Warpgate: Smart SSH bastion that works with any SSH client

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
Bastion bastion-host Infrastructure SSH ssh-server

SurveyJS
Our great sponsors
  • SurveyJS - Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • WorkOS - The modern identity platform for B2B SaaS
Our great sponsors

  • warpgate

    Smart SSH, HTTPS and MySQL bastion that requires no additional client-side software

  • bastion

    Trove's SSH Bastion (by notion)

    At a previous role I made something similar [0] in Golang, but used SSH certificates to manage authentication. This had the added benefit of logging the user connection information in each server’s auth.log based on the generated private key and signed (but short lived) certificate used for auth in the session.

    I had it so that a user needed to login to the service with their GSuite account every 24H, and each login required 2fa as well. SSH sessions were recorded in asciicast format (which seems to be used here as well) and there was an audit log to track connections. They could be joined in real time and disconnected from a simple admin interface. The ACL system was a pretty basic method of using regex for defining auth rules.

    Worked pretty well and helped with compliance audits we were completing at the time. I think the benefits here of being in Rust is definitely performance and memory safety. Granted, The Go implementation was pretty fast and safe as well. Go made it pretty easy to implement due to the SSH implementation in the standard library.

    [0] https://github.com/notion/bastion

  • SurveyJS

    Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.

  • sso-wall-of-shame

    A list of vendors that treat single sign-on as a luxury feature, not a core security requirement.

    I think security and therefore SSO should not be an optional feature. See https://sso.tax/

    Obviously big companies will pay for SSO because they must have SSO. At my scale I skip products that are overpricing SSO or I put them behind a oauth2-proxy when I can.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts