27 repositorios
Methods for authorizing SSH sessions using network-level identity.
Distinguishing note: Focuses on the authentication mechanism for SSH.
Explore 27 awesome GitHub repositories matching security & cryptography · SSH Authentication. Refine with filters or upvote what's useful.
Este proyecto es un directorio curado por la comunidad de software de código abierto diseñado para su implementación en entornos de servidores privados y laboratorios domésticos. Sirve como un recurso integral para descubrir alternativas independientes y autohospedadas a los servicios en la nube convencionales, permitiendo a los usuarios mantener la propiedad total de los datos y el control sobre su infraestructura digital. El directorio está estructurado a través de una taxonomía jerárquica que organiza una vasta colección de aplicaciones en categorías lógicas, que van desde la gestión de medios y análisis de datos hasta la comunicación privada y herramientas de productividad en equipo. Se distingue por un proceso de revisión por pares colaborativo, donde los miembros de la comunidad validan la calidad y relevancia de cada envío para garantizar que el directorio siga siendo preciso y confiable. El proyecto cubre una amplia superficie de capacidades, incluyendo automatización de infraestructura, implementación de servicios basados en contenedores y gestión de configuración declarativa. Estas herramientas ayudan a los usuarios a mantener entornos de servidor reproducibles y gestionar dependencias de servicios complejas en hardware privado. El directorio se mantiene como un repositorio con control de versiones, asegurando que todas las actualizaciones y cambios impulsados por la comunidad sean rastreados y transparentes.
Configures custom authentication methods and execution environments for SSH sessions.
Tailscale is a zero-trust networking overlay that connects distributed devices and services into a private, encrypted mesh network. By utilizing a high-performance, user-space implementation of the WireGuard protocol, it establishes secure peer-to-peer tunnels across diverse network topologies without requiring complex firewall configuration. The platform operates on a centralized control plane that manages global network state, authentication, and policy distribution, ensuring that connectivity is governed by identity rather than traditional IP-based rules. What distinguishes Tailscale is it
Authorizes SSH connections using network node keys and access policies.
Cargo is the official build system and package manager for the Rust programming language. It provides a unified command-line interface that orchestrates the entire development lifecycle, including compiling source code, managing complex dependency graphs, running tests, and distributing packages through a centralized registry. By utilizing declarative manifest files, it ensures that builds remain reproducible and consistent across different environments. The tool distinguishes itself through its deep integration with the Rust compiler and its sophisticated approach to project management. It f
Uses system SSH agents to manage keys and verify host identities for secure communication with remote version control servers.
Hydra is a network login password cracker and authentication tester designed to identify valid usernames and passwords through automated brute-force and dictionary attacks. It serves as a multi-protocol authentication tester capable of verifying credentials across a wide range of remote network services, including SSH, SMB, FTP, and various database listeners. The project is distinguished by its ability to execute parallelized password attacks against multiple servers and protocols simultaneously. It features a modular system for implementing diverse network authentication schemes, allowing f
Authenticates into remote SSH servers using parallelized password or keyboard-interactive methods.
GitBucket is a self-hosted Git platform and version control hosting service that provides a web interface for managing repositories, issues, and pull requests. Built with a Scala-based manager, it functions as a GitHub API compatible server, allowing it to integrate with external tools that rely on that specific industry schema. The platform distinguishes itself by integrating a Maven repository host for storing and retrieving Java build artifacts alongside source code. It also features a plugin architecture that enables the addition of custom logic and new functionality to the core system.
Secures repository access and verifies user identities using SSH public key cryptography during push and pull operations.
This project is a public key infrastructure management system designed to automate the issuance, renewal, and revocation of X.509, TLS, and SSH certificates. It functions as a machine identity provider and certificate authority, enabling the establishment of private PKI to secure inter-service communication and remote access. The system distinguishes itself through hardware-bound identity attestation, which ties cryptographic keys to physical device silicon or TPMs to prevent credential exfiltration. It supports a wide array of identity verification mechanisms, including OIDC, cloud-provider
Issues certificates that identify hosts to validate authenticity and replace static host keys.
This is an open-source educational website that translates and localizes MIT's Missing Semester course, teaching practical computing skills for computer science students. The curriculum covers developer tooling, shell scripting, version control, security fundamentals, and open-source collaboration, with a focus on core computing skills including data processing pipelines, workflow automation, secure remote access, shell productivity, Vim editing, and Git version control. The project distinguishes itself by teaching command-line mastery, shell scripting, and automation to boost daily developer
Teaches SSH key pair authentication using a challenge-response protocol.
Soft Serve is a self-hosted Git server that authenticates users via SSH public keys and provides a terminal-based user interface for browsing repositories, files, and commits. It stores repository data and configuration in either SQLite or PostgreSQL, and supports role-based access control with four permission levels for managing repository visibility and write access. The server can be deployed via Docker or managed as a systemd service, and supports webhook notifications for push, collaborator, and branch or tag events to integrate with external automation workflows. It also enables server-
Authenticates users via SSH public keys for secure server access.
This repository contains the comprehensive documentation for a code editor focused on AI-assisted software development and remote development workflows. It covers the implementation of AI agents and language models used for autonomous code generation, large-scale refactoring, and task iteration. The project is distinguished by its deep integration of autonomous AI agents capable of web navigation, application logic validation, and orchestrating multi-step development processes. It provides specialized frameworks for tailoring AI behavior through custom instructions, model context protocols, a
Manages SSH session authorization including multi-factor authentication and session multiplexing.
Warpgate is an SSH bastion host that authenticates users and proxies connections to internal servers while recording all session activity. It is distributed as a single standalone binary with no runtime dependencies, stores configuration and session data in a local SQLite database by default, and supports role-based access control to determine which users can reach which targets. The bastion verifies identity through a configurable chain of authentication methods including passwords, one-time codes, single sign-on, and time-limited ticket tokens. It captures and stores SSH session activity as
Verifies identity through a configurable chain of passwords, OTP, SSO, and ticket tokens.
ProxySU is a Windows desktop application that automates the deployment and management of proxy services on a Linux VPS. It combines single-click installation of multiple proxy protocols, including V2ray, Xray, Trojan, and Shadowsocks, with automatic SSL/TLS certificate provisioning and renewal through Let's Encrypt. The tool distinguishes itself by handling the full lifecycle of proxy server setup from a Windows environment, using SSH key-based authentication for secure, passwordless remote access. It also includes network optimization capabilities, such as activating the BBR TCP congestion c
Authenticates to remote servers using RSA, DSA, ECDSA, or Ed25519 private keys in PEM or OpenSSH format.
Webmin is a web-based administration interface for Unix systems. It provides a centralized console for managing the full range of server administration tasks — users and groups, software packages, storage, network configuration, system services, and security — all through a browser. Its modular architecture allows separate modules to handle databases (MySQL, MariaDB, PostgreSQL), web servers (Apache), DNS (BIND), email (Sendmail, Dovecot), file sharing (Samba, NFS), and more, with a unified access control system that restricts what each administrator can see and do. What sets Webmin apart is
Configures SSH authentication methods including passwords, certificates, and root login settings.
The Missing Semester is a free, open-source educational curriculum designed to bridge the gap between theoretical computer science and the practical tooling every software engineer needs. Organized as a structured course, it covers Unix shell mastery, version control with Git, software debugging and profiling, system administration fundamentals, and computer security practices — the skills often left out of traditional degree programs. The project is maintained as a collaborative set of lecture notes, exercises, and guides that function as both a professional development tools course and a Uni
The Missing Semester teaches logging into remote servers by proving possession of a private key through challenge-response.
LoopBack Next es un framework de API de Node.js utilizado para construir APIs REST y multiprotocolo. Funciona como una implementación de servidor OpenAPI que puede generar especificaciones legibles por máquina a partir del código o producir controladores e implementaciones de modelos a partir de especificaciones existentes. El framework se distingue por un contenedor central de inyección de dependencias y una capa de acceso a datos basada en el patrón repositorio. Esta arquitectura desacopla la lógica de la aplicación de la construcción de componentes y el almacenamiento persistente, permitiendo un sistema conectable donde las fuentes de datos y la lógica de negocio están aisladas a través de un sistema de conectores estandarizado. El proyecto cubre una amplia gama de capacidades, incluyendo control de acceso basado en roles con estrategias de autenticación conectables y la orquestación de servicios REST y SOAP externos. También proporciona herramientas para comunicación en tiempo real mediante endpoints WebSocket, validación de esquemas JSON y andamiaje (scaffolding) automatizado de proyectos a través de una interfaz de línea de comandos. El desarrollo está respaldado por un conjunto de herramientas CLI para arrancar aplicaciones, generar componentes de API y gestionar dependencias del proyecto.
Registers multiple identity verification methods through a standardized interface to support various login flows.
ssh3 es una implementación de shell seguro que utiliza HTTP/3 y el protocolo QUIC como su capa de transporte para reducir la latencia del handshake y mejorar la estabilidad de la conexión. Proporciona un entorno de terminal remoto donde las identidades del servidor se verifican utilizando certificados HTTPS X.509 estándar en lugar de claves de host tradicionales. El proyecto integra la verificación de identidad moderna a través de OpenID Connect y OAuth 2.0, permitiendo la autenticación del usuario a través de proveedores de identidad externos. Para evitar el descubrimiento por parte de escáneres públicos, incluye una función de ofuscación del servidor que requiere una ruta de URL secreta para las solicitudes del cliente. El sistema admite túneles seguros tanto para tráfico TCP como UDP, utilizando flujos y datagramas QUIC para el reenvío de puertos. Esto incluye capacidades para el salto de proxy seguro a través de servidores de puerta de enlace intermedios para mantener el cifrado de extremo a extremo.
Integrates OpenID Connect and OAuth 2.0 to verify user identities during secure shell sessions.
RStudio is a specialized integrated development environment for the R programming language and statistical computing. It provides a workbench for writing, debugging, and executing R code, offering both a desktop application and a server-hosted collaborative platform for managing data science projects. The platform enables the creation of interactive data applications, AI-powered dashboards, and technical reports. It facilitates the sharing of analysis results through a centralized publishing platform and supports the rendering of notebooks and markdown into multiple file formats. The environ
Integrates external identity providers like LDAP and SAML to manage user access and session authorization.
Wish is a Go library for building SSH servers, providing a middleware-based framework that handles core SSH functionality including public-key and certificate authentication, session management, and secure file transfers via SCP and SFTP. It is designed to serve as the foundation for custom SSH applications, with built-in support for hosting Git repositories over SSH and serving interactive terminal applications. What distinguishes Wish from a basic SSH server library is its composable middleware pattern, which allows developers to layer authentication, logging, and custom session handling. I
Verifying users via public keys, passwords, or signed certificates, and restricting access by session type or authorized keys.
Athens es un servidor proxy de módulos de Go y caché de dependencias que proporciona un sistema de almacenamiento persistente para dependencias de Go. Actúa como un espejo y almacén de datos para garantizar entornos de construcción reproducibles almacenando copias inmutables de paquetes externos, protegiendo contra eliminaciones o interrupciones en el origen. El proyecto destaca por servir como una puerta de enlace segura para el alojamiento de módulos de Go privados, utilizando tokens de autenticación, claves SSH y GitHub Apps para recuperar dependencias de sistemas de control de versiones privados. Además, permite el cumplimiento de las dependencias de software mediante el filtrado de solicitudes y el proxy de sumas de comprobación, lo que evita que los metadatos de los módulos privados se filtren a servidores públicos. El servidor admite una amplia gama de backends de almacenamiento, incluyendo disco local, bases de datos NoSQL y almacenes de objetos en la nube compatibles con S3. Incluye capacidades para el almacenamiento en caché de dependencias distribuido con bloqueo compartido para evitar descargas redundantes a través de múltiples instancias y proporciona herramientas para el prellenado de almacenamiento en entornos aislados (air-gapped). El servidor puede desplegarse a través de contenedores Docker, gráficos Helm de Kubernetes o varias plataformas en la nube gestionadas.
Supports the use of SSH private keys or agents to authenticate and clone dependencies.
Sish es un proxy SSH inverso y servidor de túneles diseñado para exponer servicios locales a internet. Funciona como un proxy de túnel SSH que enruta tráfico HTTP, WebSocket y TCP desde un servidor remoto a una máquina local, permitiendo la creación de URLs públicas para aplicaciones locales. El proyecto se distingue por una combinación de un proxy SNI para enrutar tráfico TLS cifrado sin descifrado y un balanceador de carga TCP que distribuye las solicitudes entrantes entre múltiples destinos backend. También incluye una consola de servicio dedicada para la inspección y depuración en tiempo real de las solicitudes reenviadas. El sistema proporciona un control de acceso y gestión de seguridad integrales, incluyendo autenticación por clave pública y contraseña, filtrado de direcciones IP y alias TCP privados para evitar la exposición pública de servicios específicos. Las capacidades adicionales incluyen enrutamiento de hosts virtuales, mapeo de nombres de dominio y aprovisionamiento automatizado de certificados SSL wildcard mediante proveedores DNS. La configuración y gestión de túneles públicos y privados se maneja a través de una interfaz de línea de comandos.
Secures tunnel access using passwords or keys with the ability to reload credentials without restarting.
SSH.NET is a .NET library that implements the SSH-2 protocol for encrypted remote connections and secure file transfers. It provides a complete SSH-2 protocol stack implementation with a channel multiplexing engine that manages multiple concurrent channels over a single connection, supporting simultaneous shell sessions, remote command execution, SFTP transfers, and port forwarding tunnels. The library includes a pluggable authentication pipeline supporting password, public key, certificate, keyboard-interactive, and multi-factor authentication combinations. The library distinguishes itself t
Supports password, public key, and keyboard-interactive authentication, including multi-factor combinations, over SSH.