Engity's Bifröst

The server implements the SSH protocol as defined in RFC 4253, allowing it to serve as a drop‑in replacement for traditional OpenSSH daemons. In addition to standard key‑based authentication, it supports OpenID Connect and OAuth2 identity providers, enabling users to log in with web‑based credentials without installing extra client software. The “remember me” feature can temporarily cache a public key after a token‑based login to speed subsequent reconnections while the session remains active.

Session execution can be directed to isolated environments. Users may be placed into dedicated Docker containers with custom images and networking, or into Kubernetes pods where they gain direct access to cluster resources without additional port forwarding. The server can automatically provision local system accounts based on configurable templates when OpenID Connect is used, and it can clean up those accounts, home directories, and processes when sessions become idle or expire.

The project is self‑hostable, open‑source under Apache‑2.0, and offered without subscription or tiered pricing. It is marked as stable, though configuration and API structures are still evolving.