Access for Infrastructure: SSH

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com

SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured
  • bastion

    Trove's SSH Bastion (by notion)

    I wrote a system that did this >5 years ago (luckily was able to open source it before the startup went under[0]). The bastion would record ssh sessions in asciicast v2 format and store those for later playback directly from a control panel. The main issue that still isn't solved by a solution like this is user management on the remote (ssh server) side. In a more recent implementation, integration with LDAP made the most sense and allows for separation of user and login credentials. A single integrated solution is likely the holy grail in this space.

    [0] https://github.com/notion/bastion

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
  • openpubkey

    Reference implementation of OpenPubkey

    Underlying tech is “Openpubkey”.

    https://github.com/openpubkey/openpubkey

    BastionZero just builds on top of that to provide a “seamless” UX for ssh sessions and some auditing/fedramp certification.

    Personally, not a fan of relying on CF. Need less centralization/consolidation into a few companies. It’s bad enough with MS dominating the OS (consumer) space. AWS dominating cloud computing. And CF filling the gaps between the stack.

  • bottlerocket

    An operating system designed for hosting containers

    There's not one answer to your question, but here's mine: kubelet and AWS SSM (which, to the best of my knowledge will work on non-AWS infra it just needs to be provided creds). Bottlerocket <https://github.com/bottlerocket-os/bottlerocket#setup> comes batteries included with both of those things, and is cheaply provisioned with (ahem) TOML user-data <https://github.com/bottlerocket-os/bottlerocket#description-...>

    In that specific case, one can also have "systemd for normal people" via its support for static Pod definitions, so one can run containerized toys on boot even without being a formal member of a kubernetes cluster

  • gimlet

    Use SSM to pass traffic through VPCs (by Cyberax)

    Be careful with SSM, it can provide pretty much unlimited access: https://github.com/Cyberax/gimlet

    You can use it to tunnel arbitrary traffic inside your VPC.

  • Gravitational Teleport

    The easiest, and most secure way to access and protect all of your infrastructure.

    To save others the search: https://github.com/gravitational/teleport/pull/35259 Apache to AGPLv3

  • ssh-principal-and-ca-playground

    Dockerized setup of SSH with a Certificate Authority and Principals configured

    Using CAs and signed certificates in SSH is definitely the way.

    If anyone wants to play around with that, without the risk of locking themselves out of a server, I built a little "playground" awhile back whihc is a series of Docker containers that can SSH to each other. Give it a try at https://github.com/dmuth/ssh-principal-and-ca-playground

    (I haven't touched the project in awhile, so if there are any issues, please open an Issue and I'll gladly look at it!)

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • ECS (EC2) dockerd high CPU usage

    2 projects | /r/aws | 28 Aug 2021
  • $ ssh sshtron.zachlatta.com | Play multiplayer Tron

    1 project | news.ycombinator.com | 21 Nov 2024
  • Hardware Security Modules: Preparing for the Post-Quantum Era

    1 project | dev.to | 8 Nov 2024
  • Kubernetes Cluster Architecture

    7 projects | dev.to | 6 Oct 2024
  • Autossh – automatically restart SSH sessions and tunnels

    5 projects | news.ycombinator.com | 28 Sep 2024

Did you konow that Go is
the 4th most popular programming language
based on number of metions?