Smart SSH, HTTPS and MySQL bastion that needs no client-side software
Find a file
dependabot[bot] 199ad02b56
Bump once_cell from 1.13.0 to 1.13.1 (#267)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-08-23 00:59:08 +02:00
.cargo import 2022-04-10 22:58:58 +02:00
.github added e2e tests 2022-08-14 12:36:49 +02:00
docker Updated Dockerfile & setup 2022-07-05 21:32:05 +02:00
docs added readme banner 2022-08-08 16:03:35 +02:00
tests Synchronize some ssh ops between client and target (#271) 2022-08-21 23:30:06 +02:00
warpgate Synchronize some ssh ops between client and target (#271) 2022-08-21 23:30:06 +02:00
warpgate-admin Bump version: 0.4.0 → 0.5.0 2022-08-14 13:02:49 +02:00
warpgate-common Bump once_cell from 1.13.0 to 1.13.1 (#267) 2022-08-23 00:59:08 +02:00
warpgate-database-protocols Bump version: 0.4.0 → 0.5.0 2022-08-14 13:02:49 +02:00
warpgate-db-entities Bump version: 0.4.0 → 0.5.0 2022-08-14 13:02:49 +02:00
warpgate-db-migrations Bump version: 0.4.0 → 0.5.0 2022-08-14 13:02:49 +02:00
warpgate-protocol-http Synchronize some ssh ops between client and target (#271) 2022-08-21 23:30:06 +02:00
warpgate-protocol-mysql Bump version: 0.4.0 → 0.5.0 2022-08-14 13:02:49 +02:00
warpgate-protocol-ssh Synchronize some ssh ops between client and target (#271) 2022-08-21 23:30:06 +02:00
warpgate-sso Bump version: 0.4.0 → 0.5.0 2022-08-14 13:02:49 +02:00
warpgate-web Bump version: 0.4.0 → 0.5.0 2022-08-14 13:02:49 +02:00
.all-contributorsrc Add @apiening as a contributor 2022-04-12 18:58:50 +02:00
.bumpversion.cfg Bump version: 0.4.0 → 0.5.0 2022-08-14 13:02:49 +02:00
.dockerignore Updated Dockerfile & setup 2022-07-05 21:32:05 +02:00
.env import 2022-04-10 22:58:58 +02:00
.flake8 added e2e tests 2022-08-14 12:36:49 +02:00
.gitignore added e2e tests 2022-08-14 12:36:49 +02:00
Cargo.lock Bump once_cell from 1.13.0 to 1.13.1 (#267) 2022-08-23 00:59:08 +02:00
Cargo.toml added e2e tests 2022-08-14 12:36:49 +02:00
clippy.toml added cranky and removed all .unwrap() usages 2022-07-23 21:31:35 +02:00
Cranky.toml deny clippy::indexing_slicing 2022-07-23 21:53:21 +02:00
Cross.toml build against older glibc - fixes #33 2022-05-18 01:13:25 -07:00
deny.toml Revert "use workspace-level dependencies" 2022-07-06 09:24:06 +02:00
justfile OIDC login support (#222) 2022-08-05 20:04:40 +02:00
LICENSE Update LICENSE 2022-04-14 11:14:56 +02:00
README.md Update README.md 2022-08-08 16:05:10 +02:00
rust-toolchain Out-of-band SSO (#245) 2022-08-08 23:30:18 +02:00
rustfmt.toml sorted imports 2022-07-15 20:27:33 +02:00
sonar-project.properties added e2e tests 2022-08-14 12:36:49 +02:00



GitHub All Releases     Twitter


Warpgate is a smart SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps.

  • Set it up in your DMZ, add user accounts and easily assign them to specific hosts and URLs within the network.
  • Warpgate will record every session for you to view (live) and replay later through a built-in admin web UI.
  • Not a jump host - forwards your connections straight to the target instead.
  • Native 2FA and SSO support (TOTP & OpenID Connect)
  • Single binary with no dependencies.
  • Written in 100% safe Rust.

Getting started & downloads

image
image image

Project Status

The project is currently in alpha stage and is gathering community feedback. See the official roadmap for the upcoming features.

In particular, we're working on:

  • Requesting admin approvals for sessions
  • Support for tunneling PostgreSQL connections,
  • and much more.

How it works

Warpgate is a service that you deploy on the bastion/DMZ host, which will accept SSH, HTTPS and MySQL connections and provide an (optional) web admin UI.

Run warpgate setup to interactively generate a config file, including port bindings. See Getting started for details.

It receives connections with specifically formatted credentials, authenticates the user locally, connects to the target itself, and then connects both parties together while (optionally) recording the session.

When connecting through HTTPS, Warpgate presents a selection of available targets, and will then proxy all traffic in a session to the selected target. You can switch between targets at any time.

You manage the target and user lists and assign them to each other through a config file (default: /etc/warpgate.yaml), and the session history is stored in an SQLite database (default: in /var/lib/warpgate).

You can use the admin web interface to view the live session list, review session recordings, logs and more.

Contributing / building from source

  • You'll need Rust, NodeJS and Yarn
  • Clone the repo
  • Just is used to run tasks - install it: cargo install just
  • Install the admin UI deps: just yarn
  • Build the frontend: just yarn build
  • Build Warpgate: cargo build (optionally --release)

The binary is in target/{debug|release}.

Tech stack

  • Rust 🦀
    • HTTP: poem-web
    • Database: SQLite via sea-orm + sqlx
    • SSH: russh
  • Typescript
    • Svelte
    • Bootstrap

Contributors

Thanks goes to these wonderful people (emoji key):


Eugeny

💻

Spencer Heywood

💻

Andreas Piening

💻

This project follows the all-contributors specification. Contributions of any kind welcome!