|
|
| (29 intermediate revisions by the same user not shown) |
| Line 1: |
Line 1: |
| − | =Main=
| |
| | | | |
| − | <div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>
| |
| − |
| |
| − | {| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| |
| − | | valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |
| |
| − |
| |
| − | <span style="color:#ff0000">
| |
| − | Instructions are in RED text and should be removed from your document by deleting the text with the span tags. This document is intended to serve as an example of what is required of an OWASP project wiki page. The text in red serves as instructions, while the text in black serves as an example. Text in black is expected to be replaced entirely with information specific to your OWASP project.
| |
| − | </span>
| |
| − |
| |
| − | ==OWASP KeyBox Project==
| |
| − |
| |
| − | KeyBox is a web-based SSH console that centrally manages administrative access to systems. It combines key management and administration through profiles assigned to defined users. KeyBox layers TLS/SSL on top of SSH and can act as a bastion host.
| |
| − |
| |
| − | ==Description==
| |
| − |
| |
| − |
| |
| − | <p>
| |
| − | KeyBox is a web-based SSH console that centrally manages administrative access to systems. KeyBox combines key management and administration through profiles assigned to defined users.
| |
| − | </p>
| |
| − | <p>
| |
| − | Administrators can login using two-factor authentication with
| |
| − | [https://fedorahosted.org/freeotp FreeOTP]
| |
| − | or
| |
| − | [https://github.com/google/google-authenticator Google Authenticator]
| |
| − | . From there they can create and manage public SSH keys or connect to their assigned systems through a web-shell. Commands can be shared across shells to make patching easier and eliminate redundant command execution.
| |
| − | </p>
| |
| − | <p>
| |
| − | KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding. More details can be found in the following whitepaper: [http://www.sans.org/reading-room/whitepapers/vpns/security-implications-ssh-1180 The Security Implications of SSH]. Also, SSH key management is enabled by default to prevent unmanaged public keys and enforce best practices.
| |
| − | </p>
| |
| − |
| |
| − | ==Licensing==
| |
| − | [https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]
| |
| − |
| |
| − | | valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |
| |
| − |
| |
| − | == Quick Download ==
| |
| − | [https://github.com/skavanagh/KeyBox/releases Download now]
| |
| − |
| |
| − | == Project Leader ==
| |
| − |
| |
| − | | |
| − |
| |
| − | == Repository ==
| |
| − | [https://github.com/skavanagh/KeyBox KeyBox on Github]
| |
| − |
| |
| − | ==Classifications==
| |
| − |
| |
| − | {| width="200" cellpadding="2"
| |
| − | |-
| |
| − | | colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]
| |
| − | |-
| |
| − | | align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| |
| − | |-
| |
| − | | align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]
| |
| − | |-
| |
| − | | colspan="2" align="center" | [https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]
| |
| − | |}
| |
| − |
| |
| − | | valign="top" style="padding-left:25px;width:200px;" |
| |
| − |
| |
| − | == News and Events ==
| |
| − | <span style="color:#ff0000">
| |
| − | * 2015-03-03: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.80.00 KeyBox v2.80.00]
| |
| − | * 2015-02-25: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.76.00 KeyBox v2.76.00]
| |
| − | </span>
| |
| − |
| |
| − | |}
| |
| − |
| |
| − | =FAQs=
| |
| − |
| |
| − | * I have a reverse-proxy that already terminates TLS/SSL, how do I disable TLS/SSL?
| |
| − |
| |
| − | ::In the jetty directory edit the start.ini file and set
| |
| − |
| |
| − | ::--module=https
| |
| − |
| |
| − | ::to
| |
| − |
| |
| − | ::--module=http
| |
| − |
| |
| − | ::and change jetty.port=8443 to the needed port to be and restart. More information on jetty can be found - [http://www.eclipse.org/jetty/documentation/current/ Jetty Documentation]
| |
| − |
| |
| − | = Acknowledgements =
| |
| − |
| |
| − | ==Contributors==
| |
| − |
| |
| − | | |
| − |
| |
| − | ==Special Thanks==
| |
| − |
| |
| − | [http://www.jcraft.com/jsch JSch] Java Secure Channel - by [https://github.com/ymnk ymnk]
| |
| − |
| |
| − | [https://github.com/chjj/term.js terms.js] A terminal written in javascript - by [https://github.com/chjj chjj]
| |
| − |
| |
| − | = Road Map and Getting Involved =
| |
| − |
| |
| − | ==Road Map==
| |
| − |
| |
| − | Add ability to save session and command line information to a large data store so it can be audited and reviewed. Compute and flag irregularities that could point security issues or improper use. Deploy to embedded network devices to act as a proxy for SSH connections.
| |
| − |
| |
| − | ==Getting Involved==
| |
| − |
| |
| − |
| |
| − | =Minimum Viable Product=
| |
| − |
| |
| − | Currently packaged along with a web-server and can be downloaded from github
| |
| − |
| |
| − | [https://github.com/skavanagh/KeyBox/releases https://github.com/skavanagh/KeyBox/releases]
| |
| − |
| |
| − |
| |
| − |
| |
| − | __NOTOC__ <headertabs />
| |
| − |
| |
| − | [[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]
| |
