README
¶
Enity's Bifröst
Bifröst (speaken as "Beef-roest"), is an advanced SSH server. It can be used as a drop-in-replacement for OpenSSH Server, but it was actually created with some more advanced stuff in mind; see below.
TOC
Features
SSH protocol complaint
Fully SSH protocol compliant server, like you would expect.
OpenID Connect
You can connect via your SSH keys, as usually. And so on...
...but you can also use OpenID Connect (or OAuth2) identity provider. The best thing about this is: In contrast to the other SSH servers with OpenID Connect, you don't need any other client locally installed, than your regular SSH Client (OpenSSH, PuTTy, ...).
Remember me
If authorized via another authentication token then a Public Key, it can store (temporally) your provided Public Key, for faster reconnect, while the session is still alive.
Automatic user provisioning
If a local environment is used where the user executes inside and OpenID Connect was used to authorize a user, Bifröst can automatically create these users based on a defined requirement template.
It can also automatically clean up these users as they're no longer needed, for example: If their session becoming idle and times out (30 minutes). In this case the user itself, its home directory and all running processes can be cleaned up.
More to come...
Getting started
- Download the latest version of Bifröst (see releases page):
# Syntax curl -sSLf https://github.com/engity-com/bifroest/releases/download/<version>/bifroest-<os>-<arch>-<edition>.tgz | sudo tar -zxv -C /usr/bin bifroest # Example curl -sSLf https://github.com/engity-com/bifroest/releases/download/v1.2.3/bifroest-linux-amd64-extended.tgz | sudo tar -zxv -C /usr/bin bifroest - Configure Bifröst. For example download the demo configuration and adjust for your needs (see our demo configuration for the documentation about it):
sudo mkdir -p /etc/engity/bifroest/ sudo curl -sSLf https://raw.githubusercontent.com/engity-com/bifroest/main/doc/configurations/sshd-dropin-replacement.yaml -o /etc/engity/bifroest/configuration.yaml # Adjust it to your needs sudo vi /etc/engity/bifroest/configuration.yaml - Run Bifröst:
sudo bifroest run
Let it run automatically
systemd
To enable Bifröst to run at every server start where systemd is available, simply:
- Download our example service configuration:
sudo curl -sSLf https://raw.githubusercontent.com/engity-com/bifroest/main/doc/systemd/bifroest.service -o /etc/systemd/system/bifroest.service - Reload the systemd daemon:
sudo systemctl daemon-reload - Enable and start Bifröst:
sudo systemctl enable bifroest.service sudo systemctl start bifroest.service
State
This project is currently still in the development phase. We do guarantee a stable application (file a bug once you finde one) but not an 100% stable configuration/command/API structure.
Contributing
Enity's Bifröst is an open source project by Engity GmbH. So if you want to make this project even better, you can contribute to this project on Github by fork us.
If you commit code to this project, you have to accept that this code will be released under the license of this project.
License
See the LICENSE file.
Directories
¶
| Path | Synopsis |
|---|---|
|
cmd
|
|
|
bifroest
command
|
|
|
internal
|
|
|
fmtsort
Package fmtsort provides a general stable ordering mechanism for maps, on behalf of the fmt and text/template packages.
|
Package fmtsort provides a general stable ordering mechanism for maps, on behalf of the fmt and text/template packages. |
|
text/template
Package template implements data-driven templates for generating textual output.
|
Package template implements data-driven templates for generating textual output. |
|
pkg
|
|