Releases: Splat/SSHadow
Releases · Splat/SSHadow
SSHadow v0.1.0 - Initial Release
SSHadow v0.1.0
Initial release of SSHadow - SSH connection monitoring for bastion hosts.
What it does
Sits in front of your SSH server and tracks who's connecting, how they're authenticating, and from where. Exposes metrics for Prometheus and a web dashboard.
Features
- Three operating modes: proxy, log monitor, or hybrid
- Auth tracking: password, public key, and SSH certificates
- DoS detection: pre-aggregated metrics by IP, user, and key for alerting
- Outputs: HTML dashboard, Prometheus metrics, JSON API
Quick Start
# Generate host key
ssh-keygen -t ed25519 -f ssh_host_key -N ""
# Run proxy mode, rebind SSHD port to run SSHadow on 22 and SSHD on 2222
./SSHadow -hostkey ssh_host_key -listen :22 -target localhost:2222
# View dashboard
open http://localhost:9090Downloads
Platform │ Binary
Linux x64 │ SSHadow-linux-amd64
Linux ARM64 │ SSHadow-linux-arm64
macOS Intel │ SSHadow-darwin-amd64
macOS Apple Silicon │ SSHadow-darwin-arm64
Windows x64 │ SSHadow-windows-amd64.exe
Known Limitations
- Proxy mode only forwards password auth (pubkey/cert auth requires agent forwarding - planned for future release)
- Uses InsecureIgnoreHostKey() for target connections - implement proper host key validation in production
What's Next
- SSH agent forwarding support for pubkey/cert auth
- Session recording