OpenPortal is an open-source SSH proxy system inspired by Teleport. It provides secure access to infrastructure with SSH session recording and role-based access control.

• SSH Proxy: Transparently proxy SSH connections to target servers
• Session Recording: Capture and store SSH sessions for audit and playback
• Role-Based Access Control: Fine-grained control over who can access what
• Audit Logging: Comprehensive logging of all access attempts
• Web API: RESTful API for user and role management
• 100% Open Source: Free to use, modify, and distribute

OpenPortal consists of several modular components that work together:

1. Auth Service: Manages user identities and authentication methods (password and SSH key)
2. Proxy Service: Intercepts and forwards SSH connections with access control
3. Recording Service: Captures SSH sessions with support for command tracking and playback
4. RBAC Engine: Manages role-based access control with granular permissions
5. API Server: Provides a RESTful HTTP API for management

• Go 1.18 or higher
• PostgreSQL or MySQL database (for user management)
• SSH server on target machines

1. Clone the repository:

   git clone https://github.com/ioudkerk/openportal.git
   cd openportal
   

2. Build the components:

   make build
   

3. Generate a host key:

   ssh-keygen -t rsa -f ./host_key -N ""
   

4. Configure the system by editing config.yaml:

   proxy:
     listen_addr: "0.0.0.0:2222"
     target_addr: "localhost:22"
     host_key_path: "./host_key"
     recording_path: "./recordings"
   
   auth:
     database_url: "postgres://user:password@localhost/openportal"

5. Run the server:

   ./openportal server
   

ssh -p 2222 user@proxy-server

./openportal playback --file ./recordings/session-1234567890.log

./openportal users create --name "John Doe" --email "john@example.com" --roles "admin,developer"
./openportal roles create --name "developer" --permissions "ssh:read:*,ssh:write:dev-*"

1. Core SSH Proxy - Currently in progress

   • Basic SSH connection handling
   • Session recording
   • Simple authentication

2. RBAC System - Next milestone

   • Role definitions
   • Permission checking
   • Integration with SSH proxy

3. Web UI - Future enhancement

   • User management
   • Session playback
   • Audit log viewing

4. Certificate Authority - Future enhancement

   • Short-lived certificates
   • Certificate-based authentication

Contributions are welcome! Please feel free to submit a Pull Request.

1. Fork the repository
2. Create your feature branch (git checkout -b feature/amazing-feature)
3. Commit your changes (git commit -m 'Add some amazing feature')
4. Push to the branch (git push origin feature/amazing-feature)
5. Open a Pull Request

This project is licensed under the MIT License - see the LICENSE file for details.