The Monkeysphere enables you to use the OpenPGP web of trust to verify ssh connections. SSH key-based authentication is tried-and-true, but it lacks a true public key infrastructure for key certification, revocation, and expiration. Monkeysphere is a framework that uses the OpenPGP web of trust for these PKI functions. It can be used in both directions: for users to get validated host keys, and for hosts to authenticate users.
The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
The Shrew Soft VPN Client for Unix is a free IPsec Client for FreeBSD, NetBSD, and Linux based operating systems. It can be used to communicate with systems running ipsec-tools. The Unix client utilizes the IPsec kernel support included with the operating system, and comes with the complete Internet Key Exchange daemon and client front end application source code. A Windows version is also available.
gnoMint is a tool for easily creating and managing certification authorities. It provides fancy visualization of all the pieces of information that pertain to a CA, such as x509 certificates, CSRs, and CRLs. gnoMint is currently capable of managing a CA that emits certificates that are able to authenticate people or machines in VPNs (IPSec or other protocols), secure HTTP communications with SSL/TLS, authenticate and cipher HTTP communications through Web-client certificates, and sign or crypt email messages.
OpenVPN Auth Passwd is a plugin that authenticates OpenVPN users using the local passwd or shadow files, using a privilege separation model. The authentication method must be defined in the Makefile prior to the compilation of the plugin. On shadowed systems it uses the functions provided in the shadow suite and, on other systems, the getpwnam(3) function to verify the username/password.
Trustix™ Enterprise Firewall is a WYSIWYG firewall for iptables. It provides drag and drop security policy deployment and allows you to visualise DMZs, integrate branch offices with 3DES encrypted VPN tunnels, accelerate Internet access times with proxy caching server, and authenticate remote workers with PKI X.509 certificates. The unique GUI also allows you to manage traffic for all your zones (up to 24) as well as port forwarding and network address translation (NAT).
cryptmount is a utility for creating and managing secure filing systems on GNU/Linux systems. After initial setup, it allows any user to mount or unmount filesystems on demand, solely by providing the decryption password, with any system devices needed to access the filing system being configured automatically. A wide variety of encryption schemes (provided by the kernel dm-crypt system and the libgcrypt library) can be used to protect both the filesystem and the access key. The protected filing systems can reside in either ordinary files or disk partitions. The package also supports encrypted swap partitions, and automatic configuration on system boot-up.
Pam_p11 is a pluggable authentication module (PAM) package for using cryptographic tokens such as smart cards and USB crypto tokens for authentication. Pam_p11 is very simple, as it has no config file, no options other than the PKCS#11 module file, and does not know about certificate chains, certificate authorities, revocation lists, or OCSP. There is one module that uses the $HOME/.eid/authorized_certificates file (like the old pam_opensc did) and one module that uses the $HOME/.ssh/authorized_keys file (like ssh does).
PAM_pkcs#11 is a Linux-PAM login module that allows a X.509 certificate based user login. The certificate and its dedicated private key are thereby accessed by means of an appropriate PKCS #11 module. For the verification of the users' certificates, locally stored CA certificates as well as either online or locally accessible CRLs are used. A very flexible, stackable, and configurable Certificate-To-Login mapping scheme is provided to deduce/verify the username to log in.
Rsyncrypto allows you to encrypt a file or a directory structure such that they can later be synchronized to another machine using rsync. This means that local changes to the plain text file result in local changes to the cipher text file. rsyncrypto compresses the plain text file prior to encrypting it with gzip using the "rsyncable" patch, which is available from the rsync sources.