How to set up Bastillion with LDAP authentication?

Edit the jaas.conf file to define LDAP login modules and set jaasModule=ldap-ol in BastillionConfig.properties. This maps LDAP roles to Bastillion profiles, syncing users upon first login.

Bastillion vs Teleport: which is better for SSH access?

Bastillion is a self-hosted, Java-based tool focused on web terminals and key management, ideal for simple bastion hosting. Teleport is Go-based, offers broader features like Kubernetes access, and is better for large-scale, cloud-native environments.

Is Bastillion free to use in production?

It's available under the Prosperity Public License, which allows free use but may impose restrictions on commercial applications. Always review the license terms, as it's not a standard open-source license like MIT or Apache.

How to enable auditing in Bastillion?

Uncomment the audit-appender and io.bastillion.manage.util.SystemAudit in log4j2.xml, then set enableInternalAudit=true in BastillionConfig.properties. Logs will capture session details and command execution for security compliance.

Can Bastillion manage SSH keys for cloud instances?

Yes, it can distribute keys to any system with SSH access, including cloud servers. However, integration with cloud provider IAM or metadata services requires manual configuration, as it's not built-in.

How to run Bastillion in daemon mode on Linux?

Use ./startBastillion.sh --daemon after setting JAVA_HOME, which runs it in the background with logs stored in jetty/logs/. This is useful for production deployments to keep the service running persistently.

KeyBox — Web-Based SSH Console

What is KeyBox?

Bastillion is a modern, web-based SSH console and key management tool that centralizes secure access to multiple systems. It functions as a bastion host with a friendly dashboard, allowing administrators to manage SSH keys, launch web terminals, and enforce security policies like two-factor authentication. The project solves the problem of decentralized and insecure SSH access management in infrastructure environments.

Target Audience

System administrators, DevOps engineers, and security teams managing SSH access across multiple servers or cloud instances. It is particularly useful for organizations needing centralized, auditable, and secure remote access management.

Value Proposition

Developers choose Bastillion for its clean, browser-based interface that simplifies SSH management without sacrificing security. Its unique selling point is combining bastion host functionality with key management, two-factor authentication, and web-based terminals in a single self-hosted platform.

A modern, web-based SSH console and key management tool. Bastillion gives you a clean, browser-based way to manage SSH access across all your systems. Think of it like a bastion host with a friendly dashboard.

Use Cases

Best For

Centralizing SSH access management across a fleet of servers
Enforcing two-factor authentication for SSH connections
Managing and distributing SSH public keys from a single dashboard
Providing web-based terminal access for teams without local SSH clients
Auditing SSH sessions and command execution
Integrating SSH management with existing LDAP directories

Not Ideal For

Environments requiring minimal resource footprint, as Bastillion's Java 21 runtime adds significant overhead compared to lightweight SSH tools
Teams already using infrastructure-as-code platforms like Ansible or Terraform that manage SSH keys directly, adding an unnecessary layer
Scenarios where SSH access must be entirely offline or air-gapped, as Bastillion relies on web-based connectivity and external dependencies
Organizations needing real-time, multi-user terminal collaboration beyond basic command sharing

Pros & Cons

Pros

Strong Authentication Support

Implements two-factor authentication with Authy or Google Authenticator and integrates with LDAP for external user management, enhancing login security and enterprise compatibility.

Centralized Key Management

Provides a dashboard to distribute and manage SSH public keys across systems, simplifying key rotation and access control as highlighted in the SSH key management settings.

Web-Based Terminal Access

Allows launching secure web shells directly from the browser, eliminating the need for local SSH clients and enabling access from any device with a web interface.

Modern Cryptographic Standards

Defaults to Ed25519 SSH keys and supports Ed448, offering up-to-date encryption with performance benefits, as noted in the custom SSH key pair configuration.

Cons

Java Dependency Overhead

Requires Java 21, which adds installation complexity and resource usage, making it heavier than native SSH solutions or tools written in languages like Go.

Complex Configuration Setup

Involves editing multiple files like BastillionConfig.properties and jaas.conf for LDAP, which can be error-prone and time-consuming for quick deployments.

Auditing Disabled by Default

Critical auditing features are not enabled out-of-the-box, requiring manual edits to log4j2.xml and properties files, which could lead to security oversights.

Proprietary License Restrictions

Uses the Prosperity Public License instead of a permissive open-source license, potentially limiting commercial use and community contributions.

What is KeyBox?

Target Audience

Value Proposition

Use Cases

Best For

Centralizing SSH access management across a fleet of servers
Enforcing two-factor authentication for SSH connections
Managing and distributing SSH public keys from a single dashboard
Providing web-based terminal access for teams without local SSH clients
Auditing SSH sessions and command execution
Integrating SSH management with existing LDAP directories

Not Ideal For

Environments requiring minimal resource footprint, as Bastillion's Java 21 runtime adds significant overhead compared to lightweight SSH tools
Teams already using infrastructure-as-code platforms like Ansible or Terraform that manage SSH keys directly, adding an unnecessary layer
Scenarios where SSH access must be entirely offline or air-gapped, as Bastillion relies on web-based connectivity and external dependencies
Organizations needing real-time, multi-user terminal collaboration beyond basic command sharing

Pros & Cons

Pros

Strong Authentication Support

Implements two-factor authentication with Authy or Google Authenticator and integrates with LDAP for external user management, enhancing login security and enterprise compatibility.

Centralized Key Management

Provides a dashboard to distribute and manage SSH public keys across systems, simplifying key rotation and access control as highlighted in the SSH key management settings.

Web-Based Terminal Access

Allows launching secure web shells directly from the browser, eliminating the need for local SSH clients and enabling access from any device with a web interface.

Modern Cryptographic Standards

Defaults to Ed25519 SSH keys and supports Ed448, offering up-to-date encryption with performance benefits, as noted in the custom SSH key pair configuration.

Cons

Java Dependency Overhead

Requires Java 21, which adds installation complexity and resource usage, making it heavier than native SSH solutions or tools written in languages like Go.

Complex Configuration Setup

Involves editing multiple files like BastillionConfig.properties and jaas.conf for LDAP, which can be error-prone and time-consuming for quick deployments.

Auditing Disabled by Default

Critical auditing features are not enabled out-of-the-box, requiring manual edits to log4j2.xml and properties files, which could lead to security oversights.

Proprietary License Restrictions

Uses the Prosperity Public License instead of a permissive open-source license, potentially limiting commercial use and community contributions.

KeyBox

What is KeyBox?

Overview

Use Cases

Best For

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions

Found a gem we're missing?

KeyBox

What is KeyBox?

Overview

Use Cases

Best For

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions

Found a gem we're missing?