7 Repos
SSH access management using centralized identity providers instead of static keys.
Distinguishing note: Focuses on identity-driven SSH rather than generic key management.
Explore 7 awesome GitHub repositories matching security & cryptography · Identity-Based SSH Access. Refine with filters or upvote what's useful.
Dieses Projekt ist ein von der Community kuratiertes Verzeichnis von Open-Source-Software, die für den Einsatz in privaten Serverumgebungen und Home-Labs konzipiert ist. Es dient als umfassende Ressource zur Entdeckung unabhängiger, selbst gehosteter Alternativen zu gängigen Cloud-Diensten und ermöglicht es Nutzern, die volle Datenhoheit und Kontrolle über ihre digitale Infrastruktur zu behalten. Das Verzeichnis ist durch eine hierarchische Taxonomie strukturiert, die eine riesige Sammlung von Anwendungen in logische Kategorien organisiert, von Medienmanagement und Datenanalyse bis hin zu privater Kommunikation und Tools für die Teamproduktivität. Es zeichnet sich durch einen kollaborativen Peer-Review-Prozess aus, bei dem Community-Mitglieder die Qualität und Relevanz jeder Einreichung validieren, um sicherzustellen, dass das Verzeichnis korrekt und zuverlässig bleibt. Das Projekt deckt ein breites Spektrum an Fähigkeiten ab, einschließlich Infrastruktur-Automatisierung, containerbasierter Service-Bereitstellung und deklarativem Konfigurationsmanagement. Diese Tools unterstützen Nutzer bei der Aufrechterhaltung reproduzierbarer Serverumgebungen und der Verwaltung komplexer Service-Abhängigkeiten auf privater Hardware. Das Verzeichnis wird als versionskontrolliertes Repository gepflegt, wodurch sichergestellt wird, dass alle Updates und Community-gesteuerten Änderungen nachverfolgt und transparent sind.
Manages remote server access through bastion hosts that provide session recording and identity verification.
Tailscale is a zero-trust networking overlay that connects distributed devices and services into a private, encrypted mesh network. By utilizing a high-performance, user-space implementation of the WireGuard protocol, it establishes secure peer-to-peer tunnels across diverse network topologies without requiring complex firewall configuration. The platform operates on a centralized control plane that manages global network state, authentication, and policy distribution, ensuring that connectivity is governed by identity rather than traditional IP-based rules. What distinguishes Tailscale is it
Manages secure shell connections using existing identity providers to eliminate manual key distribution.
NetBird is a zero-trust networking platform that builds secure, encrypted peer-to-peer overlay networks using the WireGuard protocol. It functions as a software-defined perimeter, connecting distributed infrastructure across cloud environments and physical locations while hiding network resources from the public internet. By integrating with external identity providers, the platform enforces granular access control and identity-based segmentation for every user and device. The platform distinguishes itself through extensive automation and programmatic management capabilities. It provides a ce
Maps remote SSH sessions to specific user identities via OIDC or network policies to control access to operating system accounts.
This project is a public key infrastructure management system designed to automate the issuance, renewal, and revocation of X.509, TLS, and SSH certificates. It functions as a machine identity provider and certificate authority, enabling the establishment of private PKI to secure inter-service communication and remote access. The system distinguishes itself through hardware-bound identity attestation, which ties cryptographic keys to physical device silicon or TPMs to prevent credential exfiltration. It supports a wide array of identity verification mechanisms, including OIDC, cloud-provider
Replaces static SSH keys with short-lived certificates tied to identity providers for secure remote shell access.
Warpgate is an SSH bastion host that authenticates users and proxies connections to internal servers while recording all session activity. It is distributed as a single standalone binary with no runtime dependencies, stores configuration and session data in a local SQLite database by default, and supports role-based access control to determine which users can reach which targets. The bastion verifies identity through a configurable chain of authentication methods including passwords, one-time codes, single sign-on, and time-limited ticket tokens. It captures and stores SSH session activity as
Issues revocable, time-limited tokens for temporary SSH access to specific targets.
Pomerium is an identity-aware reverse proxy designed to provide zero-trust access control for internal infrastructure. It functions as a centralized gateway that verifies user identity, device context, and group membership for every request before granting access to protected applications, services, or API servers. By integrating directly with external identity providers, it replaces traditional VPNs with granular, policy-based access enforcement. The platform distinguishes itself by extending zero-trust principles beyond standard web traffic to include non-HTTP protocols, such as TCP and UDP
Secures remote server access by authenticating users via identity providers and replacing static SSH keys with ephemeral certificates.
Octelium is a zero-trust network access platform and identity-aware proxy designed to secure private HTTP, SSH, and SQL resources. It functions as a secure gateway that validates human and workload identities using OIDC, SAML, and FIDO2 passkeys before granting access to internal applications and SaaS APIs. The system is distinguished by its secretless access broker, which injects credentials—such as API keys, passwords, and AWS Sigv4 signatures—at the gateway level so users can access databases and cloud resources without managing secrets. It further specializes in AI gateway administration,
Provides secure SSH access to the host machine using centralized identity providers.