We are developing an analog 1Password for servers - https://werbot.com. This is a platform for easy audit, sharing, and control of access to servers with screen recording.
Good alternative ;)
We made sharing of server access simple and secure. Now users connect to all servers accessible to them, with a single sign-on using their login and their private key. We do not change the way to work on servers, we change the way to connect to them.
Easy to use - https://werbot.com
It is relevant now!!
Our interaction with servers is different. Every server session is recorded and can be replayed in the user profile. Also the server owner can see in real time who is working on the server.
I have already left a comment here above giving some details that differ us from other existing solutions.
Why would I pay $12,000/year for a self-hosted closed source SSH proxy+SSO while Teleport, a FOSS and battle tested alternative exists? Also something like Pritunl can does the same functionality along with a zillion more features while being more scalable and supports any protocol since it's a real VPN while only paying $50/month.
UPDATE: It seems also that Cloudflare's Access supports SSH and SSO.
Let me suppose that you do not exactly know the price of 1 sever maintenance provided by Symantec, CyberArk or CheckPoint. The VPN or Cloudflare's Access solutions you are talking about, are designed for other purposes. Teleport is working in another way at all. I understand that you are supporting FOSS and it's very good! I do not exclude the possibility to become a FOSS product one day. The most important thing is that you don't need to install any additional software on the client machine or server!
These are huge and public companies and are lots of regulation and scrutiny by the government and investors and are a big target for hackers and adversary governments and that's why they spend a fortune to keep their reputation clean. I don't think you should compare yourself to them.
>VPN or Cloudflare's Access solutions you are talking about, are designed for other purposes
What other purposes? please enlighten me
>The most important thing is that you don't need to install any additional software on the client machine or server
so your product works by authenticating uses via your webapp's SSO for example and then the client has to manually download the private keys and certificates and use them with the ssh command?
An important note - it doesn't require to install additional software on the server!
Werbot passes the entire user session through itself and records it in asciinema format. All records are stored in the database. In the future, it will be possible to download each session in SVG or mp4 format.
What happens then when werbot is down? I'm assuming this is a hosted service? What happens when a session is a day long, and the output is a verbose compilation of Firefox? Is that still all stored in the database?
From my work experience (such as software development and daily work with all kind of servers) I know that the most of companies (not only me) are constantly facing the following problems:
1. How to give access to an employee or a freelancer to the server and monitor their work?
2. How to provide one-time server access to outsourced developers so that they can perform the work and never use this access again?
3. How to restrict access to the server by time or by place?
4. How to be sure that any person having access to the server will not harm or install unnecessary software on it?
5. How to prevent storing server access in tasks, emails or tables that are not the safest storage place?
6. How quickly and safely give access to all employees if it has been changed?
7. How to protect the server resources from hacker attacks?
There are many more problems indeed, so I started to develop a platform that solves these problems and allows developers to do useful work and not use their time worrying about these problems.
Having more than 16 years of experience in software development and an extensive customer database, I can state that almost all IT companies, banks, educational institutions, and even government agencies have the same problems. All the contacted companies (banks, outsource developing company, games developing, web and application developing companies) are interested in a simple solution to these problems.
SSH Secrets Engine most likely acts as an API and uses a different work model than we do.
An important fact about Werbot is that there is no need to install additional software on a local machine or a remote server.
Werbot passes all the traffic through itself and all verifications take place directly in the core of the system. We do not change the way you are used to work on servers, we change the way you connect to them. Each connection is made with a single sign on (for example, user@werbot.com if using our SaaS version) and a user's private key. Once the user is signed on, a list of all available servers is displayed to him and he can automatically connect to one of them by just selecting the needed item on the list.
In the user's profile you can see the user's activity and the working time. Additional server access settings can be also managed through user's profile, for example you can set different access limitations by geolocation, IP, country or time schedule.
