Bifröst (spoken as "Bee-frest"), is an advanced SSH server. It can be used as a drop-in-replacement for OpenSSH Server, but it was actually created with some more advanced stuff in mind; see below.
- Use-cases
- Features
- Getting started
- Configuration
- Status
- License
- Code of Conduct
- Contributing
- Security
Fully SSH protocol compliant server, like you would expect.
You can connect via your SSH keys, as usually. And so on...
...but you can also use OpenID Connect (or OAuth2) identity provider. The best thing about this is: In contrast to the other SSH servers with OpenID Connect, you don't need any other client locally installed, than your regular SSH Client (OpenSSH, PuTTy, ...).
If authorized via another authentication token then a Public Key, it can store (temporally) your provided Public Key, for faster reconnect, while the session is still alive.
If a local environment is used where the user executes inside and OpenID Connect was used to authorize a user, Bifröst can automatically create these users based on a defined requirement template.
It can also automatically clean up these users as they're no longer needed, for example: If their session becoming idle and times out (30 minutes). In this case the user itself, its home directory and all running processes can be cleaned up.
- Download the latest version of Bifröst (see releases page):
# Syntax curl -sSLf https://github.com/engity-com/bifroest/releases/download/<version>/bifroest-<os>-<arch>-<edition>.tgz | sudo tar -zxv -C /usr/bin bifroest # Example curl -sSLf https://github.com/engity-com/bifroest/releases/download/v1.2.3/bifroest-linux-amd64-extended.tgz | sudo tar -zxv -C /usr/bin bifroest
- Configure Bifröst. For example, download the demo configuration and adjust it to your needs (see documentation of configuration for more details):
sudo mkdir -p /etc/engity/bifroest/ sudo curl -sSLf https://raw.githubusercontent.com/engity-com/bifroest/main/contrib/configurations/sshd-dropin-replacement.yaml -o /etc/engity/bifroest/configuration.yaml # Adjust it to your needs sudo vi /etc/engity/bifroest/configuration.yaml
- Run Bifröst:
sudo bifroest run
To enable Bifröst to run at every server start where systemd is available, simply:
- Download our example service configuration:
sudo curl -sSLf https://raw.githubusercontent.com/engity-com/bifroest/main/contrib/systemd/bifroest.service -o /etc/systemd/system/bifroest.service
- Reload the systemd daemon:
sudo systemctl daemon-reload
- Enable and start Bifröst:
sudo systemctl enable bifroest.service sudo systemctl start bifroest.service
Read Use-Cases and the configuration documentation to see what else you can do with Bifröst.
This project is currently under development. The application is stable (file a bug if you find one), but the configuration/command/API structure needs improvement.