A web-based ssh console to execute commands and manage multiple EC2 instances simultaneously running on Amazon Web Services (AWS). EC2Box allows you to share terminal commands and upload files to all your EC2 instances. Once the sessions have been opened you can select a single EC2 instance or any combination to run your commands. Also, additional instance administrators can be added and their terminal sessions and history can be audited.
The simplest way to get started is to run the AMI from the AWS Marketplace.
http://aws.amazon.com/marketplace/pp/B076D7XMK6
Once the EC2Box instance is up and running, open your browser to https://<EC2 Instance IP>:443
Login with
username:admin
password:<Instance ID>
This software is free for non-commercial use under the AGPL licence!
Commercial users can purchase a license through an annual subscription and access the binary releases.
https://www.sshkeybox.com/subscription
Also, users can purchase through the AWS Marketplace.
Feel free to try out EC2Box using the build instructions below!
Open-JDK / Oracle-JDK - 1.9 or greater
apt-get install openjdk-9-jdk
http://www.oracle.com/technetwork/java/javase/downloads/index.html
Maven 3 or greater (Only needed if building from source)
apt-get install maven
Loophole MVC (Only needed if building from source)
Install FreeOTP or Google Authenticator to enable two-factor authentication with Android or iOS
| Application | Android | iOS |
|---|---|---|
| FreeOTP | Google Play | iTunes |
| Google Authenticator | Google Play | iTunes |
Export environment variables
export JAVA_HOME=/path/to/jdk
export M2_HOME=/path/to/maven
export PATH=$JAVA_HOME/bin:$M2_HOME/bin:$PATH
In the directory that contains the pom.xml run
mvn package jetty:run
Note: Doing a mvn clean will delete the H2 DB and wipe out all the data.
Open browser to https://<whatever ip>:8443
Login with
username:admin
password:changeme
Note: When using the AMI instance, the password is defaulted to the <Instance ID>. Also, the AMI uses port 443 as in https://<Instance IP>:443
Steps:
- Set your AWS credentials
- Import the private key used on your EC2 systems (Note: The EC2 server will only show if the private key has been imported)
- Start composite-ssh sessions or create and execute a script across multiple sessions
- Add instance administrator accounts
- Audit sessions for instance administrators
Administrative access can be restricted through the use of tags defined in a user's profile. Profile tags must correspond to the instance tags that have been set through the AWS console.
Tags work on a name or name/value pair.
for example
tag-name
tag-name=mytag
or multiple
tag-name1,tag-name2
tag-name1=mytag1,tag-name2=mytag2
External Authentication can be enabled through the EC2BoxConfig.properties.
For example:
#specify a external authentication module (ex: ldap-ol, ldap-ad). Edit the jaas.conf to set connection details
jaasModule=ldap-ol
Connection details need to be set in the jaas.conf file
ldap-ol {
com.sun.security.auth.module.LdapLoginModule SUFFICIENT
userProvider="ldap://hostname:389/ou=example,dc=ec2box,dc=com"
userFilter="(&(uid={USERNAME})(objectClass=inetOrgPerson))"
authzIdentity="{cn}"
useSSL=false
debug=false;
};
Administrators will be added as they are authenticated and profiles of systems may be assigned by full-privileged users.
User LDAP roles can be mapped to profiles defined in EC2Box through the use of the org.eclipse.jetty.jaas.spi.LdapLoginModule.
ldap-ol-with-roles {
//openldap auth with roles that can map to profiles
org.eclipse.jetty.jaas.spi.LdapLoginModule required
debug="false"
useLdaps="false"
contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
hostname="<SERVER>"
port="389"
bindDn="<BIND-DN>"
bindPassword="<BIND-DN PASSWORD>"
authenticationMethod="simple"
forceBindingLogin="true"
userBaseDn="ou=users,dc=ec2box,dc=com"
userRdnAttribute="uid"
userIdAttribute="uid"
userPasswordAttribute="userPassword"
userObjectClass="inetOrgPerson"
roleBaseDn="ou=groups,dc=ec2box,dc=com"
roleNameAttribute="cn"
roleMemberAttribute="member"
roleObjectClass="groupOfNames";
};
Users will be added/removed from defined profiles as they login and when the role name matches the profile name.
Special thanks goes to these amazing projects which makes this (and other great projects) possible.
Third-party dependencies are mentioned in the 3rdPartyLicenses.md
EC2Box is available for non-commercial use under the Affero General Public License
A commercial license is also available through a subscription
https://www.sshkeybox.com/subscription
or when running an AMI from the AWS marketplace.
http://aws.amazon.com/marketplace/pp/B076PNFPCL
Loophole, LLC - Sean Kavanagh
(Follow me on twitter for release updates, but mostly nonsense)