RedFox Bastion

RedFox Bastion

Available

Zero Trust access platform — browser-based SSH access and Application Access (ZTNA), authenticated via Microsoft Entra ID, with immutable WORM audit logs. RDP, VNC, Kubernetes and database proxy are in development.

What RedFox Bastion does

RedFox Bastion replaces traditional VPN + jump host setups with a Zero Trust access platform. Users authenticate via Entra ID (OIDC), get role-based access to SSH/RDP targets and internal web applications (ZTNA), and every session is logged in a tamper-proof WORM audit trail.

Who is it for?

  • DevOps / Platform teams — centralized access to servers, databases and clusters without distributing SSH keys
  • Security teams — enforce least-privilege access with JIT elevation and full session audit
  • MSPs / Managed IT — multi-customer access management with RBAC and credential vault
  • Compliance officers — WORM audit logs for SOC 2, ISO 27001, NIS2 evidence

How it works

  1. Authenticate — User logs in via Entra ID (OIDC). No local passwords.
  2. Select target — RBAC determines which servers, databases or clusters the user can access.
  3. Connect — SSH terminal (xterm.js) opens in the browser. Application Access proxies internal web apps directly. RDP and VNC support are coming soon.
  4. Audit — Every session and application request is logged to WORM storage (user, target, timestamps, policy decisions).

Architecture

Browser (xterm.js)
    |  WebSocket + HTTPS
Go API (chi, OIDC, RBAC, audit)
    |  gRPC mTLS
Rust Proxy (russh, SSH sessions)
    |-- Entra ID    (OIDC authentication)
    |-- PostgreSQL  (RBAC, targets, WORM audit)
    |
    v
SSH / RDP targets + internal web apps (ZTNA)

Comparison

RedFox Guacamole Teleport Azure Bastion
Self-hosted Yes Yes Yes No
Entra ID native Yes No Partial Yes
Session recording Yes No Yes No
Application Access (ZTNA) Yes (Enterprise) No Yes No
WORM audit Yes No Partial No

Quick start

  1. Install the CodeRaft Dashboard
    Linux / macOS
    $ curl -fsSL https://install.coderaft.io | bash
    Windows (PowerShell)
    $ irm https://install.coderaft.io/win | iex
  2. Start
    Start
    $ cd coderaft && ./start.sh
  3. Setup Wizard — Open http://localhost:3000, register an App in Entra ID for OIDC (Entra ID setup guide)
  4. Add targets — Define SSH hosts, assign roles, invite operators
Installation guide Entra ID configuration