Single Sign-On SSH

Seamless SSH access. Zero key management.

Smallstep

The easy way for teams to SSH

Stop gathering and shipping and rotating SSH public keys for all your users and hosts. We make it easy for you to use SSH certificates instead. Users sign in to your identity provider via OAuth and are issued an SSH certificate for the day. It's stored in memory, and they use it to SSH to your hosts as usual. No more user keys scattered across your infrastructure. Instead, you manage SSH and sudo access in our admin panel. And when users are removed from your identity provider, all server access is revoked immediately.

The easy way for teams to SSH

Single Sign-On SSH
Single Sign-On SSH

Single Sign-On SSH

Users type ssh [host-name] and are sent through your identity provider before connecting to the host.

Single Sign-On SSH

Users type ssh [host-name] and are sent through your identity provider before connecting to the host.

Single Sign-On SSH
Single Sign-On SSH
Sync With Your IdP
Sync With Your IdP

Sync With Your IdP

Identity provider user groups are automatically synchronized and used for SSH access control and compliance reporting.

Access Control
Access Control

Access Control

Map host access to users and groups from your identity provider. Revoking a user at the identity provider removes their SSH access immediately.

Access Control

Map host access to users and groups from your identity provider. Revoking a user at the identity provider removes their SSH access immediately.

Access Control
Access Control
SSH User Lifecycle Management
SSH User Lifecycle Management

SSH User Lifecycle Management

No more adding and removing POSIX users or synchronizing and auditing static public key files across your fleet of hosts.

Compliance Included
Compliance Included

Compliance Included

Reporting and logging of user sessions, access to hosts, and privilege escalations simplify compliance audits.

Compliance Included

Reporting and logging of user sessions, access to hosts, and privilege escalations simplify compliance audits.

Compliance Included
Compliance Included

Smallstep bridges the gap between your identity provider and your servers

lifecycle_management
lifecycle_management
Sign Up, It's Free
Seamless SSH access. Zero key management.
Build With Open Source
DIY single sign-on for SSH

Smallstep SSH is exactly what we needed. It's as easy as adding or removing someone in an Okta Group.

Smallstep SSH Features

GitHub Certificate Authority
Use Smallstep SSH certificates with GitHub, to allow push/pull access for your developers. Requires a GitHub Enterprise Cloud account.
Keep using SSH like you’re used to
SSO login is seamlessly integrated when required.
A private, managed SSH certificate authority
Operated by the experts at smallstep.
Seamless SSH credential management
Ephemeral SSH certificates replace manual deployment of static keys and passwords
POSIX user lifecycle management
Full lifecycle management of user accounts across your fleet of hosts and bastions.
Real-time access control
Central, fine-grained control of host and sudo access.
Effortless security hygiene
Short-lived certificates, generated on-demand, using your identity infrastructure.
Built on time-tested open standards
Our solution is built on top of OpenSSH, PAM, NSS, and our open source CA.
Bastion host support
Bastion hosts are transparently supported. You can SSH directly to any internal hostname.
Sign Up, It's Free
Seamless SSH access. Zero key management.