I've been struggling for years with SSH access management issues, such as having SSH ports exposed to the internet, scattered user accounts across servers, slow and risky offboarding, and lacking visibility into what occurs during sessions. To tackle these problems across different infrastructures, I've developed a tool with the following features: SSH access is restricted at the firewall level, meaning only one trusted entry point can connect; no local users are created on servers; access is centrally enforced with ACLs; SSH keys are encrypted in a user-based manner to avoid risks from database leaks; session recording and auditing are available; and commands can be executed securely across multiple devices. I'm not trying to sell this, just looking for feedback from those who manage real infrastructures. I've shared a demo of how it works and more technical details on the project site. I'd like your insights on the security model, how it fits into real-world DevOps or MSP workflows, and if there's anything that seems unnecessary or missing.
3 Answers
Teleport is a strong contender for SSH management. Personally, I haven't SSH'd into a server in six years; I rely on SSM for emergencies and rarely need it. Your tool looks interesting, but some features like adding devices via an app and not having IaC compatibility are concerning. Having to self-host and pay for it might be a dealbreaker for many, especially compared to fully managed options like Teleport. In environments where teams have shifted entirely away from SSH, tools like yours might not be necessary at all.
I noticed a few small inconsistencies regarding SSH in your interface; for instance, should 'ACLs' be consistently capitalized? Also, can you allow regex patterns for device groups? Importing devices en masse sounds essential—who wants to add them one by one? The 2FA feature is a great addition, but I’m curious if it works well with tools like Ansible for running scripts across hosts. The session replay feature is impressive, but I worry about accidentally capturing sensitive info like passwords—can we choose what gets logged? It would be great to control access for some sudo commands while restricting others.
If managing SSH is a hassle, Teleport or FoxPass could be perfect alternatives. Especially with FoxPass, it syncs nicely with SSO frameworks for authentication, plus setting up a home directory is straightforward.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures