@@ -3,15 +3,119 @@ KeyBox is an open-source web-based SSH console that centrally manages administra
33Web-based administration is combined with management and distribution of user's public SSH keys.
44Key management and administration is based on profiles assigned to defined users.
55
6+ ## KeyBox - Version: 2.84.00
67
78## How to use this image
8- $ docker run -d -v /my/own/datadir:/a/data -p 8443:8443 adito/keybox
9- Now you can access keybox at "https://host-ip:8443 "
9+ ```
10+ $ docker run -d -v /my/own/datadir:/a/keydb -p 8443:8443 adito/keybox
11+ ```
12+ now you can access keybox at "https://host-ip:8443 "
1013
11- ## How to edit the keybox-config
14+ ## Variables
15+
16+ Example:
17+ ```
18+ $ docker run -d -v /my/own/datadir:/a/keydb -p 8443:8443 -e enableOTP=false adito/keybox
19+ ```
20+ I disabled two-factor-authentication in this example
21+
22+ #### here you can find all variables and their default values
23+
24+ set to true to regenerate and import SSH keys
25+ ```
26+ resetApplicationSSHKey=false
27+ ```
28+
29+ SSH Key Type 'dsa' or 'rsa' for generated keys
30+ ```
31+ sshKeyType=rsa
32+ ```
33+
34+ SSH Key Length for generated keys
35+ ```
36+ sshKeyLength=2048
37+ ```
38+
39+ private ssh key, leave blank to generate key pair
40+ ```
41+ privateKey=
42+ ```
43+
44+ public ssh key, leave blank to generate key pair
45+ ```
46+ publicKey=
47+ ```
48+
49+ default passphrase, leave blank for key without passphrase
50+ ```
51+ defaultSSHPassphrase=${randomPassphrase}
52+ ```
53+
54+ enable audit
55+ ```
56+ enableInternalAudit=false
57+ ```
58+
59+ keep audit logs for in days
60+ ```
61+ deleteAuditLogAfter=90
62+ ```
63+
64+ set an audit log server using log4j (ex: logstash). Edit the log4j.xml to configure appender.
65+ ```
66+ auditLogAppender=
67+ ```
68+
69+ The number of seconds that the client will wait before sending a null packet to the server to keep the connection alive
70+ ```
71+ serverAliveInterval=60
72+ ```
73+
74+ default timeout in minutes for websocket connection (no timeout for <=0)
75+ ```
76+ websocketTimeout=0
77+ ```
78+
79+ enable SSH agent forwarding
80+ ```
81+ agentForwarding=false
82+ ```
83+
84+ enable two-factor authentication
85+ ```
86+ enableOTP=true
87+ ```
88+
89+ enable key management
90+ ```
91+ keyManagementEnabled=true
92+ ```
93+
94+ set to true to generate keys when added/managed by users and enforce strong passphrases set to false to allow users to set their own public key
95+ ```
96+ forceUserKeyGeneration=true
97+ ```
98+
99+ authorized_keys refresh interval in minutes (no refresh for <=0)
100+ ```
101+ authKeysRefreshInterval=120
102+ ```
103+
104+ Regular expression to enforce password policy
105+ ```
106+ passwordComplexityRegEx=((?=.*\\d)(?=.*[A-Z])(?=.*[a-z])(?=.*[!@#$%^&*()+=]).{8\,20})
107+ ```
108+
109+ Password complexity error message
110+ ```
111+ passwordComplexityMsg=Passwords must be 8 to 20 characters\, contain one digit\, one lowercase\, one uppercase\, and one special character
112+ ```
113+
114+ specify a external authentication module (ex: ldap-ol, ldap-ad). Edit the jaas.conf to set connection details
115+ ```
116+ jaasModule=
117+ ```
12118
13- The keybox-config will be automatically created at the first container start in your "/my/own/datadir".
14- Now you can edit the file "KeyBoxConfig.properties".
15119
16120## Supported Docker versions
17121
0 commit comments