Public | Automated Build

Last pushed: 6 days ago
Short Description
Keybox for Docker/Rancher
Full Description

What is KeyBox?

KeyBox is an open-source web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users.
More information on sshkeybox.com or GitHub.

How to use this image

$ docker run -d -v /my/own/datadir:/opt/keybox/jetty/keybox/WEB-INF/classes/keydb -p 8443:8443 maltyxx/keybox

You can replace /my/own/datadir with your preferred path on your host.

Now you can access keybox at https://host-ip:8443.

The default user is admin and the default password is changeme.

Environment Variables

All possible environment variables with their default values are listed below.

resetApplicationSSHKey=false

set to true to regenerate and import SSH keys

sshKeyType=rsa

SSH key type 'dsa', 'rsa', or 'ecdsa' for generated keys

sshKeyLength=2048

SSH key length for generated keys. 2048 => 'rsa','dsa'; 521 => 'ecdsa'

privateKey=

private ssh key, leave blank to generate key pair

publicKey=

public ssh key, leave blank to generate key pair

defaultSSHPassphrase=${randomPassphrase}

default passphrase, leave blank for key without passphrase

enableInternalAudit=false

enable audit

deleteAuditLogAfter=90

keep audit logs for in days

serverAliveInterval=60

The number of seconds that the client will wait before sending a null packet to the server to keep the connection alive

websocketTimeout=0

default timeout in minutes for websocket connection (no timeout for <=0)

agentForwarding=false

enable SSH agent forwarding

oneTimePassword=optional

enable two-factor authentication with a one-time password - 'required', 'optional', or 'disabled'

keyManagementEnabled=true

set to false to disable key management. If false, the KeyBox public key will be appended to the authorized_keys file (instead of it being overwritten completely).

forceUserKeyGeneration=true

set to true to generate keys when added/managed by users and enforce strong passphrases set to false to allow users to set their own public key

authKeysRefreshInterval=120

authorized_keys refresh interval in minutes (no refresh for <=0)

passwordComplexityRegEx=((?=.*\\d)(?=.*[A-Z])(?=.*[a-z])(?=.*[!@#$%^&*()+=]).{8\,20})

Regular expression to enforce password policy

passwordComplexityMsg=Passwords must be 8 to 20 characters\, contain one digit\, one lowercase\, one uppercase\, and one special character

Password complexity error message

clientIPHeader=

HTTP header to identify client IP Address - 'X-FORWARDED-FOR'

jaasModule=

specify a external authentication module (ex: ldap-ol, ldap-ad). Edit the jaas.conf to set connection details

H2 DB and Connection Pool settings

maxActive=25

Max connections in the connection pool

testOnBorrow=true

When true, objects will be validated before being returned by the connection pool

minIdle=2

The minimum number of objects allowed in the connection pool before spawning new ones

maxWait=15000

The maximum amount of time (in milliseconds) to block before throwing an exception when the connection pool is exhausted

Example:

$ docker run -d -v /my/own/datadir:/opt/keybox/jetty/keybox/WEB-INF/classes/keydb -p 8443:8443 maltyxx/keybox
Docker Pull Command
Owner
maltyxx
Source Repository

Comments (0)