Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/b1naryth1ef/bowser

a smart, friendly, secure, and auditable ssh daemon
https://github.com/b1naryth1ef/bowser

bastion certificates ssh

Last synced: about 2 months ago
JSON representation

a smart, friendly, secure, and auditable ssh daemon

Host: GitHub
URL: https://github.com/b1naryth1ef/bowser
Owner: b1naryth1ef
Created: 2016-12-03T11:46:31.000Z (almost 8 years ago)
Default Branch: master
Last Pushed: 2021-06-10T16:08:04.000Z (over 3 years ago)
Last Synced: 2024-06-18T23:16:09.424Z (3 months ago)
Topics: bastion, certificates, ssh
Language: Go
Size: 71.3 KB
Stars: 44
Watchers: 3
Forks: 10
Open Issues: 1
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# Bowser

Bowser is a modern, simple, and grokable SSH daemon built to act as a bastion and SSH certificate authority. Bastion provides users with a unobtrusive yet highly secure flow to SSH. Bowser was built at [Discord](https://discordapp.com/).

### Features
- Three-Factor authentication using SSH keys, passwords, and TOTP
- Automatic generation of signed SSH keys and certificates for access to proxied servers
- Extensive logging to multiple outlets
- Simple, auditable codebase

## Usage

### Example Config

```json
{
"bind": "0.0.0.0:22",
"discord_webhooks": ["https://canary.discordapp.com/api/webhooks/255545515817566228/my_discord_webhook_token"]
}
```

### Example Accounts

```json
[
{
"username": "andrei",
"password": "$2a$15$QWu4umMh.ZRd5RtrMNkY4e0N197Uha8poioQsEn5spjz5brU8FIRK",
"ssh-keys": [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCooBb+XKzBkDbr2qc1NM5iTRoaKXtjZPS0l9eOD+szEowHX5P+Ab4uvWcs6KUPcbITBZK60AN3Pi6mt5sTUQuqkFOGJolh6sDXpiBis7bkxQoDe11oOeHfBBHE5YfUaa7naLopN0cSXTkusY/ReNQDvIjQVjfmwoGA2pW96wV1oqnPDHz8HRUcHjfTdjovWY8xMRO0ZsHuavOdk8O+FYaD8BIO3i0bIa/tFe56Eme2FuCN77PgsHVA0HTzMAUGNpZU0zYsk8B5pjpQQyScSpE2ZfF2JqxcTl4KrnxWA3XtDtD3+lPR7ryWy+qDgrf9UxkuP7FEdIE6yD4lZdu0UdcD [email protected]"
],
"mfa": {
"totp": "AAAAAAAAAAAAAAAA"
},
}
]
```

### Example SSH Config

```
Host bastion
Hostname bastion.my.corp
Port 22
ControlMaster auto
ControlPath /tmp/ssh-control-%r@%h:%p
ControlPersist 30m

Host credit-card-database1
Hostname credit-card-database1.my.corp
ProxyCommand ssh -W %h:%p bastion
```

## FAQ

### OpenSSH fails with "no private key for certificate"

This is caused by [this](https://bugzilla.mindrot.org/show_bug.cgi?id=2550) OpenSSH bug. Upgrade your version of OpenSSH to resolve.