Qnap [ Bastillion ] [ 3.14.0 ] Web-based SSH console that centrally manages administrative access to systems

QoolBox

QoolBox

Représentant QNAP
2 Janvier 2014
10 559
163
153
50
France
www.qnap.com
qpkg_icon_80.gif

Source : https://github.com/bastillion-io/Bastillion

68747470733a2f2f7777772e62617374696c6c696f6e2e696f2f696d616765732f73637265656e73686f74732f6d656469756d2f7465726d696e616c732e706e67


Download :

https://www.myqnap.org/product/bastillion/

QPKG INFO :

HTTP on port 8256 / HTTPS on port 8443

Login with

username:admin
password:changeme

About :

Web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys.

Administrators can login using two-factor authentication with FreeOTP or Google Authenticator. From there they can manage their public SSH keys or connect to their systems through a web-shell. Commands can be shared across shells to make patching easier and eliminate redundant command execution.

Bastillion layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding. More details can be found in the following whitepaper: Implementing a Trusted Third-Party System for Secure Shell. Also, SSH key management is enabled by default to prevent unmanaged public keys and enforce best practices.
 
Dernière édition:
Très intéressant merci, je m'en vais essayer ça :)

edit : Pas mal du tout ! mais ... pourquoi le certificat HTTPS est-il mauvais ? Il est de "Sean Kavanagh".

edit 2 : je pense que c'est lié à ça : https://www.bastillion.io/docs/installation/ssl/ (vu que c'est l'auteur). D'où la remarque : "It's highly recommend to install a new SSL certificate that is under your control and not use the certificate that came with the software.", la en l'état ça craint car le HTTPS n'est pas fiable, le certif est connu de tous.
 
Non justement il donne la procédure pour le changer le certif dans le lien, je suis en train d'essayer de le faire mais ce sera écrasé par les update si c'est pas remonté :-?

"You can generate a new self-signed cert and create a keystore with this command. It is highly recommended to not use the one that came with the software. This is a massive security vulnerability because the private key it publicly accessible! Alternatively, you can reuse an existing certificate pair." de l'auteur.
 
3.10.00

Code: 
Upgraded all dependencies including jquery to 3.5.1.
Added map option for default profile on Ldap authentication
Up'ed encryption key size to 256 default

To migrate from 3.08.00

Code: 
Backup previous bastillion.h2.db data store (possibly named keybox.h2.db)
Copy old jetty/bastillion/WEB-INF/classes/keydb folder (and it's contents) to the jetty/bastillion/WEB-INF/classes directory of the new installation.
Copy old jetty/bastillion/WEB-INF/classes/bastillion.jceks to the /jetty/bastillion/WEB-INF/classes directory of the new installation.
Copy old jetty/bastillion/WEB-INF/classes/BastillionConfig.properties to the /jetty/bastillion/WEB-INF/classes directory of the new installation.
Adjust settings or copy as needed for the jaas.conf, log4j2.xml, keystore, jetty-ssl.xml and jetty-http.xml
 
Vous devez vous connecter ou vous enregistrer pour répondre ici.
Haut Bas
Retour