Siglatch — Tight, scriptable, and cryptographically enforced access controller for connectionless protocols and remote infrastructure management in hostile network environments.
Siglatch enables fine-grained, per-user, per-action control with strong cryptographic authentication — purpose-built for UDP and similar transport layers where traditional session security is impractical or overkill. Designed for environments where minimalism, determinism, and security are non-negotiable.
It draws inspiration from port knocking, encrypted messaging, and dead drop mechanics to:
- Control access without exposing traditional open ports.
- Authenticate commands securely with layered encryption and HMAC validation.
- Enable flexible operations via scriptable hooks, user action controls, and future menu-driven services.
Designed with security, operational flexibility, and minimal visibility in mind, siglatch provides:
- Temporary and revocable network access.
- Hardened packet validation against replay and tampering.
- Options for stealth deployment (no logs, no responses).
- Room for future expansions (server-to-client replies, larger data payloads, anonymous communication).
One packet to rule them all.
This project prioritizes robustness, usability, and survivability in unpredictable or adversarial network conditions.
Siglatch is designed to securely enable or disable access to sensitive services—without relying on bloated VPNs, heavyweight web stacks, or shell hacks.
Examples include:
- SSH Access Management
Grant or revoke specific IPs the ability to SSH into critical systems.
Still uses SSH keys for authentication—Siglatch simply decides who gets to knock.
Ideal for mobile users, dynamic IPs, and zero-trust environments.
- Web Service Control
Securely toggle access to local dashboards, admin panels, or internal UIs.
Services stay hidden until explicitly enabled, reducing attack surface.
- Dead Drop Communication (live)
Stateless encrypted payload exchange—no sessions, no metadata.
Useful for whistleblowing, anonymous tips, or passive covert delivery.
Siglatch handles this natively with one-way crypto-authenticated packets.
- Interserver Signaling & Command Dispatch
Push secure instructions (e.g.,reload,rotate,notify) between daemons.
Acts as a low-latency, authenticated internal control bus.
Ideal for config sync, health triggers, and lightweight orchestration.
- Log Forwarding & Job Scheduling
Replace fragile syslog chains and scatteredcronjobs with centralized, secure triggers.
Log events and timed actions can be dispatched with encrypted, low-cost Siglatch messages.
- Inline C Plugin Support (coming soon)
Drop in.somodules to handle requests without shelling out or restarting the daemon.
Achieve sub-millisecond response times for logs, access gates, or custom handlers.
In short: everything you want to control surgically and securely—without the babysitting, overhead, or footprint of traditional VPNs, HTTP servers, or orchestration systems.
These guides are being actively updated, check back often for updates!
- 📦 FEATURES — Full feature specification (current and planned).
- 🔐 SECURITY — Security model, mitigations, and threat considerations.
- ⚙️ Installation
- 🛠️ COMPILING — How to build the project from source.
- 🧾 DAEMON_CONFIGURATION — Manual for configuring the server daemon.
- 📥 INSTALLATION —
install.shhelp and setup guide. - 📚 QUICK START — AFTER you've compiled and configured siglatch!
- 🖥️ CLIENT_OPERATIONS — Detailed instructions for client-side use.
- 📦 Modules
- 🌐 IP_AUTH — IP-based authentication module details
- 🧠 AI_DISCLOSURE — A short note on the use of AI within this project.
- 🚧 PLANNED_FEATURES — planned and upcoming features
- 🔒 LICENSE — SOFTWARE LICENSE
- 🧑💻 USE POLICY — USE POLICY
Please read the above documents carefully to understand setup procedures, operational safety, and future plans.
This project is under active development. Expect rapid improvements, especially around:
- Interactive client features.
- Server-to-client encrypted messaging.
- Dynamic system management (emergency sleep/shutdown controls).
- Expanded operational tooling.
- Dead drop communication support for lightweight, potentially anonymous exchanges.
Siglatch is built for operators who need control, security, and minimal exposure.
- 🔒 This project is licensed under the MTL-10 License
- 🧑💻 Free for use by teams with ≤10 users
- 💼 Commercial, resale, or SaaS use requires a license
- 📩 Contact: [email protected]
(Updated: 2025)