GitHub Repository

Cardea is an SSH bastion server with access control, session recording, and optional TPM-backed key protection.

22 starsGo

Cardea, SSH bastion with per-key ACLs, TPM keys and session recording

Name: Cardea, SSH bastion with per-key ACLs, TPM keys and session recording
Availability: InStock
Author: hectorm

by hectorm·Mar 17, 2026·1 point·0 comments

Visit Project View on HN

AI Analysis

●●SolidBig BrainNiche Gem

File-based ACLs reviewable in PRs beat database-backed bastions for small teams.

Strengths

•Access policies in text files enable PR reviews and config management deployment
•TPM 2.0 binding prevents bastion host key extraction from compromised servers
•Single static Go binary with no database or web UI reduces attack surface

Weaknesses

•Teleport and other SSH certificate authorities already serve enterprise market
•macOS/Linux only - Windows SSH users cannot use TPM key protection features

Post Description

Author here. Cardea is an SSH bastion I wrote to manage access to some servers I administer. Access policies are defined in a single text file, similar to OpenSSH's authorized_keys format, with macros, server groups, time windows, and key expiry, so everything is reviewable in PRs and deployable with config management. No database, no web UI.

Clients connect with any standard SSH client encoding the target as the SSH username (e.g. ssh [email protected]:[email protected]). Sessions can be recorded in asciinema v3 format. Host keys can optionally be bound to a TPM 2.0 so they can't be extracted.

It's a single static Go binary with minimal dependencies. Builds are reproducible, immutable, and include provenance attestation.

Happy to answer questions.