

Single Sign-On SSH
Users type ssh [host-name]
and are sent through your identity provider before connecting to the host.
As a managed offering or running on-premise, Smallstep SSH removes the need to gather, ship, and rotate SSH public keys for all your users and hosts. We make it easy for you to use SSH certificates instead. Users sign in to your identity provider via OAuth and are issued an SSH certificate for the day. It's stored in memory, and they use it to SSH to your hosts as usual—no more user keys scattered across your infrastructure. Instead, you manage SSH and sudo access in our admin panel. And when users are removed from your identity provider, all server access is revoked immediately.
Users type ssh [host-name]
and are sent through your identity provider before connecting to the host.
Users type ssh [host-name]
and are sent through your identity provider before connecting to the host.
Identity provider user groups are automatically synchronized and used for SSH access control and compliance reporting.
Map host access to users and groups from your identity provider. Revoking a user at the identity provider removes their SSH access immediately.
Map host access to users and groups from your identity provider. Revoking a user at the identity provider removes their SSH access immediately.
No more adding and removing POSIX users or synchronizing and auditing static public key files across your fleet of hosts.
Reporting and logging of user sessions, access to hosts, and privilege escalations simplify compliance audits.
Reporting and logging of user sessions, access to hosts, and privilege escalations simplify compliance audits.
Smallstep SSH is exactly what we needed. It's as easy as adding or removing someone in an Okta Group.