GitHub Repository

Modern SSH security for self-hosted Linux — Telegram-approved access, honeypot diversion, session recording, JIT user grants. One Python file.

3 starsPython

CodeGuard – defence-in-depth SSH security in one Python file

Name: CodeGuard – defence-in-depth SSH security in one Python file
Availability: InStock
Author: georgebigh

by georgebigh·May 26, 2026·2 points·0 comments

Visit Project View on HN

AI Analysis

●●SolidWizardryNiche Gem

Single Python file adds Telegram 2FA and honeypot traps to OpenSSH.

Strengths

•~6,000 lines, stdlib only, no runtime dependencies—genuinely single-file deployment
•Telegram out-of-band approval for non-interactive SSH/SFTP/SCP sessions
•Honeypot diversion logs wrong-secret IPs in sandboxed shell with asciinema recording

Weaknesses

•Teleport handles enterprise/SOC 2 needs better—this targets homelab specifically
•Zero forks and stars suggest limited community adoption or testing

Similar Projects

Security●●Solid

AgentArmor – open-source 8-layer security framework for AI agents

Eight-layer defense-in-depth for AI agents when Guardrails AI only handles inputs.

Solve My ProblemShip It

AgastyaTodi

1063mo ago

Developer Tools●●Solid

Terminal UI for managing SSH servers (users admin, file transfers)

Agentless server security and monitoring dashboard that runs from a single Python file.

Wizardry

whitemanv

301mo ago

Security●Mid

Endlessh Fisher – Turn SSH tarpit bots into collectible fish

It turns trapped SSH bots into collectible fish with species tied to trap duration, a live aquarium view, achievements, leaderboards and a read-only REST API — a delightful gamification of honeypot telemetry. Nice practical details too: privacy-friendly default hashing, optional on-click IP lookups (Shodan/AbuseIPDB), and a Docker Compose entrypoint that runs migrations and seeds automatically; just remember this is purely a visualization layer — you still need endlessh-go and InfluxDB.

Niche GemRabbit Hole

darkwolfcave

313mo ago

Security●●Solid

A 3-line wrapper that enforces deterministic security for AI agents

Deterministic policy checks beat LLM-as-judge for agent security, no token burn.

Big BrainSolve My Problem

tonyww

103mo ago

Security●●●Banger

GuardLLM, hardened tool calls for LLM apps

Lifecycle-aware security pipeline, not point tools—shared context from ingress through output.

Big BrainSolve My ProblemWizardry

mhcoen

104mo ago

AI/ML●●Solid

Open-source monitoring for AI agents (MCP-compatible)

One-line monitoring for agents; drift + security scanning matter for production, but early MVP.

Ship ItBig Brain

yohanpoul

104mo ago