Your IdP, our SSH
Seamless SSH access. Zero key management. Automated from your IdP Groups.
SSH like a professional
Manage SSH and sudo access easily in the cloud or on-premise.
Professionals know you need to SSH - but almost everyone does it wrong. With Smallstep SSH Professional, you use certificates to do SSH right. Remove the need to gather, ship, and rotate SSH public keys for all your users and hosts.
Smallstep delivers end-to-end SSH workflow that marries modern identity providers with short-lived SSH certificates and flexible access control. At the core is step-ca, our open-source certificate authority, and our step CLI toolkit that makes SSO for SSH a simple and elegant experience for users. Available on-premise or as a managed offering.
Single Sign-On SSH
ssh [host-name] and are sent through your identity provider before connecting to the host.
Sync With Your IdP
Identity provider user groups are automatically synchronized and used for SSH access control and compliance reporting.
Map host access to users and groups from your identity provider. Revoking a user at the identity provider removes their SSH access immediately.
SSH User Lifecycle Management
No more adding and removing POSIX users or synchronizing and auditing static public key files across your fleet of hosts.
Reporting and logging of user sessions, access to hosts, and privilege escalations simplify compliance audits.
Smallstep bridges the gap between your identity provider and your servers
Smallstep SSH is exactly what we needed. It's as easy as adding or removing someone in an Okta Group.
Smallstep SSH Features
Keep using SSH like you’re used to
SSO login is seamlessly integrated when required.
Managed by Smallstep or run anywhere, you choose
Your own private SSH certificate authority
Seamless SSH credential management
Ephemeral SSH certificates replace manual deployment of static keys and passwords
POSIX user lifecycle management
Full lifecycle management of user accounts across your fleet of hosts and bastions.
Real-time access control
Central, fine-grained control of host and sudo access.
Effortless security hygiene
Short-lived certificates, generated on-demand, using your identity infrastructure.
Built on time-tested open standards
Our solution is built on top of OpenSSH, PAM, NSS, and our open source CA.
Bastion host support
Bastion hosts are transparently supported. You can SSH directly to any internal hostname.