Secure SSH bastion & PAM/NSS modules for LemonLDAP::NG - Centralized SSH & sudo access control with SSO integration.

Control SSH access and sudo privileges on your Linux servers through a centralized bastion server.

Open Bastion integrates your servers with LemonLDAP::NG (LLNG) to centrally manage who can SSH into which servers and who can use sudo. Administrators define access rules in the portal, and the PAM/NSS modules enforce them on each server.

Related contents:

• Newsletter du 19 Janvier 2026 @ Rudeops :fr:.

🛡️ Windows Hello™ style facial authentication for Linux.

Howdy provides Windows Hello™ style authentication for Linux. Use your built-in IR emitters and camera in combination with facial recognition to prove who you are.

Using the central authentication system (PAM), this works everywhere you would otherwise need your password: Login, lock screen, sudo, su, etc.

Related contents:

• Install Howdy in Ubuntu 24.04 for Windows Hello Style Facial Authentication @ UbuntuHandbook.
• I replaced Windows with Linux and everything’s going great @ The Verge.

An open-source PAM tool alternative to CyberArk

JumpServer is an open-source Privileged Access Management (PAM) tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints through a web browser.

• JumpServer @ GitHub.

Two-Factor Authentication for SSH with PAM Support (pam_duo).

Duo Unix includes a PAM module or alternatively a stand alone executable that can be used to protect programs such as SSH or Sudo.

Duo can be easily added to any Unix system to protect remote (SSH) or local logins with the addition of a simple pam_duo PAM module. It has been tested on Linux (RedHat, Fedora, CentOS, Debian, Ubuntu, Amazon Linux), BSD (FreeBSD, NetBSD, OpenBSD), Solaris, and AIX.

Duo Unix @ GitHub.