Warpgate

Warpgate is a bastion host for SSH, HTTPS, Kubernetes, MySQL, and PostgreSQL access. It is designed to sit in a DMZ, accept connections without a client app or SSH wrapper, and forward them straight to the target while keeping access control in one place.

It authenticates users locally, assigns them to specific hosts and URLs, and can record every session for live viewing and later replay. The admin web UI also shows live sessions, recordings, logs, and target and user management. For HTTPS sessions, it presents available targets and proxies traffic to the selected target, with target switching during a session.

Warpgate stores session history in SQLite, with the default data directory at /var/lib/warpgate. It is a single binary with no dependencies, written in 100% safe Rust, and is actively used in enterprise settings. Native 2FA and SSO support includes TOTP and OpenID Connect.