smallstep_full_white

Your IdP, our SSH

Seamless SSH access. Zero key management. Automated from your IdP Groups.

Try free
sso-ssh-header.svg

SSH like a professional

Manage SSH and sudo access easily in the cloud or on-premise.

Professionals know you need to SSH - but almost everyone does it wrong. With Smallstep SSH Professional, you use certificates to do SSH right. Remove the need to gather, ship, and rotate SSH public keys for all your users and hosts.

Smallstep delivers end-to-end SSH workflow that marries modern identity providers with short-lived SSH certificates and flexible access control. At the core is step-ca, our open-source certificate authority, and our step CLI toolkit that makes SSO for SSH a simple and elegant experience for users. Available on-premise or as a managed offering.

Bolt-logo.png
Kenna-Logo.png
aptvision-logo.png
billpocket-black-2x.png
conversocial-logo.png
primarylogo-rgb-green-black.png
trell-logo-v2.png
1st Screenshot@2x.png

Single Sign-On SSH

Users type ssh [host-name] and are sent through your identity provider before connecting to the host.

2nd Screenshot@2x.png

Sync With Your IdP

Identity provider user groups are automatically synchronized and used for SSH access control and compliance reporting.

3rd Screenshot@2x.png

Access Control

Map host access to users and groups from your identity provider. Revoking a user at the identity provider removes their SSH access immediately.

4th Screenshot@2x.png

SSH User Lifecycle Management

No more adding and removing POSIX users or synchronizing and auditing static public key files across your fleet of hosts.

5th Screenshot@2x.png

Compliance Included

Reporting and logging of user sessions, access to hosts, and privilege escalations simplify compliance audits.

Smallstep bridges the gap between your identity provider and your servers

6th-screenshot-ssh-2x.png

Try free

Get Started

Seamless SSH access. Zero key management.

Build With Open Source

Roll my own

DIY single sign-on for SSH

Smallstep SSH is exactly what we needed. It's as easy as adding or removing someone in an Okta Group.

Kenna_Circle@2x.png

Smallstep SSH Features

Keep_Using_SSH2.svg

Keep using SSH like you’re used to

SSO login is seamlessly integrated when required.

Developer.svg

Managed by Smallstep or run anywhere, you choose

Your own private SSH certificate authority

Keep_Using_SSH2.svg

Seamless SSH credential management

Ephemeral SSH certificates replace manual deployment of static keys and passwords

Do_More.svg

POSIX user lifecycle management

Full lifecycle management of user accounts across your fleet of hosts and bastions.

Centralize_Operations.svg

Real-time access control

Central, fine-grained control of host and sudo access.

more-secure-icon.svg

Effortless security hygiene

Short-lived certificates, generated on-demand, using your identity infrastructure.

Proven_Standards.svg

Built on time-tested open standards

Our solution is built on top of OpenSSH, PAM, NSS, and our open source CA.

Subsciption_Plans2.svg

Bastion host support

Bastion hosts are transparently supported. You can SSH directly to any internal hostname.

Try free

Get Started

Seamless SSH access. Zero key management.

Build With Open Source

Roll my own

DIY single sign-on for SSH