KeyBox - Open-source Web-based SSH Console

KeyBox - Open-source Web-based SSH Console

KeyBox is a Web-based SSH console that centrally manages administrative access to systems. The web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration are based on profiles assigned to defined users.

Administrators can login using two-factor authentication with FreeOTP or Google Authenticator. From there they can manage their public SSH keys or connect to their systems through a web-shell. Commands can be shared across shells to make patching easier and eliminate redundant command execution.

KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling/port forwarding. More details can be found in the following whitepaper: The Security Implications of SSH. Also, SSH key management is enabled by default to prevent unmanaged public keys and enforce best practices.


  • Java JDK 1.8 or greater
  • Browser with Web Socket support
  • Maven 3 or greater
  • FreeOTP or Google Authenticator to enable two-factor authentication with Android or iOS.


  • Centralized user control - Grant access to systems through administrative profiles and user accounts.
  • Prevent SSH key sprawl and access mismanagement - Administrators set keys and distribute to systems through profiles. Strong passphrases are enforced by default for SSH keys on registered systems. Also, any administrative key can be disabled forcing key rotation.
  • Productivity - Instead of making the same changes on systems individually, share commands across systems. Eliminates redundancy when patching or debugging issues.
  • Portability - Run SSH through the browser without requiring client software or browser plugins.
  • Layered Protocols - Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling/port forwarding.
  • Infrastructure protection - A hardened version of KeyBox could act as a bastion host allowing for centralized administration through SSH, proxying traffic into a DMZ or perimeter network.
  • Auditable (experimental) - Audit the administrative activity on the systems. Prevents malicious users from deleting history or logs.

KeyBox Terminals

No comments

Powered by Blogger.