awesome-ssh - :computer: A curated list of SSH resources.

A curated list of SSH apps, libraries and resources. Inspired by the awesome list thing.

Paramiko - The leading native Python SSHv2 protocol library.

•    Python

"Paramiko" is a combination of the Esperanto words for "paranoid" and "friend". It's a module for Python 2.7/3.4+ that implements the SSH2 protocol for secure (encrypted and authenticated) connections to remote machines. Unlike SSL (aka TLS), SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. You may know SSH2 as the protocol that replaced Telnet and rsh for secure access to remote shells, but the protocol also includes the ability to open arbitrary channels to remote services across the encrypted tunnel (this is how SFTP works, for example).

sharkey - Sharkey is a service for managing certificates for use by OpenSSH

•    Go

Sharkey is a service for managing certificates for use by OpenSSH.Sharkey has a client component and a server component. The server is responsible for issuing signed host certificates, the client is responsible for installing host certificates on machines. Sharkey builds on the trust relationships of your existing X.509 PKI to manage trusted SSH certificates. Existing X.509 certificates can be minted into SSH certificates, so you don't have to maintain two separate PKI hierarchies.

passphrase-identity - Regenerable ed25519 keys for OpenSSH and OpenPGP.

•    C

Regenerable ed25519 keys for OpenSSH and OpenPGP. Passphrase Identity allows you to deterministically generate ed25519 key pairs (signing keys) for OpenSSH and OpenPGP from a set of parameters. This allows you to (re)generate your key pair on a computer which, for example, lacks persistent storage - it derives an "identity" from a passphrase.

python-sshpubkeys - OpenSSH public key parser for Python

•    Python

Native implementation for validating OpenSSH public keys. Currently ssh-rsa, ssh-dss (DSA), ssh-ed25519 and ecdsa keys with NIST curves are supported.

bastion - 🔒Secure Bastion implemented as Docker Container running Alpine Linux with Google Authenticator & DUO MFA support

•    Shell

This is a secure/locked-down bastion implemented as a Docker Container. It uses Alpine Linux as the base image and ships with support for Google Authenticator & DUO MFA support. It was designed to be used on Kubernetes together with GitHub Authorized Keys to provide secure remote access to production clusters.

curse - CURSE is an SSH certificate signing server, built as an alternative to Netflix's BLESS tool, but without a dependency on AWS

•    Go

CURSE is an SSH certificate signing server, built as an alternative to Netflix's BLESS tool, but without a dependency on AWS. This software is currently in a beta state, feel free to submit issues on GitHub with any suggestions for improvement/feature requests or issues encountered.

edkey - edkey allows you to write ED25519 private keys in the OpenSSH private key format

•    Go

edkey allows you to write ED25519 private keys in the OpenSSH private key format

terraform-tls-ssh-key-pair - Terraform module for generating an SSH public/private key file.

•    HCL

Terraform module for generating an SSH public key file. This project is part of our comprehensive "SweetOps" approach towards DevOps.

wsl-ssh-pageant - A Pageant -> TCP bridge for use with WSL, allowing for Pageant to be used as an ssh-ageant within the WSL environment

•    CSharp

On the Windows side run Pageant (or compatible agent such as gpg4win). On the Windows side run Pageant (or compatible agent such as gpg4win).

massh-enum - OpenSSH 2.3 up to 7.4 Mass Username Enumeration (CVE-2018-15473).

•    Shell

OpenSSH 2.3 up to 7.4 Mass Username Enumeration (CVE-2018-15473).

gitcache-ssh - Simple SSH based Git cache

•    Go

gitcache-ssh is a simple SSH based Git cache. This tool was conceived and written to dramatically reduce the bandwidth consumed by developers and CI/CD build and test systems that constantly communicate with geographically remote Git repositories.

rust-sshkeys - Rust library for reading OpenSSH public keys and certificates

•    Rust

The sshkeys crate is a Rust library, which provides types and methods for parsing OpenSSH public keys and certificates. In order to use this crate in your project, simply add the following to your Cargo.toml file.

ssh-inscribe - SSH CA Client/Server

•    Go

Note: this software is in alpha phase. Commands and API can change. Feedback would be appreciated. ssh-inscribe can help you to manage your secure access to your organizations SSH hosts. It achieves this by leveraging SSH User Certificates.

terraform-aws-ssm-tls-ssh-key-pair - Terraform module that provisions an SSH TLS Key pair and writes it to SSM Parameter Store

•    HCL

Terraform module that provisions an SSH TLS key pair and writes it to SSM Parameter Store. This is useful for bot accounts (e.g. for GitHub). Easily rotate SSH secrets by simply tainting the module resource and reapplying.

gsh - GSH is an OpenID Connect-compatible authentication system for systems using OpenSSH servers

•    Go

GSH is an OpenID Connect-compatible authentication system for systems using OpenSSH servers consisting of an out-of-box binary set. Its use requires only a few configurations in the sshd_config file, allowing for a staged migration of an infrastructure based on PAM authentication (LDAP/AD/Kerberos/etc) to an authentication structure with OpenID Connect and SSH certificates. This project is based on a number of other similar projects.