# warp-tech/warpgate **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/warp-tech-warpgate).** 6,578 stars · 236 forks · Rust · apache-2.0 ## Links - GitHub: https://github.com/warp-tech/warpgate - Homepage: https://warpgate.null.page - awesome-repositories: https://awesome-repositories.com/repository/warp-tech-warpgate.md ## Topics `bastion` `bastion-host` `https` `https-proxy` `infrastructure` `mysql` `mysql-proxy` `pam` `postgresql-proxy` `privileged-access-management` `proxy` `rust` `ssh` `ssh-server` ## Description Warpgate is an SSH bastion host that authenticates users and proxies connections to internal servers while recording all session activity. It is distributed as a single standalone binary with no runtime dependencies, stores configuration and session data in a local SQLite database by default, and supports role-based access control to determine which users can reach which targets. The bastion verifies identity through a configurable chain of authentication methods including passwords, one-time codes, single sign-on, and time-limited ticket tokens. It captures and stores SSH session activity as replayable recordings for audit and compliance purposes, and can issue revocable, time-limited tokens that grant temporary access to specific targets without creating permanent user accounts. Warpgate includes an interactive setup wizard for first-time deployment and supports unattended configuration for automated or scripted installations. It can integrate with external MySQL or PostgreSQL databases and run as a managed systemd service on Linux systems. ## Tags ### Part of an Awesome List - [SSH Gateway Proxies](https://awesome-repositories.com/f/awesome-lists/devops/reverse-proxies/ssh-gateway-proxies.md) — Proxies incoming SSH connections through a central bastion that mediates access to internal targets. ### Security & Cryptography - [Bastion Servers](https://awesome-repositories.com/f/security-cryptography/secure-ssh-access/bastion-servers.md) — Provides a secure bastion host for managing SSH access to internal servers with session recording. - [Multi-Method API Authentication](https://awesome-repositories.com/f/security-cryptography/multi-method-api-authentication.md) — Verifies identity using passwords, one-time codes, tickets, or single sign-on before granting access to any target. ([source](https://warpgate.null.page/docs)) - [Authentication Chains](https://awesome-repositories.com/f/security-cryptography/pluggable-authentication-handlers/authentication-chains.md) — Verifies identity through a configurable chain of providers including passwords, OTP, SSO, and ticket tokens before granting access. - [Role-Based Access Control](https://awesome-repositories.com/f/security-cryptography/role-based-access-control.md) — Assigns users to roles that control which internal targets and actions they are permitted to use. ([source](https://warpgate.null.page/docs)) - [SSH](https://awesome-repositories.com/f/security-cryptography/secure-ssh-access/protocol-proxies/ssh.md) — Proxies raw SSH connections at the protocol layer, forwarding encrypted traffic without decrypting or modifying the session payload. - [Pluggable Authentication Methods](https://awesome-repositories.com/f/security-cryptography/ssh-authentication/pluggable-authentication-methods.md) — Verifies identity through a configurable chain of passwords, OTP, SSO, and ticket tokens. - [Target Configurations](https://awesome-repositories.com/f/security-cryptography/ssh-connection-managers/target-configurations.md) — Configures internal SSH servers as reachable destinations so users connect through the bastion without client-side software. ([source](https://warpgate.null.page/docs)) - [Ephemeral Access Tokens](https://awesome-repositories.com/f/security-cryptography/authentication-providers/security-providers/ticket-based-authentication/ephemeral-access-tokens.md) — Issues revocable, time-limited tokens that grant temporary SSH access to specific targets without creating permanent user accounts. - [Ephemeral Access Tokens](https://awesome-repositories.com/f/security-cryptography/identity-based-ssh-access/ephemeral-access-tokens.md) — Issues revocable, time-limited tokens for temporary SSH access to specific targets. - [Just-in-Time Access](https://awesome-repositories.com/f/security-cryptography/just-in-time-access.md) — Issues revocable, time-limited tokens that grant temporary SSH access to specific targets without creating permanent user accounts. ([source](https://warpgate.null.page/docs)) - [Single Sign-On Integrations](https://awesome-repositories.com/f/security-cryptography/single-sign-on-integrations.md) — Delegates SSH bastion authentication to an external identity provider so users log in with existing corporate credentials. ([source](https://warpgate.null.page/docs)) - [SSH Gateway Integrations](https://awesome-repositories.com/f/security-cryptography/single-sign-on-providers/ssh-gateway-integrations.md) — Delegates authentication to external identity providers for corporate credential login. - [Two-Factor Authentication](https://awesome-repositories.com/f/security-cryptography/two-factor-authentication.md) — Requires a one-time password alongside the primary credential before letting users access protected services. ([source](https://warpgate.null.page/docs)) ### Development Tools & Productivity - [SSH](https://awesome-repositories.com/f/development-tools-productivity/macro-recorders/session-recorders/ssh.md) — Captures and stores all SSH session activity for replay and compliance auditing. - [Single-Binary Distributions](https://awesome-repositories.com/f/development-tools-productivity/single-binary-distributions.md) — Distributed as a single pre-built executable binary with no runtime dependencies for simplified deployment. ### Software Engineering & Architecture - [Authentication Backends](https://awesome-repositories.com/f/software-engineering-architecture/pluggable-backends/authentication-backends.md) — Delegates authentication to configurable providers including passwords, OTP, SSO, and ticket tokens. ### Data & Databases - [SQLite Storage Adapters](https://awesome-repositories.com/f/data-databases/sqlite-drivers/sqlite-storage-adapters.md) — Stores configuration and session data in a local SQLite database by default with optional external database support. - [Default Storage Backends](https://awesome-repositories.com/f/data-databases/sqlite-drivers/sqlite-storage-adapters/default-storage-backends.md) — Stores configuration and session data in a local SQLite database by default. - [SQLite or PostgreSQL Storage](https://awesome-repositories.com/f/data-databases/sqlite-drivers/sqlite-storage-adapters/sqlite-or-postgresql-storage.md) — Stores configuration and session data in a local SQLite database by default, with optional migration to external MySQL or PostgreSQL.