All Projects → bastillion-io → Bastillion Ec2

bastillion-io / Bastillion Ec2

Licence: agpl-3.0
A web-based SSH console to execute commands and manage multiple EC2 instances simultaneously running on Amazon Web Services (AWS).

Programming Languages

javascript
184084 projects - #8 most used programming language
java
68154 projects - #9 most used programming language

Projects that are alternatives of or similar to Bastillion Ec2

Bastillion
Bastillion is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys.
Stars: ✭ 2,730 (+565.85%)
Mutual labels:  ssh, ssh-client, ssh-server
Ssb
Secure Shell Bruteforcer — A faster & simpler way to bruteforce SSH server
Stars: ✭ 832 (+102.93%)
Mutual labels:  ssh, ssh-client, ssh-server
Wolfssh
wolfSSH is a small, fast, portable SSH implementation, including support for SCP and SFTP.
Stars: ✭ 142 (-65.37%)
Mutual labels:  ssh, ssh-client, ssh-server
Ec2connect
Stars: ✭ 53 (-87.07%)
Mutual labels:  aws, ec2, ssh
Aws Gate
Better AWS SSM Session manager CLI client
Stars: ✭ 294 (-28.29%)
Mutual labels:  aws, ec2, ssh
Ssh Mitm
ssh mitm server for security audits supporting public key authentication, session hijacking and file manipulation
Stars: ✭ 335 (-18.29%)
Mutual labels:  ssh, ssh-client, ssh-server
Gossm
💻Interactive CLI tool that you can connect to ec2 using commands same as start-session, ssh in AWS SSM Session Manager
Stars: ✭ 192 (-53.17%)
Mutual labels:  aws, ec2, ssh
Bridgy
cloud inventory + ssh + tmux + sshfs
Stars: ✭ 374 (-8.78%)
Mutual labels:  aws, ec2, ssh
sshcon
Quick and simple SSH config management tool
Stars: ✭ 29 (-92.93%)
Mutual labels:  ssh, ssh-client
sshsyrup
A low-to-medium interaction SSH Honeypot with features to capture terminal activity and upload to asciinema.org
Stars: ✭ 84 (-79.51%)
Mutual labels:  ssh, ssh-server
ansible-ssh-keys
Ansible role to manage ssh keys in Debian-like systems
Stars: ✭ 26 (-93.66%)
Mutual labels:  ssh-server, ssh-client
sshtools
Java SSH tools - easier SSH & SFTP in Java
Stars: ✭ 15 (-96.34%)
Mutual labels:  ssh, ssh-client
aws-ssm-ec2-proxy-command
AWS SSM EC2 SSH Proxy Command
Stars: ✭ 115 (-71.95%)
Mutual labels:  ssh, ec2
ssh-python
Python bindings for libssh C library.
Stars: ✭ 19 (-95.37%)
Mutual labels:  ssh, ssh-client
async-ssh2-lite
docs.rs/async-ssh2-lite
Stars: ✭ 35 (-91.46%)
Mutual labels:  ssh, ssh-client
Colab Ssh
Connect to Google Colab using SSH
Stars: ✭ 249 (-39.27%)
Mutual labels:  ssh, ssh-server
Spark Jupyter Aws
A guide on how to set up Jupyter with Pyspark painlessly on AWS EC2 clusters, with S3 I/O support
Stars: ✭ 259 (-36.83%)
Mutual labels:  aws, ec2
jsch
fork of the popular jsch library
Stars: ✭ 127 (-69.02%)
Mutual labels:  ssh, ssh-client
rsp
Rapid SSH Proxy
Stars: ✭ 223 (-45.61%)
Mutual labels:  ssh, ssh-client
Autossh
No password ssh client for Mac/Linux, one key login remote server. 一个SSH远程客户端,可一键登录远程服务器,主要用来弥补Mac/Linux Terminal SSH无法保存密码的不足。
Stars: ✭ 273 (-33.41%)
Mutual labels:  ssh, ssh-client

Bastillion for EC2 Bastillion for EC2

A web-based ssh console to execute commands and manage multiple EC2 instances simultaneously running on Amazon Web Services (AWS). Bastillion-EC2 allows you to share terminal commands and upload files to all your EC2 instances. Once the sessions have been opened you can select a single EC2 instance or any combination to run your commands. Also, additional instance administrators can be added and their terminal sessions and history can be audited.

Terminals

Bastillion for EC2 Releases

Bastillion-EC2 is available for free use under the Affero General Public License

https://github.com/bastillion-io/Bastillion-EC2/releases

or purchase from the AWS marketplace

https://aws.amazon.com/marketplace/pp/Loophole-LLC-Bastillion-for-EC2/B076D7XMK6

Prerequisites

Open-JDK / Oracle-JDK - 1.9 or greater

apt-get install openjdk-9-jdk

http://www.oracle.com/technetwork/java/javase/downloads/index.html

Install Authy or Google Authenticator to enable two-factor authentication with Android or iOS

Application Android iOS
Authy Google Play iTunes
Google Authenticator Google Play iTunes

To Run Bundled with Jetty

Download bastillion-ec2-jetty-vXX.XX.tar.gz

https://github.com/bastillion-io/Bastillion-EC2/releases

Export environment variables

for Linux/Unix/OSX

 export JAVA_HOME=/path/to/jdk
 export PATH=$JAVA_HOME/bin:$PATH

for Windows

 set JAVA_HOME=C:\path\to\jdk
 set PATH=%JAVA_HOME%\bin;%PATH%

Start Bastillion

for Linux/Unix/OSX

    ./startBastillion-EC2.sh

for Windows

    startBastillion-EC2.bat

More documentation at: https://www.bastillion.io/docs/bastillion-ec2/index.html

Build from Source

Install Maven 3 or greater

apt-get install maven

http://maven.apache.org

Install Loophole MVC

https://github.com/bastillion-io/lmvc

Export environment variables

export JAVA_HOME=/path/to/jdk
export M2_HOME=/path/to/maven
export PATH=$JAVA_HOME/bin:$M2_HOME/bin:$PATH

In the directory that contains the pom.xml run

mvn package jetty:run

Note: Doing a mvn clean will delete the H2 DB and wipe out all the data.

Using Bastillion-EC2

Open browser to https://<whatever ip>:8443

Login with

username:admin 
password:changeme

Note: When using the AMI instance, the password is defaulted to the <Instance ID>. Also, the AMI uses port 443 as in https://<Instance IP>:443

Steps:

  1. Set your AWS credentials for the following properties in the Bastillion-EC2.properties file.
    #AWS IAM access key
    accessKey=
    #AWS IAM secret key
    secretKey=
    
  2. Configure an IAM Role with Account ID for your user and set generated ARN in Bastillion-EC2
  3. Import the Bastillion-EC2 public SSH key to the EC2 AWS console.
  4. Create EC2 instanaces with the imported key.
  5. Start composite-ssh sessions or create and execute a script across multiple sessions
  6. Add instance administrator accounts

More info at https://www.bastillion.io/docs/bastillion-ec2/index.html

Restricting User Access

Administrative access can be restricted through the use of tags defined in a user's profile. Profile tags must correspond to the instance tags that have been set through the AWS console.

Tags work on a name or name/value pair.

for example

tag-name
tag-name=mytag

or multiple

tag-name1,tag-name2
tag-name1=mytag1,tag-name2=mytag2

Supplying a Custom SSH Key Pair

Bastillion-EC2 generates its own public/private SSH key upon initial startup for use when registering systems. You can specify a custom SSH key pair in the Bastillion-EC2Config.properties file.

For example:

#set to true to regenerate and import SSH keys  --set to true
resetApplicationSSHKey=true

#SSH Key Type 'dsa' or 'rsa'
sshKeyType=rsa

#private key  --set pvt key
privateKey=/Users/kavanagh/.ssh/id_rsa

#public key  --set pub key
publicKey=/Users/kavanagh/.ssh/id_rsa.pub

#default passphrase  --leave blank if passphrase is empty
defaultSSHPassphrase=myPa$$w0rd

After startup and once the key has been registered it can then be removed from the system. The passphrase and the key paths will be removed from the configuration file.

External Authentication

External Authentication can be enabled through the Bastillion-EC2Config.properties.

For example:

#specify a external authentication module (ex: ldap-ol, ldap-ad).  Edit the jaas.conf to set connection details
jaasModule=ldap-ol

Connection details need to be set in the jaas.conf file

ldap-ol {
	com.sun.security.auth.module.LdapLoginModule SUFFICIENT
	userProvider="ldap://hostname:389/ou=example,dc=bastillion,dc=com"
	userFilter="(&(uid={USERNAME})(objectClass=inetOrgPerson))"
	authzIdentity="{cn}"
	useSSL=false
	debug=false;
};

Administrators will be added as they are authenticated and profiles of systems may be assigned by full-privileged users.

User LDAP roles can be mapped to profiles defined in Bastillion-EC2 through the use of the org.eclipse.jetty.jaas.spi.LdapLoginModule.

ldap-ol-with-roles {
    //openldap auth with roles that can map to profiles
    org.eclipse.jetty.jaas.spi.LdapLoginModule required
    debug="false"
    useLdaps="false"
    contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
    hostname="<SERVER>"
    port="389"
    bindDn="<BIND-DN>"
    bindPassword="<BIND-DN PASSWORD>"
    authenticationMethod="simple"
    forceBindingLogin="true"
    userBaseDn="ou=users,dc=bastillion,dc=com"
    userRdnAttribute="uid"
    userIdAttribute="uid"
    userPasswordAttribute="userPassword"
    userObjectClass="inetOrgPerson"
    roleBaseDn="ou=groups,dc=bastillion,dc=com"
    roleNameAttribute="cn"
    roleMemberAttribute="member"
    roleObjectClass="groupOfNames";
};

Users will be added/removed from defined profiles as they login and when the role name matches the profile name.

Auditing

Auditing is disabled by default. Audit logs can be enabled through the log4j2.xml by uncommenting the io.bastillion.manage.util.SystemAudit and the audit-appender definitions.

https://github.com/bastillion-io/Bastillion-EC2/blob/master/src/main/resources/log4j2.xml#L19-L22

Auditing through the application is only a proof of concept. It can be enabled in the BastillionConfig.properties.

#enable audit  --set to true to enable
enableInternalAudit=true

Acknowledgments

Special thanks goes to these amazing projects which makes this (and other great projects) possible.

Third-party dependencies are mentioned in the 3rdPartyLicenses.md

AGPL License

Bastillion-EC2 is available use under the Affero General Public License

Author

Loophole, LLC - Sean Kavanagh

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].