Why Warpgate Is the Lightweight Rust‑Based Bastion Host Redefining Secure Remote Access

01 Warpgate是什么？

Warpgate is an open‑source, Rust‑based intelligent bastion host that provides secure, transparent, high‑performance remote access management for enterprises.

It runs on Linux (and macOS), deployed in a DMZ or outside the firewall, acting as the sole entry point between external networks and internal resources. Unlike traditional bastion hosts, it requires no client software for SSH, HTTPS, MySQL, or PostgreSQL access.

Official site: https://warpgate.null.page/

02 为什么选择Warpgate？

All‑protocol support: SSH, HTTPS, MySQL, PostgreSQL.

Zero client dependency: connect via standard SSH client or browser.

Security first: native TOTP 2FA and OpenID Connect SSO.

Session recording and audit: real‑time view and playback.

Minimal deployment: single 30 MB binary, Docker one‑click.

Modern web UI: manage users, hosts, permissions via browser.

Since its open‑source launch, Warpgate has earned 5.3K GitHub stars, showing strong community adoption. As of Dec 2024 it has fixed critical issues such as optional 2FA for SSH, ECC certificate parsing, and PostgreSQL public‑key authentication.

03 Warpgate的核心功能

Warpgate’s core capabilities are comprehensive, transparent, and secure.

Multi‑protocol support : Handles SSH, HTTPS, MySQL, PostgreSQL, allowing developers, web services, and DBAs to access resources through a single gateway.

Transparent connection, zero client : Users employ existing SSH clients or browsers; Warpgate proxies authentication and routing behind the scenes.

Native 2FA & SSO : Built‑in TOTP and OpenID Connect enable two‑factor authentication and single‑sign‑on with enterprise IdPs.

Session recording & audit : Every session is logged with timestamps and can be replayed, meeting compliance requirements for regulated industries.

Single binary, easy deployment : Download a 30 MB binary or use the Docker image; no extra dependencies.

Web management UI : Browser‑based interface built with TypeScript, Svelte, and Bootstrap for user, host, and permission management, real‑time session monitoring, and key acceptance.

Backend uses Rust libraries: poem‑web (HTTP), sqlx & sea‑orm (SQLite), russh (SSH). Frontend uses TypeScript, Svelte, Bootstrap.

Source code: https://github.com/warp-tech/warpgate