This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

OWASP KeyBox

From OWASP
Revision as of 02:55, 12 November 2015 by Skavanagh (talk | contribs) (News and Events)

Jump to: navigation, search
OWASP Project Header.jpg

OWASP KeyBox Project

KeyBox is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users. KeyBox layers TLS/SSL on top of SSH and can act as a bastion host.


KeyBox-Terminals.png

Description

KeyBox is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users.

Administrators can login using two-factor authentication with FreeOTP or Google Authenticator . From there they can create and manage public SSH keys or connect to their assigned systems through a web-shell. Commands can be shared across shells to make patching easier and eliminate redundant command execution.

KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding. More details can be found in the following whitepaper: The Security Implications of SSH. Also, SSH key management is enabled by default to prevent unmanaged public keys and enforce best practices.


KeyBox-Arch.jpg

Licensing

Apache 2.0

Download

Download now

Project Leader

Sean Kavanagh

Links

Classifications

Project Type Files TOOL.jpg
Incubator Project
Owasp-defenders-small.png
Apache 2.0

News and Events

  • How do I import my own SSL cert?
keytool -keystore keystore -import -alias jetty -file mycert.crt
then just replace the keystore in the jetty/etc/ directory and you set the passwords in the jetty/modules/ssl.mod file (see Configuring Security Secure Passwords to set the password format)
More information can be found at How to Configure SSL


  • I have a reverse-proxy that already terminates TLS/SSL, how do I disable TLS/SSL?
In the jetty directory edit the start.ini file and set
--module=https
to
--module=http
and change jetty.port=8443 to the needed port to be and restart. More information on jetty can be found - Jetty Documentation

Contributors

Sean Kavanagh

Special Thanks

JSch Java Secure Channel - by ymnk

terms.js A terminal written in javascript - by chjj

Road Map

Add ability to save session and command line information to a large data store so it can be audited and reviewed. Compute and flag irregularities that could point security issues or improper use. Deploy to embedded network devices to act as a proxy for SSH connections.

Getting Involved

Currently packaged along with a web-server and can be downloaded from github

https://github.com/skavanagh/KeyBox/releases


Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_KeyBox&oldid=203321"