These days, organizing as much as possible of your work (or that of your coworkers/friends/relatives…) to do on remote servers can be much more productive than sticking to desktop applications — as long, of course, as you are the one that controls those servers. Too bad, because the only way to perform non-routine maintenance on a remote server is to work on a command line, every time. Or that’s what many people believe, at least. Instead, as you’ll see in a moment, this is not always true.

In fact, even if you and your partners need to run some custom shell script on your server, it’s possible to set things up so that, after the initial configuration, everybody with the right access credentials can do it by clicking into a web browser. One Free Software tool to make this happen is KeyBox.

KeyBox makes it easier to delegate the execution of scripts on remote machines, even to partners who, for whatever reason, won’t touch a command line: you define the script(s), and they can still decide to run them by themselves, even if you’re offline.

This happens because KeyBox provides a way to manage OpenSSH v2 public keys and shell scripts to be distributed or executed on defined systems.” What this means, in practice, is that with KeyBox you can:

  • configure and distribute the digital keys that let only authorized users and computers run scripts or simple commands on your remote servers
  • define and upload only once any script that should be manually run on one or more remote servers

All this from one, simple graphical interface that is accessible from any browser. Another reason to use KeyBox may be that it gives its administrator the possibility to run shell scripts on remote servers even from somebody else’s computer and/or when only web access is available!

How KeyBox works

Technically speaking, the KeyBox web pages and forms that you see in your browser are generated by the Jetty Open Source Web server (alternative home page here). All sensitive data are stored into an SQLite3 database, which is a single file called keybox.db. Jetty comes with the Java project management tool called Maven. A nice little introduction to creating web services with Jetty and Maven is here. Luckily, you don’t really need to study all this stuff to use KeyBox.

Installing KeyBox

KeyBox may run either on a local computer, or on one of the servers that it helps to manage. Wherever you put it, don’t forget to include its keybox.db file in your backup plans! The dependence on Maven and Jetty is not a problem, as those tools are available as binary packages for most Gnu/Linux distributions. Just be prepared to see a lot of extra packages installed (241 on my Fedora 17 box!) to satisfy all the dependencies.

Once that part is over, to install KeyBox, you must simply download and expand its archive in a folder of your choice. To start the program, type (or add to your server startup scripts) this command:

cd KEYBOXDIR; mvn package jetty:run

KEYBOXDIR is the folder you’ll get by expanding the KeyBox archive. mvn is the Maven executable: the command above tells Maven to start Jetty which, by default, will follow the instructions in the file called pom.xml in the same folder. The README file explains other actions you can perform in the same way. “mvn clean”, for example, will delete the KeyBox database.

Using KeyBox

Once Jetty is up and running KeyBox, point your browser to port 8090 of the computer on which you installed KeyBox. That would be http://localhost:8090 if it’s running on your desktop, or http://your.website.com:8090 if it’s on your website. Change the admin password to something different from the default “changeme”, and you’re ready to go.

In KeyBox you can define as many systems, users, and system profiles as you want. I suggest you perform these operations in the same order in which they are listed in the KeyBox side bar (Figure A):

A KeyBox “system” is any remote computer on which you want to run scripts through KeyBox. For each system you must define the parameters for passwordless SSH connections (Figure B) and a display name (“website” and “email” in Figure C).

Figure B

Figure C

The exact details for setting up passwordless logins and the corresponding SSH key files vary from one Gnu/Linux distribution to the next: please check the documentation and support forums of the one(s) you use for all details.

KeyBox system profiles allow you to order and group tasks and users in whatever way suits your needs. You may, for example, create a “backup” profile that authorized users can select to run backups on different servers.

Figures D to F show the result, that is THE reason to install and use KeyBox: you can define how many scripts you want, pasting their code in the KeyBox form, run them with one click on their name and see what happened, all without leaving your browser. Convenient, isn’t it?

Figure D

Figure E

Figure F

(NOTE: the “script” in the picture is just one single command, instead of the real backup script, simply because I wanted all its output to fit in the one small screenshot of Figure F)