Bastillion is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys.
Clone or download
Latest commit 8addab2 Jan 13, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
src Added license for EC2 Dec 13, 2018
.gitignore Add Manage System Status "DNS lookup Failed" Feb 25, 2015 Keybox 3.0 - Added Java JDK 8/10 support May 19, 2018 Keybox 3.0 - Added Java JDK 8/10 support May 19, 2018 Update Dec 21, 2018
pom.xml Updated dependencies Jan 13, 2019

Bastillion Bastillion

Bastillion is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users.

Administrators can login using two-factor authentication with FreeOTP or Google Authenticator. From there they can manage their public SSH keys or connect to their systems through a web-shell. Commands can be shared across shells to make patching easier and eliminate redundant command execution.

Bastillion layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding. More details can be found in the following whitepaper: Implementing a Trusted Third-Party System for Secure Shell. Also, SSH key management is enabled by default to prevent unmanaged public keys and enforce best practices.


Bastillion Releases

Commercial users can purchase a license through an annual subscription and access the binary releases.

Feel free to download and try out Bastillion for a limited amount of users(6) or systems(12)

or try our web-shell demo!


Open-JDK / Oracle-JDK - 1.9 or greater

apt-get install openjdk-9-jdk

Install FreeOTP or Google Authenticator to enable two-factor authentication with Android or iOS

Application Android iOS
FreeOTP Google Play iTunes
Google Authenticator Google Play iTunes

To Run Bundled with Jetty

Download bastillion-jetty-vXX.XX.tar.gz

Export environment variables

for Linux/Unix/OSX

 export JAVA_HOME=/path/to/jdk
 export PATH=$JAVA_HOME/bin:$PATH

for Windows

 set JAVA_HOME=C:\path\to\jdk
 set PATH=%JAVA_HOME%\bin;%PATH%

Start Bastillion

for Linux/Unix/OSX


for Windows


More Documentation at:

Build from Source

Install Maven 3 or greater

apt-get install maven

Install Loophole MVC

Export environment variables

export JAVA_HOME=/path/to/jdk
export M2_HOME=/path/to/maven
export PATH=$JAVA_HOME/bin:$M2_HOME/bin:$PATH

In the directory that contains the pom.xml run

mvn package jetty:run

Note: Doing a mvn clean will delete the H2 DB and wipe out all the data.

Using Bastillion

Open browser to https://<whatever ip>:8443

Login with


Note: When using the AMI instance, the password is defaulted to the <Instance ID>. Also, the AMI uses port 443 as in https://<Instance IP>:443

Managing SSH Keys

By default Bastillion will overwrite all values in the specified authorized_keys file for a system. You can disable key management by editing file and use Bastillion only as a bastion host. This file is located in the jetty/bastillion/WEB-INF/classes directory. (or the src/main/resources directory if building from source)

#set to false to disable key management. If false, the Bastillion public key will be appended to the authorized_keys file (instead of it being overwritten completely).

Also, the authorized_keys file is updated/refreshed periodically based on the relationships defined in the application. If key management is enabled the refresh interval can be specified in the file.

#authorized_keys refresh interval in minutes (no refresh for <=0)

By default Bastillion will generated and distribute the SSH keys managed by administrators while having them download the generated private. This forces admins to use strong passphrases for keys that are set on systems. The private key is only available for download once and is not stored on the application side. To disable and allow administrators to set any public key edit the

#set to true to generate keys when added/managed by users and enforce strong passphrases set to false to allow users to set their own public key

Supplying a Custom SSH Key Pair

Bastillion generates its own public/private SSH key upon initial startup for use when registering systems. You can specify a custom SSH key pair in the file.

For example:

#set to true to regenerate and import SSH keys  --set to true

#SSH Key Type 'dsa' or 'rsa'

#private key  --set pvt key

#public key  --set pub key

#default passphrase  --leave blank if passphrase is empty

After startup and once the key has been registered it can then be removed from the system. The passphrase and the key paths will be removed from the configuration file.

Adjusting Database Settings

Database settings can be adjusted in the configuration properties.

#Database user
#Database password
#Database JDBC driver
#Connection URL to the DB

By default the datastore is set as embedded, but a remote H2 database can supported through adjusting the connection URL.

#Connection URL to the DB

External Authentication

External Authentication can be enabled through the

For example:

#specify a external authentication module (ex: ldap-ol, ldap-ad).  Edit the jaas.conf to set connection details

Connection details need to be set in the jaas.conf file

ldap-ol { SUFFICIENT

Administrators will be added as they are authenticated and profiles of systems may be assigned by full-privileged users.

User LDAP roles can be mapped to profiles defined in Bastillion through the use of the org.eclipse.jetty.jaas.spi.LdapLoginModule.

ldap-ol-with-roles {
    //openldap auth with roles that can map to profiles
    org.eclipse.jetty.jaas.spi.LdapLoginModule required
    bindPassword="<BIND-DN PASSWORD>"

Users will be added/removed from defined profiles as they login and when the role name matches the profile name.


Auditing is disabled by default and is only a proof of concept. Can be enabled in the

#enable audit  --set to true to enable




More Terminals

Manage Systems

Manage Users

Define SSH Keys

Disable SSH Keys


Special thanks goes to these amazing projects which makes this (and other great projects) possible.

Third-party dependencies are mentioned in the

Dual License

Bastillion is available for non-commercial use under the Affero General Public License

A commercial license is also available through a subscription

or when running an AMI from the AWS marketplace.


Loophole, LLC - Sean Kavanagh