When comparing SSH Universal Key Manager vs SSH KeyBox, the Slant community recommends SSH Universal Key Manager for most people. In the question“What are the best managers for SSH keys?” SSH Universal Key Manager is ranked 3rd while SSH KeyBox is ranked 5th. The most important reason people chose SSH Universal Key Manager is:
Other systems like Userify use other tools like auditd or Splunk to log commands, but SSH UKM has logging built in.
Ranked in these QuestionsQuestion Ranking
Pros
Pro Can log SSH commands
Other systems like Userify use other tools like auditd or Splunk to log commands, but SSH UKM has logging built in.
Pro Detects and alerts on suspicious key activity
Pro Scans and alerts on existing keys
Can scan your existing systems and find and remove old keys.
Pro Can audit sessions
Keybox can audit sessions on a historical basis, compared to Userify which requires that you use other tools (like auditd and greylog2) to do that.
Pro Free and open source
SSH KeyBox is free and open source. The source code is hosted on GitHub and it's released under the Apache 2.0 License.
Pro Acts as a bastion host
The ssh KeyBox server is its own bastion host.
Cons
Con Doesn't work in the cloud
UKM doesn't work at all with auto-scaling groups or dynamic IP's.
Con Expensive
UKM is extremely expensive versus the capabilities provided.
Con Hard to scale
Only deals with single servers, not groups. Doesn't scale very well and very expensive to scale.
Con Poor documentation
The documentation doesnt help much with anything but the minimum needed to get it working, things like common errors have no information.
Con Time consuming and complex to install and configure
Extremely complex and requires substantial resources.
Con Keybox doesn't use real SSH, so things like remote automation and scp/sftp aren't possible
You may be able to manage those out of band, however, but they're not possible directly in the browser from your OpenSSH client.
Con Runs through the browser
KeyBox is browser-based and is accessed through a web browser. This adds some insecurity and potential attack vectors to the platform.