Public | Automated Build

Last pushed: 4 months ago
Short Description
Keybox for Docker/Rancher
Full Description

What is KeyBox?

KeyBox is an open-source web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users.
More information on sshkeybox.com or GitHub.

How to use this image

$ docker run -d -v /my/own/datadir:/opt/keybox/target/classes/keydb -p 8443:8443 maltyxx/keybox

You can replace /my/own/datadir with your preferred path on your host.

Now you can access keybox at https://host-ip:8443.

The default user is admin and the default password is changeme.

Environment Variables

All possible environment variables with their default values are listed below.

Set to true to regenerate and import SSH keys

KEYBOX_RESETAPPLICATIONSSHKEY=false

SSH key type 'dsa', 'rsa', or 'ecdsa' for generated keys

KEYBOX_SSHKEYTYPE=rsa

SSH key length for generated keys. 2048 => 'rsa','dsa'; 521 => 'ecdsa'

KEYBOX_SSHKEYLENGTH=2048

Private ssh key, leave blank to generate key pair

KEYBOX_PRIVATEKEY=

Public ssh key, leave blank to generate key pair

KEYBOX_PUBLICKEY=

Default passphrase, leave blank for key without passphrase

KEYBOX_DEFAULTSSHPASSPHRASE=${randomPassphrase}

Enable audit

KEYBOX_ENABLEINTERNALAUDIT=false

Keep audit logs for in days

KEYBOX_DELETEAUDITLOGAFTER=90

The number of seconds that the client will wait before sending a null packet to the server to keep the connection alive

KEYBOX_SERVERALIVEINTERVAL=60

Default timeout in minutes for websocket connection (no timeout for <=0)

KEYBOX_WEBSOCKETTIMEOUT=0

Enable SSH agent forwarding

KEYBOX_AGENTFORWARDING=false

Enable two-factor authentication with a one-time password - 'required', 'optional', or 'disabled'

KEYBOX_ONETIMEPASSWORD=optional

Set to false to disable key management. If false, the KeyBox public key will be appended to the authorized_keys file (instead of it being overwritten completely).

KEYBOX_KEYMANAGEMENTENABLED=true

Set to true to generate keys when added/managed by users and enforce strong passphrases set to false to allow users to set their own public key

KEYBOX_FORCEUSERKEYGENERATION=true

Authorized_keys refresh interval in minutes (no refresh for <=0)

KEYBOX_AUTHKEYSREFRESHINTERVAL=120

Regular expression to enforce password policy

KEYBOX_PASSWORDCOMPLEXITYREGEX=((?=.*\\d)(?=.*[A-Z])(?=.*[a-z])(?=.*[!@#$%^&*()+=]).{8\,20})

Password complexity error message

KEYBOX_PASSWORDCOMPLEXITYMSG=Passwords must be 8 to 20 characters\, contain one digit\, one lowercase\, one uppercase\, and one special character

HTTP header to identify client IP Address - 'X-FORWARDED-FOR'

KEYBOX_CLIENTIPHEADER=

Specify a external authentication module (ex: ldap-ol, ldap-ad). Edit the jaas.conf to set connection details

KEYBOX_JAASMODULE=

The session time out value of application in minutes

KEYBOX_SESSIONTIMEOUT=15

Requires JDK with "Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files" installed - http://www.oracle.com/technetwork/java/javase/downloads/index.html

KEYBOX_USE256ENCRYPTIONKEY=false

Database and connection pool settings

Database user

KEYBOX_DBUSER=keybox

Database password

KEYBOX_DBPASSWORD=keybox

Database JDBC driver

KEYBOX_DBDRIVER=org.h2.Driver

Connection URL to the DB

KEYBOX_DBCONNECTIONURL=jdbc:h2:keydb/keybox;CIPHER=AES;

Max connections in the connection pool

KEYBOX_MAXACTIVE=25

When true, objects will be validated before being returned by the connection pool

KEYBOX_TESTONBORROW=true

The minimum number of objects allowed in the connection pool before spawning new ones

KEYBOX_MINIDLE=2

The maximum amount of time (in milliseconds) to block before throwing an exception when the connection pool is exhausted

KEYBOX_MAXWAIT=15000

Example:

$ docker run -d -v /my/own/datadir:/opt/keybox/target/classes/keydb -p 8443:8443 maltyxx/keybox:2.90
Docker Pull Command
Owner
maltyxx
Source Repository