Installs KeyBox into a Linux container
KeyBox is an open-source web-based SSH console that centrally manages administrative access to systems.
A bastion host for administrators with features that promote infrastructure security, including key management and auditing
docker create --name=keybox \ -v /etc/localtime:/etc/localtime:ro \ -v <path to db>:/db \ -e DOCKUID=<UID default:10020> \ -e DOCKGID=<GID default:10020> \ -p 8443:8443 ndgconsulting/docker-keybox
When you start the
keybox image, you can adjust the configuration of the
keybox instance by passing one or more environment variables on the
docker run command line.
This variable is not mandatory and specifies the user id that will be set to run the application. It has default value
This variable is not mandatory and specifies the group id that will be set to run the application. It has default value
All possible environment variables with their default values are listed below.
set to true to regenerate and import SSH keys. It has default value
SSH key type 'dsa', 'rsa', or 'ecdsa' for generated keys. It has default value
SSH key length for generated keys. 2048 => 'rsa','dsa'; 521 => 'ecdsa'. It has default value
private ssh key, leave blank to generate key pair.
public ssh key, leave blank to generate key pair.
default passphrase, leave blank for key without passphrase. It has default value
enable audit. It has default value
keep audit logs for in days. It has default value
The number of seconds that the client will wait before sending a null packet to the server to keep the connection alive. It has default value
default timeout in minutes for websocket connection (no timeout for <=0). It has default value
enable SSH agent forwarding. It has default value
enable two-factor authentication with a one-time password - 'required', 'optional', or 'disabled'. It has default value
set to false to disable key management. If false, the KeyBox public key will be appended to the authorized_keys file (instead of it being overwritten completely). It has default value
set to true to generate keys when added/managed by users and enforce strong passphrases set to false to allow users to set their own public key. It has default value
authorized_keys refresh interval in minutes (no refresh for <=0). It has default value
Regular expression to enforce password policy. It has default value
Password complexity error message. It has default value
Passwords must be 8 to 20 characters\, contain one digit\, one lowercase\, one uppercase\, and one special character
HTTP header to identify client IP Address - 'X-FORWARDED-FOR'.
Specify a external authentication module (ex: ldap-ol, ldap-ad). Edit the
jaas.conf to set connection details.
Path to the H2 DB file. Leave Blank to use default location. It has default value
Max connections in the connection pool. It has default value
When true, objects will be validated before being returned by the connection pool. It has default value
The minimum number of objects allowed in the connection pool before spawning new ones. It has default value
The maximum amount of time (in milliseconds) to block before throwing an exception when the connection pool is exhausted. It has default value
- The docker entrypoint will upgrade operating system at each startup.