Shield Your LAN with sshGate

Average rating: ****.
(4.00, 1 rating)

History & context

The Linagora admin team was looking for an Open Source tool to streamline the hassle of managing SSH public keys across a large datacenter. Thus sshGate was born, as a script to publish and revoke public keys on all targets. Later on came the need to be able to define a finer grain policy. Going beyond, sshGate has become an ssh “gateway”, centralizing access and controls, and allowing new features such as logging TTYs.

Market analysis

An open source project called “ssh proxy” exists on freshmeat, but has not been updated since 2008. It has fewer functionalities than sshGate, and requires a specific client.
A closed source product called “Observe-it” provides multiple features, including support for Citrix, and rdp. The number of target is limited, as in a paying feature.
A void in the Open Source arena was begging to be filled !

Self-assigned goals

  • no specific client required
  • only one software dependency (on OpenSSH) on the gate server
  • no software required on the targets

Architecture overview

Graphical representation at

uses bash, ScriptHelper, script/scriptreplay

One year later …

sshGate has been deployed at Linagora since September 2010 to assist the admins in their tasks ; it is now able to record and replay TTYs as an added diagnostic feature. It now supports the full range of OpenSSH options, including LocalForward, RemoteForward, and ProxyCommand.

Distribution & community

Bootstrapping the community right now. Available on, under GPLv2. The packaging in deb, rpm, and for Arch and openBSD distributions are coming along.

Photo of Patrick Guiran

Patrick Guiran


Patrick Guiran has graduated from the French computer Science school of Engineering EPITA in 2006, with a major in Real-Time software programming. After working for Tele2 ISP, and on eCOS/ARM for the world wireless leader Parrot, he has joined Linagora to contribute to a high-volume low-latency electronic payment system for the leading router of interbanking authorizations SER2S. In 2009, he joins the Linagora Run Services business unit as the Open Source expert. He is now the manager of the Open Source Software support team.