27 Repos
Methods for authorizing SSH sessions using network-level identity.
Distinguishing note: Focuses on the authentication mechanism for SSH.
Explore 27 awesome GitHub repositories matching security & cryptography · SSH Authentication. Refine with filters or upvote what's useful.
Dieses Projekt ist ein von der Community kuratiertes Verzeichnis von Open-Source-Software, die für den Einsatz in privaten Serverumgebungen und Home-Labs konzipiert ist. Es dient als umfassende Ressource zur Entdeckung unabhängiger, selbst gehosteter Alternativen zu gängigen Cloud-Diensten und ermöglicht es Nutzern, die volle Datenhoheit und Kontrolle über ihre digitale Infrastruktur zu behalten. Das Verzeichnis ist durch eine hierarchische Taxonomie strukturiert, die eine riesige Sammlung von Anwendungen in logische Kategorien organisiert, von Medienmanagement und Datenanalyse bis hin zu privater Kommunikation und Tools für die Teamproduktivität. Es zeichnet sich durch einen kollaborativen Peer-Review-Prozess aus, bei dem Community-Mitglieder die Qualität und Relevanz jeder Einreichung validieren, um sicherzustellen, dass das Verzeichnis korrekt und zuverlässig bleibt. Das Projekt deckt ein breites Spektrum an Fähigkeiten ab, einschließlich Infrastruktur-Automatisierung, containerbasierter Service-Bereitstellung und deklarativem Konfigurationsmanagement. Diese Tools unterstützen Nutzer bei der Aufrechterhaltung reproduzierbarer Serverumgebungen und der Verwaltung komplexer Service-Abhängigkeiten auf privater Hardware. Das Verzeichnis wird als versionskontrolliertes Repository gepflegt, wodurch sichergestellt wird, dass alle Updates und Community-gesteuerten Änderungen nachverfolgt und transparent sind.
Configures custom authentication methods and execution environments for SSH sessions.
Tailscale is a zero-trust networking overlay that connects distributed devices and services into a private, encrypted mesh network. By utilizing a high-performance, user-space implementation of the WireGuard protocol, it establishes secure peer-to-peer tunnels across diverse network topologies without requiring complex firewall configuration. The platform operates on a centralized control plane that manages global network state, authentication, and policy distribution, ensuring that connectivity is governed by identity rather than traditional IP-based rules. What distinguishes Tailscale is it
Authorizes SSH connections using network node keys and access policies.
Cargo is the official build system and package manager for the Rust programming language. It provides a unified command-line interface that orchestrates the entire development lifecycle, including compiling source code, managing complex dependency graphs, running tests, and distributing packages through a centralized registry. By utilizing declarative manifest files, it ensures that builds remain reproducible and consistent across different environments. The tool distinguishes itself through its deep integration with the Rust compiler and its sophisticated approach to project management. It f
Uses system SSH agents to manage keys and verify host identities for secure communication with remote version control servers.
Hydra is a network login password cracker and authentication tester designed to identify valid usernames and passwords through automated brute-force and dictionary attacks. It serves as a multi-protocol authentication tester capable of verifying credentials across a wide range of remote network services, including SSH, SMB, FTP, and various database listeners. The project is distinguished by its ability to execute parallelized password attacks against multiple servers and protocols simultaneously. It features a modular system for implementing diverse network authentication schemes, allowing f
Authenticates into remote SSH servers using parallelized password or keyboard-interactive methods.
GitBucket is a self-hosted Git platform and version control hosting service that provides a web interface for managing repositories, issues, and pull requests. Built with a Scala-based manager, it functions as a GitHub API compatible server, allowing it to integrate with external tools that rely on that specific industry schema. The platform distinguishes itself by integrating a Maven repository host for storing and retrieving Java build artifacts alongside source code. It also features a plugin architecture that enables the addition of custom logic and new functionality to the core system.
Secures repository access and verifies user identities using SSH public key cryptography during push and pull operations.
This project is a public key infrastructure management system designed to automate the issuance, renewal, and revocation of X.509, TLS, and SSH certificates. It functions as a machine identity provider and certificate authority, enabling the establishment of private PKI to secure inter-service communication and remote access. The system distinguishes itself through hardware-bound identity attestation, which ties cryptographic keys to physical device silicon or TPMs to prevent credential exfiltration. It supports a wide array of identity verification mechanisms, including OIDC, cloud-provider
Issues certificates that identify hosts to validate authenticity and replace static host keys.
This is an open-source educational website that translates and localizes MIT's Missing Semester course, teaching practical computing skills for computer science students. The curriculum covers developer tooling, shell scripting, version control, security fundamentals, and open-source collaboration, with a focus on core computing skills including data processing pipelines, workflow automation, secure remote access, shell productivity, Vim editing, and Git version control. The project distinguishes itself by teaching command-line mastery, shell scripting, and automation to boost daily developer
Teaches SSH key pair authentication using a challenge-response protocol.
Soft Serve is a self-hosted Git server that authenticates users via SSH public keys and provides a terminal-based user interface for browsing repositories, files, and commits. It stores repository data and configuration in either SQLite or PostgreSQL, and supports role-based access control with four permission levels for managing repository visibility and write access. The server can be deployed via Docker or managed as a systemd service, and supports webhook notifications for push, collaborator, and branch or tag events to integrate with external automation workflows. It also enables server-
Authenticates users via SSH public keys for secure server access.
This repository contains the comprehensive documentation for a code editor focused on AI-assisted software development and remote development workflows. It covers the implementation of AI agents and language models used for autonomous code generation, large-scale refactoring, and task iteration. The project is distinguished by its deep integration of autonomous AI agents capable of web navigation, application logic validation, and orchestrating multi-step development processes. It provides specialized frameworks for tailoring AI behavior through custom instructions, model context protocols, a
Manages SSH session authorization including multi-factor authentication and session multiplexing.
Warpgate is an SSH bastion host that authenticates users and proxies connections to internal servers while recording all session activity. It is distributed as a single standalone binary with no runtime dependencies, stores configuration and session data in a local SQLite database by default, and supports role-based access control to determine which users can reach which targets. The bastion verifies identity through a configurable chain of authentication methods including passwords, one-time codes, single sign-on, and time-limited ticket tokens. It captures and stores SSH session activity as
Verifies identity through a configurable chain of passwords, OTP, SSO, and ticket tokens.
ProxySU is a Windows desktop application that automates the deployment and management of proxy services on a Linux VPS. It combines single-click installation of multiple proxy protocols, including V2ray, Xray, Trojan, and Shadowsocks, with automatic SSL/TLS certificate provisioning and renewal through Let's Encrypt. The tool distinguishes itself by handling the full lifecycle of proxy server setup from a Windows environment, using SSH key-based authentication for secure, passwordless remote access. It also includes network optimization capabilities, such as activating the BBR TCP congestion c
Authenticates to remote servers using RSA, DSA, ECDSA, or Ed25519 private keys in PEM or OpenSSH format.
Webmin is a web-based administration interface for Unix systems. It provides a centralized console for managing the full range of server administration tasks — users and groups, software packages, storage, network configuration, system services, and security — all through a browser. Its modular architecture allows separate modules to handle databases (MySQL, MariaDB, PostgreSQL), web servers (Apache), DNS (BIND), email (Sendmail, Dovecot), file sharing (Samba, NFS), and more, with a unified access control system that restricts what each administrator can see and do. What sets Webmin apart is
Configures SSH authentication methods including passwords, certificates, and root login settings.
The Missing Semester is a free, open-source educational curriculum designed to bridge the gap between theoretical computer science and the practical tooling every software engineer needs. Organized as a structured course, it covers Unix shell mastery, version control with Git, software debugging and profiling, system administration fundamentals, and computer security practices — the skills often left out of traditional degree programs. The project is maintained as a collaborative set of lecture notes, exercises, and guides that function as both a professional development tools course and a Uni
The Missing Semester teaches logging into remote servers by proving possession of a private key through challenge-response.
LoopBack Next is a Node.js API framework used for building REST and multi-protocol APIs. It functions as an OpenAPI server implementation that can either generate machine-readable specifications from code or produce implementation controllers and models from existing specifications. The framework distinguishes itself through a central dependency injection container and a repository-pattern data access layer. This architecture decouples application logic from component construction and persistent storage, allowing for a pluggable system where data sources and business logic are isolated throug
Registers multiple identity verification methods through a standardized interface to support various login flows.
ssh3 ist eine Secure-Shell-Implementierung, die HTTP/3 und das QUIC-Protokoll als Transportschicht verwendet, um die Handshake-Latenz zu reduzieren und die Verbindungsstabilität zu verbessern. Sie bietet eine Remote-Terminal-Umgebung, in der Serveridentitäten unter Verwendung von Standard-HTTPS-X.509-Zertifikaten anstelle traditioneller Host-Keys verifiziert werden. Das Projekt integriert moderne Identitätsverifizierung durch OpenID Connect und OAuth 2.0, was die Benutzerauthentifizierung über externe Identitätsanbieter ermöglicht. Um die Entdeckung durch öffentliche Scanner zu verhindern, enthält es eine Server-Obfuskationsfunktion, die einen geheimen URL-Pfad für Client-Anfragen erfordert. Das System unterstützt sicheres Tunneling für TCP- und UDP-Verkehr unter Verwendung von QUIC-Streams und Datagrammen für Port-Forwarding. Dies umfasst Funktionen für sicheres Proxy-Jumping über zwischengeschaltete Gateway-Server, um eine End-to-End-Verschlüsselung aufrechtzuerhalten.
Integrates OpenID Connect and OAuth 2.0 to verify user identities during secure shell sessions.
RStudio is a specialized integrated development environment for the R programming language and statistical computing. It provides a workbench for writing, debugging, and executing R code, offering both a desktop application and a server-hosted collaborative platform for managing data science projects. The platform enables the creation of interactive data applications, AI-powered dashboards, and technical reports. It facilitates the sharing of analysis results through a centralized publishing platform and supports the rendering of notebooks and markdown into multiple file formats. The environ
Integrates external identity providers like LDAP and SAML to manage user access and session authorization.
Wish is a Go library for building SSH servers, providing a middleware-based framework that handles core SSH functionality including public-key and certificate authentication, session management, and secure file transfers via SCP and SFTP. It is designed to serve as the foundation for custom SSH applications, with built-in support for hosting Git repositories over SSH and serving interactive terminal applications. What distinguishes Wish from a basic SSH server library is its composable middleware pattern, which allows developers to layer authentication, logging, and custom session handling. I
Verifying users via public keys, passwords, or signed certificates, and restricting access by session type or authorized keys.
Athens is a Go module proxy server and dependency cache that provides a persistent storage system for Go dependencies. It acts as a mirror and datastore to ensure reproducible build environments by storing immutable copies of external packages, protecting against upstream deletions or outages. The project distinguishes itself by serving as a secure gateway for private Go module hosting, utilizing authentication tokens, SSH keys, and GitHub Apps to retrieve dependencies from private version control systems. It further enables software dependency compliance through request filtering and checksu
Supports the use of SSH private keys or agents to authenticate and clone dependencies.
Sish ist ein Reverse-SSH-Proxy und Tunneling-Server, der entwickelt wurde, um lokale Dienste für das Internet freizugeben. Er fungiert als SSH-Tunneling-Proxy, der HTTP-, WebSocket- und TCP-Traffic von einem Remote-Server an eine lokale Maschine weiterleitet und so die Erstellung öffentlicher URLs für lokale Anwendungen ermöglicht. Das Projekt zeichnet sich durch eine Kombination aus einem SNI-Proxy für das Routing verschlüsselten TLS-Traffics ohne Entschlüsselung und einem TCP-Load-Balancer aus, der eingehende Anfragen auf mehrere Backend-Ziele verteilt. Es enthält zudem eine dedizierte Service-Konsole für die Echtzeit-Inspektion und das Debugging weitergeleiteter Anfragen. Das System bietet umfassende Zugriffskontrolle und Sicherheitsmanagement, einschließlich Public-Key- und Passwort-Authentifizierung, IP-Adressfilterung und privatem TCP-Aliasing, um die öffentliche Exposition spezifischer Dienste zu verhindern. Zusätzliche Funktionen umfassen Virtual-Host-Routing, Domain-Name-Mapping und die automatisierte Bereitstellung von Wildcard-SSL-Zertifikaten über DNS-Anbieter. Die Konfiguration und Verwaltung öffentlicher und privater Tunnel erfolgt über ein Command-Line-Interface.
Secures tunnel access using passwords or keys with the ability to reload credentials without restarting.
SSH.NET is a .NET library that implements the SSH-2 protocol for encrypted remote connections and secure file transfers. It provides a complete SSH-2 protocol stack implementation with a channel multiplexing engine that manages multiple concurrent channels over a single connection, supporting simultaneous shell sessions, remote command execution, SFTP transfers, and port forwarding tunnels. The library includes a pluggable authentication pipeline supporting password, public key, certificate, keyboard-interactive, and multi-factor authentication combinations. The library distinguishes itself t
Supports password, public key, and keyboard-interactive authentication, including multi-factor combinations, over SSH.