Smart SSH, HTTPS and MySQL bastion that needs no client-side software
Find a file
2025-02-13 16:01:22 +01:00
.cargo Validate a TOTP code before saving it (#1055) 2024-09-11 09:30:02 +02:00
.github bump vulnerable deps (#1241) 2025-02-09 00:08:59 +01:00
.well-known Create funding-manifest-urls 2024-10-17 11:21:22 +02:00
docker bumped rust in docker image 2024-07-16 12:44:23 +02:00
docs added readme banner 2022-08-08 16:03:35 +02:00
tests fixed #952 - auto create sso users (#1245) 2025-02-10 01:12:50 +01:00
warpgate bump vulnerable deps (#1241) 2025-02-09 00:08:59 +01:00
warpgate-admin bump vulnerable deps (#1241) 2025-02-09 00:08:59 +01:00
warpgate-common bump vulnerable deps (#1241) 2025-02-09 00:08:59 +01:00
warpgate-core fixed #952 - auto create sso users (#1245) 2025-02-10 01:12:50 +01:00
warpgate-database-protocols Bump version: 0.12.0 → 0.13.0-beta.1 2025-02-02 21:22:55 +01:00
warpgate-db-entities bump vulnerable deps (#1241) 2025-02-09 00:08:59 +01:00
warpgate-db-migrations bump vulnerable deps (#1241) 2025-02-09 00:08:59 +01:00
warpgate-protocol-http fixed #952 - auto create sso users (#1245) 2025-02-10 01:12:50 +01:00
warpgate-protocol-mysql bump vulnerable deps (#1241) 2025-02-09 00:08:59 +01:00
warpgate-protocol-postgres bump vulnerable deps (#1241) 2025-02-09 00:08:59 +01:00
warpgate-protocol-ssh fmt 2025-02-13 15:58:20 +01:00
warpgate-sso fixed #952 - auto create sso users (#1245) 2025-02-10 01:12:50 +01:00
warpgate-web fixed #952 - auto create sso users (#1245) 2025-02-10 01:12:50 +01:00
.all-contributorsrc Add @samtoxie as a contributor 2025-02-13 16:01:22 +01:00
.bumpversion.cfg Bump version: 0.12.0 → 0.13.0-beta.1 2025-02-02 21:22:55 +01:00
.dockerignore
.env
.flake8 added e2e tests 2022-08-14 12:36:49 +02:00
.gitignore Validate a TOTP code before saving it (#1055) 2024-09-11 09:30:02 +02:00
Cargo.lock bumped russh for the mlock() fix 2025-02-09 18:48:15 +01:00
Cargo.toml bumped russh for the mlock() fix 2025-02-09 18:48:15 +01:00
clippy.toml added cranky and removed all .unwrap() usages 2022-07-23 21:31:35 +02:00
Cranky.toml added streamlocal-forward support (remote UNIX socket forwarding) (#1243) 2025-02-09 15:28:22 +01:00
Cross.toml build updates 2022-11-22 00:52:43 +01:00
deny.toml bump vulnerable deps (#1241) 2025-02-09 00:08:59 +01:00
justfile PostgreSQL support (#1021) 2024-10-09 00:08:33 +02:00
LICENSE
README.md Implement Agent Forwarding (#1249) 2025-02-13 15:56:42 +01:00
rust-toolchain docker fix (#1229) 2025-01-30 14:16:37 +01:00
rustfmt.toml sorted imports 2022-07-15 20:27:33 +02:00
sonar-project.properties added e2e tests 2022-08-14 12:36:49 +02:00


Shows a black logo in light color mode and a white one in dark color mode.


GitHub All Releases     Discord


Warpgate is a smart SSH, HTTPS, MySQL and PostgreSQL bastion host for Linux that doesn't need special client apps.

  • Set it up in your DMZ, add user accounts and easily assign them to specific hosts and URLs within the network.
  • Warpgate will record every session for you to view (live) and replay later through a built-in admin web UI.
  • Not a jump host - forwards your connections straight to the target instead.
  • Native 2FA and SSO support (TOTP & OpenID Connect)
  • Single binary with no dependencies.
  • Written in 100% safe Rust.

Getting started & downloads

image
image image

Project Status

The project is currently in alpha stage and is gathering community feedback.

How it works

Warpgate is a service that you deploy on the bastion/DMZ host, which will accept SSH, HTTPS, MySQL and PostgreSQL connections and provide an (optional) web admin UI.

Run warpgate setup to interactively generate a config file, including port bindings. See Getting started for details.

It receives connections with specifically formatted credentials, authenticates the user locally, connects to the target itself, and then connects both parties together while (optionally) recording the session.

When connecting through HTTPS, Warpgate presents a selection of available targets, and will then proxy all traffic in a session to the selected target. You can switch between targets at any time.

You manage the target and user lists and assign them to each other through the admin UI, and the session history is stored in an SQLite database (default: in /var/lib/warpgate).

You can also use the admin web interface to view the live session list, review session recordings, logs and more.

Contributing / building from source

  • You'll need Rust, NodeJS and Yarn
  • Clone the repo
  • Just is used to run tasks - install it: cargo install just
  • Install the admin UI deps: just yarn
  • Build the frontend: just yarn build
  • Build Warpgate: cargo build (optionally --release)

The binary is in target/{debug|release}.

Tech stack

  • Rust 🦀
    • HTTP: poem-web
    • Database: SQLite via sea-orm + sqlx
    • SSH: russh
  • Typescript
    • Svelte
    • Bootstrap

Backend API

  • Warpgate admin and user facing APIs use autogenerated OpenAPI schemas and SDKs. To update the SDKs after changing the query/response structures, run just openapi-all.

Contributors

Thanks goes to these wonderful people (emoji key):

Eugeny
Eugeny

💻
Spencer Heywood
Spencer Heywood

💻
Andreas Piening
Andreas Piening

💻
Niklas
Niklas

💻
Nooblord
Nooblord

💻
Shea Smith
Shea Smith

💻
samtoxie
samtoxie

💻

This project follows the all-contributors specification. Contributions of any kind welcome!