sshpiper VS authelia

https://github.com/tg123/sshpiper never used it myself but looks like it might do what you want.

I've been very impressed with sish. I used it in combination with sshpiper to multiplex ssh connections which means I can host sish and other services that use ssh like gitlab from the same ip with the same port.

You sandbox sessions. A lot. I would probably suggest containers as a starting point. You may be able to use something like sshpiper (https://github.com/tg123/sshpiper) to direct user sessions into containers... though it may require some hacking so that when a new user connects, they are given a new container. When they log off, you can destroy the container.

You might be able to use SSH-piper and use a single gateway to access all VM's.

LINK

It's me and two others though I'm definitely the most active. We put a lot of effort into security best practices and one of my co-developers is currently reviewing the 4.38.0 release. It's a fairly major release with a lot of important code paths that have been improved for the future.

Our official docs can be found at https://www.authelia.com and you can find docs for a particular PR in the relevant PR. We've also linked the pre-release docs in the pre-release discussions which can be found here: https://github.com/authelia/authelia/discussions/categories/...

I use NGINX proxy with Authelia in between. Authelia blocks and blacklists faulty logins.

https://github.com/saltstack/salt https://github.com/chocolatey/choco https://github.com/nextcloud https://github.com/authelia/authelia https://github.com/grafana/grafana

If you are using HAProxy on PfSense/OPNSense, see my issue https://github.com/authelia/authelia/issues/2696

https://github.com/lldap/lldap is a very simple and lightweight LDAP solution. Works flawless with https://www.authelia.com/

Ah yeah, so I guess it's been a while since I tried and I forgot where I got stuck last time. Authelia's config.yml is absolutely massive and I'm not sure which section of their guide I should be following. In The Docker Compose section, there's "Unbundled", "Lite", and "Local". I think I want to be running the "lite" bundle, but their example compose file has a ton of Traefik stuff in it. I know I wouldn't keep the Traefik services, but do I need either secure or public?

Authelia supports SSO. If you are behind a reverse proxy it’s quite straightforward to integrate.

This should probably also be mentioned in the documentation so maybe consider mentioning this on their discussion page.