Esta página se muestra en inglés. Una traducción al español está en curso.
ConfigsJul 17, 2026·3 min de lectura

Warpgate — Transparent SSH, HTTPS, and Database Bastion

A smart bastion host written in Rust that provides transparent SSH, HTTPS, MySQL, and PostgreSQL proxying with built-in authentication and session recording.

Listo para agents

Instalación lista para agent

Este activo puede instalarse después de elegir el runtime, revisar el plan y ejecutar el comando correspondiente.

Native · 98/100Política: permitir
Superficie agent
Cualquier agent MCP/CLI
Tipo
Skill
Instalación
Single
Confianza
Confianza: Established
Entrada
Warpgate Overview
Comando de instalación directa
npx -y tokrepo@latest install 6221a99b-81dd-11f1-9bc6-00163e2b0d79 --target codex

Ejecutar después de confirmar el plan con dry-run.

Introduction

Warpgate is a smart bastion host and privileged access management (PAM) tool written in Rust. It acts as a transparent proxy for SSH, HTTPS, MySQL, and PostgreSQL connections, requiring no additional client-side software. Users connect to Warpgate using their standard tools, and it forwards the connection to the target after authentication.

What Warpgate Does

  • Proxies SSH connections transparently — no agent or special client needed
  • Proxies HTTPS traffic with SNI-based routing to internal web applications
  • Proxies MySQL and PostgreSQL connections with credential injection
  • Records SSH sessions with full terminal replay capability
  • Provides a web-based admin UI for managing targets, users, and audit logs

Architecture Overview

Warpgate is a single Rust binary that listens on configurable ports for SSH, HTTPS, MySQL, and PostgreSQL protocols. For SSH, it implements a full SSH server that authenticates the user, then opens a client connection to the target host. For HTTPS, it performs TLS termination and reverse-proxies to backends. Database proxying intercepts the authentication handshake and injects stored credentials. All sessions are logged to a SQLite database with optional terminal recordings.

Self-Hosting & Configuration

  • Download a prebuilt binary or build from source with cargo
  • Run warpgate setup to generate the initial configuration and admin credentials
  • Configure targets (SSH hosts, HTTPS endpoints, databases) in the YAML config file
  • TLS certificates can be auto-provisioned via built-in ACME (Let's Encrypt) support
  • Authentication supports passwords, SSH keys, SSO via OpenID Connect, or TOTP 2FA

Key Features

  • Zero client-side software required for SSH, HTTPS, and database access
  • Built-in session recording and audit trail with web-based replay
  • OpenID Connect SSO integration for enterprise identity providers
  • Automatic TLS certificate management via ACME
  • Single static binary with embedded web UI, no runtime dependencies

Comparison with Similar Tools

  • Teleport — feature-rich PAM platform; Warpgate is lighter and simpler to deploy
  • Boundary (HashiCorp) — identity-aware proxy; Warpgate adds HTTPS and database proxying
  • Apache Guacamole — browser-based remote desktop; Warpgate focuses on SSH and protocol proxying
  • sshuttle — VPN-over-SSH tool; Warpgate is a bastion proxy with audit capabilities
  • StrongDM — commercial PAM; Warpgate is free, open source, and self-hosted

FAQ

Q: Do users need to install anything on their machines? A: No. Users connect with their standard SSH client, web browser, or database client.

Q: Can I use it as a reverse proxy for web apps? A: Yes. Warpgate can proxy HTTPS traffic to internal web services with automatic TLS.

Q: How are database credentials handled? A: Credentials for target databases are stored in Warpgate's configuration. Users authenticate to Warpgate, which then injects the real credentials when connecting to the target.

Q: Does it support Kubernetes access? A: Warpgate supports SSH and HTTPS proxying which can be used with kubectl via an HTTPS proxy. Native Kubernetes API proxying is a planned feature.

Sources

Discusión

Inicia sesión para unirte a la discusión.
Aún no hay comentarios. Sé el primero en compartir tus ideas.

Activos relacionados