28 个仓库
Methods for authorizing SSH sessions using network-level identity.
Distinguishing note: Focuses on the authentication mechanism for SSH.
Explore 28 awesome GitHub repositories matching security & cryptography · SSH Authentication. Refine with filters or upvote what's useful.
这是一个由社区策划的开源软件目录,专为在私有服务器环境和家庭实验室中部署而设计。它作为发现主流云服务独立自托管替代方案的综合资源,使用户能够保持对数字基础设施的完全数据所有权和控制权。 该目录通过层级分类法构建,将庞大的应用程序集合组织成逻辑类别,范围从媒体管理和数据分析到私有通信和团队生产力工具。它通过协作同行评审流程脱颖而出,社区成员验证每个提交的质量和相关性,以确保目录保持准确和可靠。 该项目涵盖了广泛的能力领域,包括基础设施自动化、基于容器的服务部署和声明式配置管理。这些工具协助用户维护可复现的服务器环境,并管理私有硬件上的复杂服务依赖。 该目录作为版本控制仓库进行维护,确保所有更新和社区驱动的变更都是可追踪且透明的。
Configures custom authentication methods and execution environments for SSH sessions.
Tailscale is a zero-trust networking overlay that connects distributed devices and services into a private, encrypted mesh network. By utilizing a high-performance, user-space implementation of the WireGuard protocol, it establishes secure peer-to-peer tunnels across diverse network topologies without requiring complex firewall configuration. The platform operates on a centralized control plane that manages global network state, authentication, and policy distribution, ensuring that connectivity is governed by identity rather than traditional IP-based rules. What distinguishes Tailscale is it
Authorizes SSH connections using network node keys and access policies.
Cargo is the official build system and package manager for the Rust programming language. It provides a unified command-line interface that orchestrates the entire development lifecycle, including compiling source code, managing complex dependency graphs, running tests, and distributing packages through a centralized registry. By utilizing declarative manifest files, it ensures that builds remain reproducible and consistent across different environments. The tool distinguishes itself through its deep integration with the Rust compiler and its sophisticated approach to project management. It f
Uses system SSH agents to manage keys and verify host identities for secure communication with remote version control servers.
Hydra is a network login password cracker and authentication tester designed to identify valid usernames and passwords through automated brute-force and dictionary attacks. It serves as a multi-protocol authentication tester capable of verifying credentials across a wide range of remote network services, including SSH, SMB, FTP, and various database listeners. The project is distinguished by its ability to execute parallelized password attacks against multiple servers and protocols simultaneously. It features a modular system for implementing diverse network authentication schemes, allowing f
Authenticates into remote SSH servers using parallelized password or keyboard-interactive methods.
GitBucket is a self-hosted Git platform and version control hosting service that provides a web interface for managing repositories, issues, and pull requests. Built with a Scala-based manager, it functions as a GitHub API compatible server, allowing it to integrate with external tools that rely on that specific industry schema. The platform distinguishes itself by integrating a Maven repository host for storing and retrieving Java build artifacts alongside source code. It also features a plugin architecture that enables the addition of custom logic and new functionality to the core system.
Secures repository access and verifies user identities using SSH public key cryptography during push and pull operations.
This project is a public key infrastructure management system designed to automate the issuance, renewal, and revocation of X.509, TLS, and SSH certificates. It functions as a machine identity provider and certificate authority, enabling the establishment of private PKI to secure inter-service communication and remote access. The system distinguishes itself through hardware-bound identity attestation, which ties cryptographic keys to physical device silicon or TPMs to prevent credential exfiltration. It supports a wide array of identity verification mechanisms, including OIDC, cloud-provider
Issues certificates that identify hosts to validate authenticity and replace static host keys.
This is an open-source educational website that translates and localizes MIT's Missing Semester course, teaching practical computing skills for computer science students. The curriculum covers developer tooling, shell scripting, version control, security fundamentals, and open-source collaboration, with a focus on core computing skills including data processing pipelines, workflow automation, secure remote access, shell productivity, Vim editing, and Git version control. The project distinguishes itself by teaching command-line mastery, shell scripting, and automation to boost daily developer
Teaches SSH key pair authentication using a challenge-response protocol.
Soft Serve is a self-hosted Git server that authenticates users via SSH public keys and provides a terminal-based user interface for browsing repositories, files, and commits. It stores repository data and configuration in either SQLite or PostgreSQL, and supports role-based access control with four permission levels for managing repository visibility and write access. The server can be deployed via Docker or managed as a systemd service, and supports webhook notifications for push, collaborator, and branch or tag events to integrate with external automation workflows. It also enables server-
Authenticates users via SSH public keys for secure server access.
This repository contains the comprehensive documentation for a code editor focused on AI-assisted software development and remote development workflows. It covers the implementation of AI agents and language models used for autonomous code generation, large-scale refactoring, and task iteration. The project is distinguished by its deep integration of autonomous AI agents capable of web navigation, application logic validation, and orchestrating multi-step development processes. It provides specialized frameworks for tailoring AI behavior through custom instructions, model context protocols, a
Manages SSH session authorization including multi-factor authentication and session multiplexing.
Warpgate is an SSH bastion host that authenticates users and proxies connections to internal servers while recording all session activity. It is distributed as a single standalone binary with no runtime dependencies, stores configuration and session data in a local SQLite database by default, and supports role-based access control to determine which users can reach which targets. The bastion verifies identity through a configurable chain of authentication methods including passwords, one-time codes, single sign-on, and time-limited ticket tokens. It captures and stores SSH session activity as
Verifies identity through a configurable chain of passwords, OTP, SSO, and ticket tokens.
ProxySU is a Windows desktop application that automates the deployment and management of proxy services on a Linux VPS. It combines single-click installation of multiple proxy protocols, including V2ray, Xray, Trojan, and Shadowsocks, with automatic SSL/TLS certificate provisioning and renewal through Let's Encrypt. The tool distinguishes itself by handling the full lifecycle of proxy server setup from a Windows environment, using SSH key-based authentication for secure, passwordless remote access. It also includes network optimization capabilities, such as activating the BBR TCP congestion c
Authenticates to remote servers using RSA, DSA, ECDSA, or Ed25519 private keys in PEM or OpenSSH format.
Webmin is a web-based administration interface for Unix systems. It provides a centralized console for managing the full range of server administration tasks — users and groups, software packages, storage, network configuration, system services, and security — all through a browser. Its modular architecture allows separate modules to handle databases (MySQL, MariaDB, PostgreSQL), web servers (Apache), DNS (BIND), email (Sendmail, Dovecot), file sharing (Samba, NFS), and more, with a unified access control system that restricts what each administrator can see and do. What sets Webmin apart is
Configures SSH authentication methods including passwords, certificates, and root login settings.
The Missing Semester is a free, open-source educational curriculum designed to bridge the gap between theoretical computer science and the practical tooling every software engineer needs. Organized as a structured course, it covers Unix shell mastery, version control with Git, software debugging and profiling, system administration fundamentals, and computer security practices — the skills often left out of traditional degree programs. The project is maintained as a collaborative set of lecture notes, exercises, and guides that function as both a professional development tools course and a Uni
The Missing Semester teaches logging into remote servers by proving possession of a private key through challenge-response.
LoopBack Next 是一个用于构建 REST 和多协议 API 的 Node.js API 框架。它作为一个 OpenAPI 服务器实现,既可以从代码生成机器可读的规范,也可以从现有规范生成实现控制器和模型。 该框架的特色在于中央依赖注入容器和存储库模式的数据访问层。这种架构将应用程序逻辑与组件构建和持久化存储解耦,允许通过标准化的连接器系统实现数据源和业务逻辑隔离的可插拔系统。 该项目涵盖了广泛的功能,包括具有可插拔身份验证策略的基于角色的访问控制,以及外部 REST 和 SOAP 服务的编排。它还通过命令行界面提供用于 WebSocket 端点实时通信、JSON 模式验证和自动化项目脚手架的工具。 开发过程由一套 CLI 工具支持,用于引导应用程序、生成 API 组件和管理项目依赖项。
Registers multiple identity verification methods through a standardized interface to support various login flows.
ssh3 是一个安全外壳(SSH)实现,它使用 HTTP/3 和 QUIC 协议作为其传输层,以减少握手延迟并提高连接稳定性。它提供了一个远程终端环境,其中服务器身份使用标准的 HTTPS X.509 证书而不是传统的主机密钥进行验证。 该项目通过 OpenID Connect 和 OAuth 2.0 集成了现代身份验证,允许通过外部身份提供商进行用户身份验证。为了防止被公共扫描器发现,它包含一个服务器混淆功能,该功能需要客户端请求具有秘密 URL 路径。 该系统支持 TCP 和 UDP 流量的安全隧道,利用 QUIC 流和数据报进行端口转发。这包括通过中间网关服务器进行安全代理跳转的功能,以保持端到端加密。
Integrates OpenID Connect and OAuth 2.0 to verify user identities during secure shell sessions.
RStudio is a specialized integrated development environment for the R programming language and statistical computing. It provides a workbench for writing, debugging, and executing R code, offering both a desktop application and a server-hosted collaborative platform for managing data science projects. The platform enables the creation of interactive data applications, AI-powered dashboards, and technical reports. It facilitates the sharing of analysis results through a centralized publishing platform and supports the rendering of notebooks and markdown into multiple file formats. The environ
Integrates external identity providers like LDAP and SAML to manage user access and session authorization.
Wish is a Go library for building SSH servers, providing a middleware-based framework that handles core SSH functionality including public-key and certificate authentication, session management, and secure file transfers via SCP and SFTP. It is designed to serve as the foundation for custom SSH applications, with built-in support for hosting Git repositories over SSH and serving interactive terminal applications. What distinguishes Wish from a basic SSH server library is its composable middleware pattern, which allows developers to layer authentication, logging, and custom session handling. I
Verifying users via public keys, passwords, or signed certificates, and restricting access by session type or authorized keys.
Athens is a Go module proxy server and dependency cache that provides a persistent storage system for Go dependencies. It acts as a mirror and datastore to ensure reproducible build environments by storing immutable copies of external packages, protecting against upstream deletions or outages. The project distinguishes itself by serving as a secure gateway for private Go module hosting, utilizing authentication tokens, SSH keys, and GitHub Apps to retrieve dependencies from private version control systems. It further enables software dependency compliance through request filtering and checksu
Supports the use of SSH private keys or agents to authenticate and clone dependencies.
Sish is a reverse SSH proxy and tunneling server designed to expose local services to the internet. It functions as an SSH tunneling proxy that routes HTTP, WebSocket, and TCP traffic from a remote server to a local machine, enabling the creation of public URLs for local applications. The project distinguishes itself through a combination of an SNI proxy for routing encrypted TLS traffic without decryption and a TCP load balancer that distributes incoming requests across multiple backend targets. It also includes a dedicated service console for real-time inspection and debugging of forwarded
Secures tunnel access using passwords or keys with the ability to reload credentials without restarting.
SSH.NET is a .NET library that implements the SSH-2 protocol for encrypted remote connections and secure file transfers. It provides a complete SSH-2 protocol stack implementation with a channel multiplexing engine that manages multiple concurrent channels over a single connection, supporting simultaneous shell sessions, remote command execution, SFTP transfers, and port forwarding tunnels. The library includes a pluggable authentication pipeline supporting password, public key, certificate, keyboard-interactive, and multi-factor authentication combinations. The library distinguishes itself t
Supports password, public key, and keyboard-interactive authentication, including multi-factor combinations, over SSH.