GhostGate v1.2.0

Zero-trust SSH/SFTP gateway that hands out disposable credentials, watches every session live, and puts you in control from your browser, desktop, or Telegram.

GhostGate sits in front of your servers as a secure bastion. Instead of sharing real logins, it mints temporary, single-session credentials on a random port, proxies the connection, and shreds access the moment the session ends. You see everything as it happens — and you can cut anyone off with one tap.

✨ Features

🔐 Ephemeral access, by design

  • One-click secure tunnels to any SSH/SFTP server with auto-generated temporary username, password & port — your real credentials are never exposed.
  • Session durations from 1 minute to 8 hours — or ♾ Forever sessions that never expire and survive app/server restarts until you kill them.
  • Extend on the fly (+30m) and Max concurrent sessions limits per server.
  • Vault-encrypted credential storage with Stored / Ask / Master-Passphrase modes — passwords can be kept, prompted per-use, or never stored at all.

🛡️ Command filtering & approvals

  • Per-session policy: Off · Whitelist · Restrict (block-list + approval-list) with ready-made presets (Read-Only, Standard Ops, Full Admin, Destructive, Firewall…).
  • Telegram approval for flagged commands — dangerous actions wait for your tap before they run.

📡 Live monitoring

  • Real-time upload/download traffic, per-connection stats, client IP + geo/country, last command, and live uptime counters.
  • Kick a connection or ban an IP instantly.
  • Per-operator scoped IP bans (block only your account) and global admin bans — each with their own managed list.

🤖 Telegram control

  • Live session bar in Telegram, login alerts, and an approval flow for creating/killing sessions and deleting servers — approve or deny from your phone.

🌐 Access anywhere

  • Web dashboard, native Windows desktop app, and a full REST API (v1) with API keys.
  • One-click HTTPS — enable TLS on a custom port and GhostGate auto-generates the certificate and starts the secure listener instantly, no restart.
  • Trust this browser — skip password + 2FA on devices you own for 1 hour → Forever, with revocable, hash-stored device tokens.

👥 Org-ready

  • Admin / Operator roles, team management, 2FA (TOTP), login rate-limiting, IP whitelisting, and a full audit log.
  • Server cards with groups, drag-to-reorder, and instant search; saved SSH keys (.pem import); in-browser terminalscheduled sessions; and traffic usage tracking.

Leave a Reply

Your email address will not be published. Required fields are marked *