This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP KeyBox"

From OWASP
Jump to: navigation, search
(Blanked the page)
 
(16 intermediate revisions by the same user not shown)
Line 1: Line 1:
=Main=
 
  
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>
 
 
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 
| valign="top"  style="border-right: 1px dotted gray;padding-right:25px;" |
 
 
==OWASP KeyBox Project==
 
 
KeyBox is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users. KeyBox layers TLS/SSL on top of SSH and can act as a bastion host.
 
 
<br/>
 
[[File:KeyBox-Terminals.png|400px]]
 
 
==Description==
 
 
<p>
 
KeyBox is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users.
 
</p>
 
<p>
 
Administrators can login using two-factor authentication with
 
[https://fedorahosted.org/freeotp FreeOTP]
 
or
 
[https://github.com/google/google-authenticator Google Authenticator]
 
. From there they can create and manage public SSH keys or connect to their assigned systems through a web-shell. Commands can be shared across shells to make patching easier and eliminate redundant command execution.
 
</p>
 
<p>
 
KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding. More details can be found in the following whitepaper: [http://www.sans.org/reading-room/whitepapers/vpns/security-implications-ssh-1180 The Security Implications of SSH]. Also, SSH key management is enabled by default to prevent unmanaged public keys and enforce best practices.
 
</p>
 
<br/>
 
[[File:KeyBox-Arch.jpg|500px]]
 
 
==Licensing==
 
[https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]
 
 
| valign="top"  style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |
 
 
== Download ==
 
[https://github.com/skavanagh/KeyBox/releases Download now]
 
 
== Project Leader ==
 
 
[mailto:[email protected] Sean Kavanagh]
 
 
== Links ==
 
*[https://github.com/skavanagh/KeyBox KeyBox on Github]
 
*[https://github.com/skavanagh/KeyBox/blob/master/README.md README]
 
*[http://sshkeybox.com Website]
 
 
==Classifications==
 
 
  {| width="200" cellpadding="2"
 
  |-
 
  | colspan="2" align="center"  | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]
 
  |-
 
  | align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
 
  |-
 
  | align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]
 
  |-
 
  | colspan="2" align="center"  | [https://tldrlegal.com/license/apache-license-2.0-%28apache-2.0%29 Apache 2.0]
 
  |}
 
 
| valign="top"  style="padding-left:25px;width:200px;" |
 
 
== News and Events ==
 
<span style="color:#ff0000">
 
* 2015-04-21: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.83.00 KeyBox v2.83.00]
 
* 2015-03-13: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.82.00 KeyBox v2.82.00]
 
* 2015-03-03: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.80.00 KeyBox v2.80.00]
 
* 2015-02-25: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.76.00 KeyBox v2.76.00]
 
</span>
 
 
|}
 
 
=FAQs=
 
 
* How do I import my own SSL cert?
 
 
::keytool -keystore keystore -import -alias jetty -file mycert.crt
 
::then just replace the keystore in the jetty/etc/ directory and you set the passwords in the jetty/modules/ssl.mod file (see [http://www.eclipse.org/jetty/documentation/current/configuring-security-secure-passwords.html Configuring Security Secure Passwords] to set the password format)
 
::More information can be found at [http://wiki.eclipse.org/Jetty/Howto/Configure_SSL How to Configure SSL]
 
 
 
* I have a reverse-proxy that already terminates TLS/SSL, how do I disable TLS/SSL?
 
 
::In the jetty directory edit the start.ini file and set
 
 
::--module=https
 
 
::to
 
 
::--module=http
 
 
::and change jetty.port=8443 to the needed port to be and restart. More information on jetty can be found - [http://www.eclipse.org/jetty/documentation/current/ Jetty Documentation]
 
 
= Acknowledgements =
 
 
==Contributors==
 
 
[mailto:[email protected] Sean Kavanagh]
 
 
==Special Thanks==
 
 
[http://www.jcraft.com/jsch JSch] Java Secure Channel - by [https://github.com/ymnk ymnk]
 
 
[https://github.com/chjj/term.js terms.js] A terminal written in javascript - by [https://github.com/chjj chjj]
 
 
= Road Map and Getting Involved =
 
 
==Road Map==
 
 
Add ability to save session and command line information to a large data store so it can be audited and reviewed.  Compute and flag irregularities that could point security issues or improper use.  Deploy to embedded network devices to act as a proxy for SSH connections.
 
 
==Getting Involved==
 
 
 
=Minimum Viable Product=
 
 
Currently packaged along with a web-server and can be downloaded from github
 
 
[https://github.com/skavanagh/KeyBox/releases https://github.com/skavanagh/KeyBox/releases]
 
 
 
 
__NOTOC__ <headertabs />
 
 
[[Category:OWASP Project]]  [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]]  [[Category:OWASP_Tool]]
 

Latest revision as of 20:11, 27 December 2017