{"id":36547322,"url":"https://github.com/inpher/sb","last_synced_at":"2026-01-14T13:47:19.493Z","repository":{"id":50409602,"uuid":"518983492","full_name":"Inpher/sb","owner":"Inpher","description":"Resilient SSH bastion providing authentication, authorization, traceability and auditability","archived":false,"fork":false,"pushed_at":"2024-02-02T00:35:55.000Z","size":41751,"stargazers_count":11,"open_issues_count":0,"forks_count":0,"subscribers_count":4,"default_branch":"main","last_synced_at":"2024-06-21T01:55:40.551Z","etag":null,"topics":["bastion","devops","infrastructure","jumphost","security","ssh","ttyrec"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Inpher.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-07-28T20:18:49.000Z","updated_at":"2024-04-18T12:29:09.000Z","dependencies_parsed_at":"2024-02-02T00:46:09.674Z","dependency_job_id":null,"html_url":"https://github.com/Inpher/sb","commit_stats":{"total_commits":5,"total_committers":1,"mean_commits":5.0,"dds":0.0,"last_synced_commit":"a3c65bcd3553fb685f32a2792fd5825ec3bb9633"},"previous_names":["inpher/sb-tmp"],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/Inpher/sb","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Inpher%2Fsb","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Inpher%2Fsb/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Inpher%2Fsb/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Inpher%2Fsb/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Inpher","download_url":"https://codeload.github.com/Inpher/sb/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Inpher%2Fsb/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28422262,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T13:30:50.153Z","status":"ssl_error","status_checked_at":"2026-01-14T13:29:08.907Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bastion","devops","infrastructure","jumphost","security","ssh","ttyrec"],"created_at":"2026-01-12T06:07:20.970Z","updated_at":"2026-01-14T13:47:19.484Z","avatar_url":"https://github.com/Inpher.png","language":"Go","readme":"\u003cp align=\"center\"\u003e\n\u003cimg alt=\"SB logo\" src=\"./docs/assets/logo.png\"\u003e\u003cbr\u003e\n\u003ch1 align=\"center\"\u003eS(sh) B(astion)\u003c/h1\u003e\n\u003cp align=\"center\"\u003e\n  \u003cimg alt=\"Test status\" src=\"https://github.com/inpher/sb/workflows/main-tests/badge.svg\"\u003e\n  \u003ca href=\"http://goreportcard.com/report/inpher/sb\"\u003e\n     \u003cimg alt=\"Go report\" src=\"https://img.shields.io/badge/Go_report-A+-brightgreen.svg\"\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://opensource.org/licenses/MIT\"\u003e\n    \u003cimg alt=\"License\" src=\"https://img.shields.io/badge/license-MIT-brightgreen.svg\"\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/inpher/sb/releases/latest\"\u003e\n    \u003cimg alt=\"Release\" src=\"https://img.shields.io/github/release/inpher/sb.svg\"\u003e\n  \u003c/a\u003e\n\u003c/p\u003e\n\n## Intro\n\nAs a junior DevOps, you probably learned that you don't mess with security, and that publicly exposing a host \n(server, vm, cloud instance, ...) to the internet is messing with security.\n\nBut you (and your teams) still need to access these distant hosts, and setting firewall rules for every employee \nof your company is just not manageable.\n\nThis is usually where SSH ProxyJump comes in play: having a central point from where you will connect \nto your infrastructure. You can firewall every distant host to the IP address of your jump host, and all you have to do \nis to ensure that this central point is secured!\n\nThis is cool, but now that you still have two main issues:\n- you need to provision every employee's SSH keys to every distant host\n- you need to revoke these keys on every distant host when the employee leaves\n- you just added a single point of failure in your infrastructure\n\n\n## `sb` enters the place\n\nIn a nutshell, `sb` fixes these three issues and then more!\n\nAs an SSH bastion, it works by piping two SSH connections together (employee -\u003e sb -\u003e distant host).\n\nSince you now have two separate SSH connections, the user is authenticated on the bastion by the bastion, \nand this is where (and only where) their public SSH key sits... revoking just became easy!\n\n_But that's not it!_\n\nWithout compromising the security, `sb` brings groups with shared SSH keys that stay on the bastion. \nYou don't have to provision keys anymore, and you just have to grant access to distant hosts to your users.\n\n_But that's not it!_\n\n`sb` supports multi-primary replication between instances: you create users on one instance, \nthey can use another geo-replicated instance in seconds!\n\n\n## Cherry on the cake\n\nOn top of security and high-availability, `sb` brings auditability and traceability for free to your infrastructure!\n\nBy only granting accesses to users and groups through `sb`, you can easily know who can (and did) access what \nat all time. This is, for example, required for ISO 27001.\n\nPlus for higher norms (_SOC1_, _SOC2_, _PCI-DSS_, ...), every SSH session is recorded via TTYRec, so you can replay it!\n\nAnd because you have the session recording, why not allow the users to replay their sessions with TTYPlay \nor even convert these recordings as GIF?\n\n![recording.gif](./docs/assets/recording.gif)\n\n# Documentation\n\nQuick demo with Docker images:\n1. [Demo](./docs/demo.md)\n\nGeneral and features documentation:\n1. [Genesis and core ideology](./docs/genesis-core-ideology.md)\n2. [Permissions](./docs/permissions.md)\n3. [High Availability](./docs/high-availability.md)\n4. [Usage examples](./docs/usage.md)\n5. [Features](./docs/features.md)\n\nAdministration documentation:\n1. [Installation](./docs/installation.md)\n2. [Setup first account](./docs/setup-first-account.md)\n3. [Configuration](./docs/configuration.md)\n4. [Backup and restore](./docs/backup-and-restore.md)\n5. [Production deployment](./docs/production-deployment.md)\n\n# License\n\nReleased under the [MIT License](https://github.com/inpher/sb/blob/master/LICENSE)\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Finpher%2Fsb","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Finpher%2Fsb","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Finpher%2Fsb/lists"}