Home

Awesome

Engity's Bifröst

Engity's Bifröst

Bifröst (spoken as "Bee-frest"), is an advanced SSH server. It can be used as a drop-in-replacement for OpenSSH Server, but it was actually created with some more advanced stuff in mind; see below.

TOC

Features

  1. SSH protocol compliant
  2. OpenID Connect
  3. Docker environments
  4. Kubernetes environments
  5. Remember me
  6. Automatic user provisioning

SSH protocol compliant

Fully SSH protocol compliant server, like you would expect.

OpenID Connect

You can connect via your SSH keys, as usually. And so on...

...but you can also use OpenID Connect (or OAuth2) identity provider. The best thing about this is: In contrast to the other SSH servers with OpenID Connect, you don't need any other client locally installed, than your regular SSH Client (OpenSSH, PuTTy, ...).

Docker environments

You can execute your users into individual Docker containers with custom images, network settings, and much more...

Kubernetes environments

Be directly inside a dedicated Pod inside your Kubernetes cluster and have access to all of its resources without extra port forwarding.

Remember me

If authorized via another authentication token then a Public Key, it can store (temporally) your provided Public Key, for faster reconnect, while the session is still alive.

Automatic user provisioning

If a local environment is used where the user executes inside and OpenID Connect was used to authorize a user, Bifröst can automatically create these users based on a defined requirement template.

It can also automatically clean up these users as they're no longer needed, for example: If their session becoming idle and times out (30 minutes). In this case the user itself, its home directory and all running processes can be cleaned up.

More to come...

What's next?

Read Use-Cases, our Getting starting guide and the configuration documentation to see what else you can do with Bifröst.

Status

This project is currently under development. The application is stable (file a bug if you find one), but the configuration/command/API structure needs improvement.

More topics