Warpgate is an SSH bastion host that authenticates users and proxies connections to internal servers while recording all session activity. It is distributed as a single standalone binary with no runtime dependencies, stores configuration and session data in a local SQLite database by default, and supports role-based access control to determine which users can reach which targets.
The bastion verifies identity through a configurable chain of authentication methods including passwords, one-time codes, single sign-on, and time-limited ticket tokens. It captures and stores SSH session activity as replayable recordings for audit and compliance purposes, and can issue revocable, time-limited tokens that grant temporary access to specific targets without creating permanent user accounts.
Warpgate includes an interactive setup wizard for first-time deployment and supports unattended configuration for automated or scripted installations. It can integrate with external MySQL or PostgreSQL databases and run as a managed systemd service on Linux systems.
