Bastillion Features
- Centralized user control - Grant access to systems through administrative profiles and user accounts.
- Prevent SSH key sprawl and access mismanagement - Administrators set keys and distribute to systems through profiles. Strong passphrases are enforced by default for SSH keys on registered systems. Also, any administrative key can be disabled forcing key rotation.
- Productivity - Instead of making the same changes on systems individually, share commands across systems. Eliminates redundancy when patching or debugging issues.
- Portability - Run SSH through the browser without requiring client software or browser plugins.
- Layered Protocols - Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding.
- Infrastructure protection - A hardened version of Bastillion could act as a bastion host allowing for centralized administration through SSH, proxying traffic into a DMZ or perimeter network. (see diagram)
- Auditable (experimental) - Audit the administrative activity on the systems. Prevents malicious users from deleting history or logs.
Composite SSH terminals. Total control.
Execute commands on multiple systems simultaneously. Upload files to selected systems. Once the sessions have been opened you can select a single terminal window or any combination to run your commands.
Manage, distribute, & disable public SSH keys
Bastillion works through the authorized_keys file on systems that are registered. Users can generate an SSH key and distribute to any systems set in their profile. Strong passphrases are enforced when keys are set to be generated through the application. Users with full-privileges may review and disable any administrative key forcing rotation.
With Bastillion users set or generate their own keys, discouraging private keys from being shared, sent over email, etc..
Two-Factor Authentication. Secure your users.
Supports Two-Factor via FreeOTP or Google Authenticator on your Android or iOS device.
| FreeOTP | |
|---|---|
| Android | Google Play |
| iOS | iTunes |
| Google Authenticator | |
| Android | Google Play |
| iOS | iTunes |
Control user access. Secure your systems.
Create users and assign system profiles. Users can login to Bastillion via the web-console, but have limited privileges and can only access systems that have been assigned through their profile. System access can be removed at anytime removing any keys the user has associated with the system. Authentication may be integrated with LDAP in which roles can be mapped to profiles defined in Bastillion. Users will be added/removed from defined profiles as they login and when the role name matches the profile name.
Audit SSH sessions
Once enabled, users with full-privileges may audit other administrative user sessions. Ensure systems are managed within organizational guidelines. Through its logging utility, Bastillion can be configured to send logs to a central logging server. (eg. logstash)
Bastillion for EC2
A web-based ssh console to execute commands and manage multiple EC2 instances simultaneously running on Amazon Web Services (AWS). Bastillion for EC2 allows you to share terminal commands and upload files to all your EC2 instances. Once the sessions have been opened you can select a single EC2 instance or any combination to run your commands. Also, additional instance administrators can be added and their terminal sessions and history can be audited.