This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP KeyBox"

From OWASP
Jump to: navigation, search
Line 65: Line 65:
 
== News and Events ==
 
== News and Events ==
 
<span style="color:#ff0000">
 
<span style="color:#ff0000">
 +
* 2017-01-01: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.88.00 KeyBox v2.88.00]
 +
* 2016-11-09: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.87.01 KeyBox v2.87.01]
 +
* 2016-10-22: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.87.00 KeyBox v2.87.00]
 
* 2016-07-24: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.86.00 KeyBox v2.86.00]
 
* 2016-07-24: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.86.00 KeyBox v2.86.00]
 
* 2016-04-24: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.85.03 KeyBox v2.85.03]
 
* 2016-04-24: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.85.03 KeyBox v2.85.03]

Revision as of 01:17, 4 January 2017

OWASP Project Header.jpg

OWASP KeyBox Project

KeyBox is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users. KeyBox layers TLS/SSL on top of SSH and can act as a bastion host.


KeyBox-Terminals.png

Description

KeyBox is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users.

Administrators can login using two-factor authentication with FreeOTP or Google Authenticator . From there they can create and manage public SSH keys or connect to their assigned systems through a web-shell. Commands can be shared across shells to make patching easier and eliminate redundant command execution.

KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding. More details can be found in the following whitepaper: The Security Implications of SSH. Also, SSH key management is enabled by default to prevent unmanaged public keys and enforce best practices.


KeyBox-Arch.jpg

Licensing

Apache 2.0

Download

Download now

Project Leader

Sean Kavanagh

Links

Classifications

Project Type Files TOOL.jpg
Incubator Project
Owasp-defenders-small.png
Apache 2.0

News and Events