KeyBox is a web-based SSH console that centrally manages administrative access to systems. The web-based administration is combined with management and distribution of user’s public SSH keys. Key management and administration are based on profiles assigned to defined users.

Prerequisites

  • Java JDK 1.8 or greater

Installation

  • Download KeyBox from the following the link :

https://github.com/skavanagh/KeyBox/releases/download/v2.90.00/keybox-jetty-v2.90_00.tar.gz

  • Untar the following KeyBox package with the following command,

               $ tar xzf keybox-jetty-vX.XX.tar.gz

  • Export Environment variables

              $ export JAVA_HOME=/path/to/jdk

              $ export PATH=$JAVA_HOME/bin:$PATH

  • Change the directory to new KeyBox folder and start KeyBox by running following command (Best practice is to always run a script with sshkeybox user. If sshkeybox user does not exist then create it first)

             $ sh startKeyBox.sh

  • After that, open your browser and type https://<IP-of-your-server>:8443. You will see a login screen for KeyBox. (Default Username: admin and password: changeme)

Fig.1 KeyBox Login Screen

  • After Login, you will be asked for Two-Factor Authentication. If you want to setup Two-Factor authentication for your KeyBox then scan the QR code which is showing on screen via FreeOTP or Google Authenticator. You will get 6-digits code for your login and then click on Got It!

Fig.2 Two-Factor Authentication

  • If you don’t want to setup Two-factor Authentication then click on Skip for the Now option.

NOTE: If you click on Got It button without scanning the QR code then KeyBox won’t allow you to login without entering OTP code.

Configuration

After login into KeyBox, the Main Menu window will appear on screen from here we can configure KeyBox for servers. We can add Profiles, Users and Systems in KeyBox which we need to access from the web console. Let’s learn more about them:

Fig. 3 Main Menu window

  1. Systems: You can add as many servers in KeyBox under System tab
  2. Profiles: You can make profiles for particular group of users and assign them to one system
  3. Users: You can add a User to KeyBox and manage their permissions.

Add a System in KeyBox

Before Adding system in KeyBox, you have to configure following things in remote server as well as in KeyBox server

  • On KeyBox server open “KeyBox-jetty/jetty/keybox/WEB-INF/classes/KeyBoxConfig.properties” file and do following changes:

              KeyManagementEnabled=false

              AuthKeysRefreshInterval=0

  • On Remote server, under “/etc/ssh/sshd_config” do following changes:

              PubkeyAuthentication=yes

              PasswordAuthentication=yes

To add a System in KeyBox, Go to HomeSystemAdd SystemDetailsSubmit

Fig. 4 Add a System

KeyBox will now add its own key into “/home/sshkeybox/.ssh/authorized_keys” file.

After adding a System,

  • On Remote server, under “/etc/ssh/sshd_config” do following changes:

              PasswordAuthentication=no

Add Users in KeyBox

You can add many users in KeyBox and give them “Administrative Access” or “Full Access”.

To add a user, HomeUsersAdd usersDetailsSubmit

Fig. 5 Add User

Add Profile in KeyBox

After adding a System and User, let’s add them into Profile to further access modification

Adding a Profile is very simple process, you need to go HomeProfilesAdd ProfileSubmit

After creating a profile, you need to Assign User as well as System to that particular Profile so that only included Users can access to included systems.

Fig. 6 Configuring a Profile

Composite SSH terms

After completing all steps mentioned above, you are good to access your server via KeyBox. For that, go to HomeComposite SSH terms → select system for SSH → Create SSH terminal

Fig. 7 SSH Terminal

And you will see an SSH console via web browser

Conclusion

By using KeyBox it is easy to manage all your servers at one place with security. It is always best to use tools which provide an extra layer security for your traditional security setup and KeyBox is a perfect example of such tools.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>


CAPTCHA Image
Reload Image