. Administrators can login using two-factor authentication with FreeOTP or Google Authenticator . From there they can create and manage public SSH keys or connect to their assigned systems through a web-shell. Commands can be shared across shells to make patching easier and eliminate redundant command execution. KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding. More details can be found in the following whitepaper: The Security Implications of SSH. Also, SSH key management is enabled by default to prevent unmanaged public keys and enforce best practices.
Licensing |
DownloadProject LeaderLinksClassifications
|
News and Events
| ||||||
- How do I import my own SSL cert?
- keytool -keystore keystore -import -alias jetty -file mycert.crt
- then just replace the keystore in the jetty/etc/ directory and you set the passwords in the jetty/modules/ssl.mod file (see Configuring Security Secure Passwords to set the password format)
- More information can be found at How to Configure SSL
- I have a reverse-proxy that already terminates TLS/SSL, how do I disable TLS/SSL?
- In the jetty directory edit the start.ini file and set
- --module=https
- to
- --module=http
- and change jetty.port=8443 to the needed port to be and restart. More information on jetty can be found - Jetty Documentation
Road Map
Add ability to save session and command line information to a large data store so it can be audited and reviewed. Compute and flag irregularities that could point security issues or improper use. Deploy to embedded network devices to act as a proxy for SSH connections.
Getting Involved
Currently packaged along with a web-server and can be downloaded from github
https://github.com/skavanagh/KeyBox/releases
