
KeyBox: Web-Based SSH Access and Key Management - crunk
https://github.com/skavanagh/KeyBox
======
ak4g
> By default KeyBox will overwrite all values in the specified authorized_keys
> file for a system.

This honestly seems like a terrible default. I want an explicit _something_
when I'm about to lock myself out of my systems.

OTOH, the prerequisites are substantial enough that you're hardly likely to
install it by accident. I suppose it's a better fit for brand-new hosts on
both fronts. (But then, as I see it, all the hard parts around key management
are around getting it reliably deployed across the entire system, which means
also on old, long-running boxes. If we could all wipe our prod infra and start
again from read-only media ((which we should probably do more often, to the
extent that circumstances permit)) it wouldn't nearly as hard of a problem.)

~~~
kondor6c
Add your key to authorized_keys2, however its been deprecated since 2001 (ref:
[http://marc.info/?l=openssh-unix-
dev&m=100508718416162&w=2](http://marc.info/?l=openssh-unix-
dev&m=100508718416162&w=2) )

------
sgt
It cannot possibly be a good user experience to use SSH via a web browser.
Good for emergencies, sure, but not for day to day work.

~~~
markbnj
I don't know, Google has a web-based shell for their cloud platform that uses
oauth and deploys keys (very similar to the OP project) and it's not half bad.
I do still prefer to ssh in from the command line using gcloud, but the web-
based tool is acceptable.

------
murcs
"KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for
administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot
be exposed through tunneling / port forwarding."

Okay: you connect with your browser to the server over tls and from there via
ssh to the server ... where does the layering come into play?

~~~
jamiesonbecker
I think what he's saying is that you can't get directly to SSH, but have to go
through the TLS web control panel.

This seems to make an assumption that the security is equal to these two (web
I/F w/ TLS plus SSH) combined in a chain, when in fact I think it now
introduces a possibly weaker link.

And now I'm the one making an assumption that: if you can break into KeyBox,
then you have full control over the OpenSSH connection too. Ultimately it
comes down to which you trust more: KeyBox or OpenSSH.

(Note that this is also partly true of things that just create user accounts
and sudo roles like Userify, but Userify provides a much lower degree of
direct control over the remote server as opposed to a channel straight into
that server. Even if you broke Userify, you'd still need to gain access to
SSH, which might not even be possible from your network, and certainly all of
that would show up in your logs anyway, since it's pure SSH turtles all the
way down...)

------
616c
If people like this, they will probably find the Apache Guacamole project
interesting. I was surprised to here it is a superset of this (RDP/VNC/SSH
bastion box) but also handles key auth, perhaps insecurely architecturally,
even if they have passwords for the remote desktop stuff compressing it and
then sending it over HTTPS using a protocol they designed back in 2006. They
added SSH to boot.

[http://guacamole.incubator.apache.org/](http://guacamole.incubator.apache.org/)

The main dev had a wonderful interview on SE Daily.

[http://softwareengineeringdaily.com/2016/06/27/apache-
guacam...](http://softwareengineeringdaily.com/2016/06/27/apache-guacamole-
and-remote-desktop-with-mike-jumper/)

------
ak217
I actually think web-based SSH is not a bad idea, I just wish NaSSH (the
Chromium shell) was better used.

If you're interested in centralized key management that doesn't compromise
private key security, I have written this for EC2:
[https://github.com/kislyuk/keymaker](https://github.com/kislyuk/keymaker). It
uses IAM to store public keys, and each instance fetches them on demand.

------
hagbarddenstore
Who would use this and why would they use it? On all the servers I have access
to, I manage one key, my own key. Why would I need a "SSH Access and Key
Management" system for a single key?

~~~
lox
Imagine a team of 20 developers sharing cloud infrastructure. Key additions
and revocations ends up being time consuming.

~~~
jamescun
Generally this should be managed by configuration management (Chef, Puppet et
al), which makes key additions and revocations trivial.

Additionally OpenSSH supports CA signing of public keys with user metadata,
which I've found to pair nicely with LDAP.

~~~
Karunamon
Yeah... coming at this from the standpoint of a heavily invested Saltstack
user, I really don't see the reason for this to exist. It removes all the
other cool things SSH does besides just giving you a shell, with a much,
_much_ worse user experience.

------
feld
If you want an appliance that does this and more you should probably look at
[http://www.wheelsystems.com/en/products/wheel-fudo-
pam/](http://www.wheelsystems.com/en/products/wheel-fudo-pam/)

~~~
lucaspiller
Or just go full enterprise and setup LDAP/Active Directory.

~~~
feld
How does that compare with what FUDO can do? FUDO intercepts and records ssh,
rdp, vnc, mysql, oracle, etc. It can allow users to login to servers without
actually knowing the real credentials. You can use the web interface to
"share" a session with a remote support engineer and choose when they can have
control over the session, etc etc.

------
faded242
Prerequisites: Java JDK 1.8 or greater Aaand I'm out

~~~
kondor6c
Why? Deploying an application with Java is very easy and you can have intense
monitoring built in with out having to use a third party like NewRelic (even
though NewRelic adds a lot).

~~~
CaptSpify
not op but....

Java is always a mess to debug/troubleshoot. It eats memory worse than a
bloated browser, and is _slooooooow_. I personally avoid projects that require
java if I can help it.

~~~
icedchai
It's actually not slow, and has some of the best monitoring and debugging
facilities of any mainstream language.

~~~
CaptSpify
I'm going to have to flat out disagree with you. I hear this all the time from
java devs, but have never seen it in real life. Every implementation I've
personally seen of java is extremely slow, and has horrible debugging
utilities.

~~~
icedchai
Ok. I'm going to have to disagree since I've seen it in real life several
times. Also many large distributed system projects, such as Cassandra,
Elasticsearch, Hadoop, etc. are all written in Java.

~~~
CaptSpify
I guess we'll just have to disagree due to differing experiences. How does a
language being used in different distributed system projects mean it's fast?
It's just the language they chose to go with. That decision could have nothing
to do with speed.

~~~
icedchai
I was mainly talking about the logging and monitoring facilities, not speed.
Though those projects are all quite fast. It's not 1996 anymore.

------
d1_mo
Shameless co-founder plug: If you're looking for web based ssh also check out
[https://mist.io](https://mist.io)

------
kbar13
what's the sell on this over ldap?

~~~
viraptor
Exactly this - I don't understand this service. You lose your normal terminal,
stdin/out redirection, port forwarding, (probably) special keys handling, and
others. And instead you get what openldap provides. This service even
integrates with your own openldap!

------
d33
Java and SSH... should not mix.

~~~
akerro
Still better than Node...

