This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

OWASP KeyBox

From OWASP
Revision as of 01:19, 28 March 2015 by Skavanagh (talk | contribs) (Description)

Jump to: navigation, search
OWASP Project Header.jpg

OWASP KeyBox Project

KeyBox is a web-based SSH console that centrally manages administrative access to systems. It combines key management and administration through profiles assigned to defined users. KeyBox layers TLS/SSL on top of SSH and can act as a bastion host.

Description

KeyBox is a web-based SSH console that centrally manages administrative access to systems. KeyBox combines key management and administration through profiles assigned to defined users.

Administrators can login using two-factor authentication with FreeOTP or Google Authenticator . From there they can create and manage public SSH keys or connect to their assigned systems through a web-shell. Commands can be shared across shells to make patching easier and eliminate redundant command execution.

KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding. More details can be found in the following whitepaper: The Security Implications of SSH. Also, SSH key management is enabled by default to prevent unmanaged public keys and enforce best practices.

KeyBox-Arch.jpg

Licensing

Apache 2.0

Download

Download now

Project Leader

Sean Kavanagh

Links

Classifications

Project Type Files TOOL.jpg
Incubator Project
Owasp-defenders-small.png
Apache 2.0

News and Events

  • I have a reverse-proxy that already terminates TLS/SSL, how do I disable TLS/SSL?
In the jetty directory edit the start.ini file and set
--module=https
to
--module=http
and change jetty.port=8443 to the needed port to be and restart. More information on jetty can be found - Jetty Documentation

Contributors

Sean Kavanagh

Special Thanks

JSch Java Secure Channel - by ymnk

terms.js A terminal written in javascript - by chjj

Road Map

Add ability to save session and command line information to a large data store so it can be audited and reviewed. Compute and flag irregularities that could point security issues or improper use. Deploy to embedded network devices to act as a proxy for SSH connections.

Getting Involved

Currently packaged along with a web-server and can be downloaded from github

https://github.com/skavanagh/KeyBox/releases


Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_KeyBox&oldid=192338"