This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP KeyBox"
(→News and Events) |
(→News and Events) |
||
| Line 65: | Line 65: | ||
== News and Events == | == News and Events == | ||
<span style="color:#ff0000"> | <span style="color:#ff0000"> | ||
| + | * 2015-11-30: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.85.00 KeyBox v2.85.00] | ||
* 2015-11-06: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.84.01 KeyBox v2.84.01] | * 2015-11-06: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.84.01 KeyBox v2.84.01] | ||
* 2015-10-03: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.84.00 KeyBox v2.84.00] | * 2015-10-03: Release - [https://github.com/skavanagh/KeyBox/releases/tag/v2.84.00 KeyBox v2.84.00] | ||
Revision as of 00:28, 8 December 2015
OWASP KeyBox ProjectKeyBox is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users. KeyBox layers TLS/SSL on top of SSH and can act as a bastion host.
DescriptionKeyBox is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users. Administrators can login using two-factor authentication with FreeOTP or Google Authenticator . From there they can create and manage public SSH keys or connect to their assigned systems through a web-shell. Commands can be shared across shells to make patching easier and eliminate redundant command execution. KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding. More details can be found in the following whitepaper: The Security Implications of SSH. Also, SSH key management is enabled by default to prevent unmanaged public keys and enforce best practices.
Licensing |
DownloadProject LeaderLinksClassifications
|
News and Events
| ||||||
- How do I import my own SSL cert?
- keytool -keystore keystore -import -alias jetty -file mycert.crt
- then just replace the keystore in the jetty/etc/ directory and you set the passwords in the jetty/modules/ssl.mod file (see Configuring Security Secure Passwords to set the password format)
- More information can be found at How to Configure SSL
- I have a reverse-proxy that already terminates TLS/SSL, how do I disable TLS/SSL?
- In the jetty directory edit the start.ini file and set
- --module=https
- to
- --module=http
- and change jetty.port=8443 to the needed port to be and restart. More information on jetty can be found - Jetty Documentation
Road Map
Add ability to save session and command line information to a large data store so it can be audited and reviewed. Compute and flag irregularities that could point security issues or improper use. Deploy to embedded network devices to act as a proxy for SSH connections.
Getting Involved
Currently packaged along with a web-server and can be downloaded from github
https://github.com/skavanagh/KeyBox/releases
