// the find
jumpserver/jumpserver
JumpServer is an open-source Privileged Access Management (PAM) platform that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints through a web browser.
JumpServer is a self-hosted bastion host / PAM platform for teams that need audited, brokered access to SSH, RDP, Kubernetes, and databases through a browser. It's a direct open-source alternative to CyberArk or Teleport, built on Django with a separate Go connector layer for protocol handling. Aimed at ops/security teams at mid-size companies who need centralized credential management and session recording without the enterprise price tag.
The protocol coverage is genuinely wide — SSH, RDP, VNC, database proxies, Kubernetes exec, and RemoteApp all in one platform, which normally requires multiple tools. The architecture is honest about the split: Python/Django handles the control plane and policy, while Go services (KoKo, Lion) handle the actual protocol proxying where performance matters. Automated account lifecycle is well thought out: password rotation, account discovery, verification, and push are all Ansible-backed and cover a real spread of targets (MySQL, Oracle, Windows AD, AIX). The multi-language README and active issue triage signals this is genuinely maintained and used outside the Chinese market.
Several critical connectors — RDP proxy (Razor), database proxy (Magnus), RemoteApp (Tinker/Panda), VNC (Nec), and facial recognition (Facelive) — are marked private/EE only, meaning the open-source install is meaningfully incomplete for anything beyond SSH. The quickstart pipes a shell script from GitHub directly to bash with no verification, which is a bad default for a security product. The codebase is split across at least 8 separate repos (Lina, Luna, KoKo, Lion, Chen, etc.) making local development setup genuinely painful — there's no monorepo dev compose file visible. GPLv3 is a real licensing constraint for anyone embedding this in a commercial product.