Comments (4)
I was kind of hoping KeyBox wasn't popular enough to have an upgrade process :)
The DB structure has changed, but It shouldn't be too bad to write something to migrate the data!
If you can backup these three files:
id_dsa, id_dsa.pub, keybox.h2.db
in your jetty/keybox/WEB-INF/classes/com/keybox/common/db directory
and I'll try to write a utility to migrate the data in the next day or two.
Thanks John!
from bastillion.
I absolutely love it. I'm managing a ton of servers and developers actively. Once I get my head around how to do dev using jetty and the like I'll be issuing some pull requests to fix some of the UI issues I've stumbled on.
I'm okay using 1.8 for now.
Moving the keys into the DB makes a ton of sense, however these keys are really important as they give the keys to the kingdom. I've backed these up onto our encrypted file store for emergencies. How would you do this in the new version?
I've figured out h2 console thing that fires up in firefox and found the db user/password in the source, so I guess that is a hacky option in the future :)
from bastillion.
UI is definitely not my strong suit!!
2.0 is a little different, user's aren't for managing SSH keys anymore. User's are used to create accounts to the application itself. And you create a user to have 'Full Access' (which is the same as the admin user) or just have access to SSH to the systems set in their profile. There is still a place for public keys and that is setup pretty much as before (except you can add a key for 'All systems' in addition to a specific profile).
There are a couple things that I've been fighting with myself about and the keys are definitely one of them. It's more secure if I store them in the DB and remove from the filesystem, but like you said they are not accessible. I wouldn't be against leaving the keys there and having the application still store and use the ones from the DB. That way you could back them up if you wanted. ..but you would still need the passphrase which is stored in the DB.
In 2.0 maybe the thing to do would be before you add any systems, add your own super-secret SSH key and associate it with 'All systems'. And as you add systems, the super-secret key would be set for them when KeyBox adds its own key (and you can really do that with 1.8 now and just have a user setup for the super-secret key and associate with a profile that has all the systems). That way if something happened and you lost the DB you could still get into your systems with that key.
I'm very open to suggestions with this and like I said its been something I've been fighting with.
I do want to change how adding a public key works in 2.0, though. Currently when you add a public key it will go out to all the servers and the add the key in one request. I'm thinking about making it a 2-step process, so you distribute the keys like 1.8 worked. It would probably be a little more robust and save time if you have a lot of keys to add.
Maybe you should wait until 2.1 to upgrade :)
from bastillion.
Here try this...
Download
Then run on the backup of id_dsa, id_dsa.pub, keybox.h2.db
- java -jar keybox-migration-1_8_54_to_2_0.jar /id_dsa /id_dsa.pub /keybox.h2.db
and that should create a 2_0-keybox.h2.db file
Then download a clean copy of 2.0 and untar it
Then move 2_0-keybox.h2.db to the jetty/keybox/WEB-INF/classes/com/keybox/common/db directory for the 2.0 installation and rename it keybox.h2.db
- mv 2_0-keybox.h2.db <whatever path to 2.0>/jetty/keybox/WEB-INF/classes/com/keybox/common/db/keybox.h2.db
Then you should just be able to startup 2.0 and login with 'admin' and 'changeme' and change your password.
There is no reason why you couldn't try this out on its own and not effect your 1.8 installation. Let me know how it goes!!
Thanks John!
from bastillion.
Related Issues (20)
- automatically deletes exisiting authorized_keys HOT 2
- Enable ssh options HOT 1
- Local Install - javax.crypto.IllegalBlockSizeException HOT 1
- LDAPS useSLL=true HOT 1
- Error when starting bastillion in docker HOT 3
- armhf java 17: Can not initialize cryptographic mechanism
- Unable to display correctly special characters like graph lines in Terminals HOT 1
- Bastillion behind Apache ReverseProxy HOT 1
- Last line of terminal does not render properly HOT 1
- Administrativ users with multiple profiles
- Show key length
- There is Limitation?
- Problem resize
- Is there a way in UI when creating script to use variable such as username?
- HTTP ERROR 503 Service Unavailable HOT 2
- 3.14.1 Release HOT 5
- authorized_keys file got empty for instances behind bastillion server
- Error after upgrade to 3.15.00 HOT 3
- Stuck during installation. HOT 5
- Illegal char <:> at index 2: /C:/ HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bastillion.