SSH-Frontière

Restricted SSH login shell in Rust — a single, secure entry point for all incoming SSH connections.

SSH-Frontière replaces a Unix account's default shell (/bin/bash) with a program that validates every command against a declarative TOML configuration before executing it.

Why SSH-Frontière?

Secure by default — No command runs without being explicitly authorized. Deny by default, no shell, no injection possible.

Simple to deploy — A ~1 MB static binary, one TOML file, one line in /etc/passwd. No daemon, no service to manage.

Flexible — Three access levels (read, ops, admin), visibility tags, a structured header protocol. Compatible with AI agents, CI/CD runners, and maintenance scripts.

Auditable — Every command executed or denied is logged in structured JSON. 399 cargo tests + 72 E2E SSH scenarios.

Use cases

CI/CD runners (Forgejo Actions, GitHub Actions): deployments, backups, health checks via SSH
AI agents (Claude Code, etc.): controlled access to server resources with trust levels
Automated maintenance: backup, monitoring, and notification scripts

At a glance


Language	Rust (static musl binary, ~1 MB)
License	EUPL-1.2 — European Union Public License
Tests	399 cargo + 72 E2E SSH + 9 fuzz harnesses
Dependencies	3 direct crates (`serde`, `serde_json`, `toml`)
Configuration	Declarative TOML
Protocol	Text headers over stdin/stdout, JSON responses

Getting started

Discover SSH-Frontière — what it is, what it does, why it exists
Installation — compile, configure, deploy
Guides — step-by-step tutorials
Security — security model and guarantees
Architecture — technical design
Alternatives — comparison with other solutions
FAQ — frequently asked questions
Contribute — participate in the project