Skip to content

A web-based SSH console to execute commands and manage multiple EC2 instances simultaneously running on Amazon Web Services (AWS).

License

Notifications You must be signed in to change notification settings

fr0z3nfyr/EC2Box

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

EC2Box

A web-based ssh console to execute commands and manage multiple EC2 instances simultaneously running on Amazon Web Services (AWS). EC2Box allows you to share terminal commands and upload files to all your EC2 instances. Once the sessions have been opened you can select a single EC2 instance or any combination to run your commands. Also, additional instance administrators can be added and their terminal sessions and history can be audited.

Terminals

AMI in the AWS Marketplace

The simplest way to get started is to run the AMI from the AWS Marketplace.

http://aws.amazon.com/marketplace/pp/B076D7XMK6

Once the EC2Box instance is up and running, open your browser to https://<EC2 Instance IP>:443

Login with

username:admin 
password:<Instance ID>

EC2Box Releases

This software is free for non-commercial use under the AGPL licence!

Commercial users can purchase a license through an annual subscription and access the binary releases.

https://www.sshkeybox.com/subscription

Also, users can purchase through the AWS Marketplace.

Feel free to try out EC2Box using the build instructions below!

Prerequisites

Open-JDK / Oracle-JDK - 1.9 or greater

apt-get install openjdk-9-jdk

http://www.oracle.com/technetwork/java/javase/downloads/index.html

Maven 3 or greater (Only needed if building from source)

apt-get install maven

http://maven.apache.org

Loophole MVC (Only needed if building from source)

https://github.com/skavanagh/lmvc

Install FreeOTP or Google Authenticator to enable two-factor authentication with Android or iOS

Application Android iOS
FreeOTP Google Play iTunes
Google Authenticator Google Play iTunes

Build from Source

Export environment variables

export JAVA_HOME=/path/to/jdk
export M2_HOME=/path/to/maven
export PATH=$JAVA_HOME/bin:$M2_HOME/bin:$PATH

In the directory that contains the pom.xml run

mvn package jetty:run

Note: Doing a mvn clean will delete the H2 DB and wipe out all the data.

Using EC2Box

Open browser to https://<whatever ip>:8443

Login with

username:admin 
password:changeme

Note: When using the AMI instance, the password is defaulted to the <Instance ID>. Also, the AMI uses port 443 as in https://<Instance IP>:443

Steps:

  1. Set your AWS credentials
  2. Import the private key used on your EC2 systems (Note: The EC2 server will only show if the private key has been imported)
  3. Start composite-ssh sessions or create and execute a script across multiple sessions
  4. Add instance administrator accounts
  5. Audit sessions for instance administrators

Restricting User Access

Administrative access can be restricted through the use of tags defined in a user's profile. Profile tags must correspond to the instance tags that have been set through the AWS console.

Tags work on a name or name/value pair.

for example

tag-name
tag-name=mytag

or multiple

tag-name1,tag-name2
tag-name1=mytag1,tag-name2=mytag2

External Authentication

External Authentication can be enabled through the EC2BoxConfig.properties.

For example:

#specify a external authentication module (ex: ldap-ol, ldap-ad).  Edit the jaas.conf to set connection details
jaasModule=ldap-ol

Connection details need to be set in the jaas.conf file

ldap-ol {
	com.sun.security.auth.module.LdapLoginModule SUFFICIENT
	userProvider="ldap://hostname:389/ou=example,dc=ec2box,dc=com"
	userFilter="(&(uid={USERNAME})(objectClass=inetOrgPerson))"
	authzIdentity="{cn}"
	useSSL=false
	debug=false;
};

Administrators will be added as they are authenticated and profiles of systems may be assigned by full-privileged users.

User LDAP roles can be mapped to profiles defined in EC2Box through the use of the org.eclipse.jetty.jaas.spi.LdapLoginModule.

ldap-ol-with-roles {
    //openldap auth with roles that can map to profiles
    org.eclipse.jetty.jaas.spi.LdapLoginModule required
    debug="false"
    useLdaps="false"
    contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
    hostname="<SERVER>"
    port="389"
    bindDn="<BIND-DN>"
    bindPassword="<BIND-DN PASSWORD>"
    authenticationMethod="simple"
    forceBindingLogin="true"
    userBaseDn="ou=users,dc=ec2box,dc=com"
    userRdnAttribute="uid"
    userIdAttribute="uid"
    userPasswordAttribute="userPassword"
    userObjectClass="inetOrgPerson"
    roleBaseDn="ou=groups,dc=ec2box,dc=com"
    roleNameAttribute="cn"
    roleMemberAttribute="member"
    roleObjectClass="groupOfNames";
};

Users will be added/removed from defined profiles as they login and when the role name matches the profile name.

Screenshots

Two-Factor

Importing Keys

Select Instances

More Terminals

Upload Files

Disconnect

Acknowledgments

Special thanks goes to these amazing projects which makes this (and other great projects) possible.

Third-party dependencies are mentioned in the 3rdPartyLicenses.md

Dual License

EC2Box is available for non-commercial use under the Affero General Public License

A commercial license is also available through a subscription

https://www.sshkeybox.com/subscription

or when running an AMI from the AWS marketplace.

http://aws.amazon.com/marketplace/pp/B076PNFPCL

Author

Loophole, LLC - Sean Kavanagh

(Follow me on twitter for release updates, but mostly nonsense)

About

A web-based SSH console to execute commands and manage multiple EC2 instances simultaneously running on Amazon Web Services (AWS).

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Java 46.5%
  • JavaScript 29.3%
  • HTML 23.5%
  • CSS 0.7%