Single Sign-On SSH

Say Goodbye to SSH Key Management

Smallstep

The Better Way To Manage SSH

We improve SSH by using certificates instead of keys. As a managed SaaS offering, it's lightweight, easy to deploy, and works with popular identity providers. Issue SSH certificates via existing single sign-on workflows to save operational time and improve security. Users keep using SSH like they're used to with a consistent experience across clouds and physical machines. Smallstep SSH is OpenSSH, only better.

The Better Way To Manage SSH

OpenSSH | Elevated

Single Sign-On Workflow for SSH
Single Sign-On Workflow for SSH

Single Sign-On Workflow for SSH

Users type ssh [host-name] and get directed through your existing identity provider single sign-on flow before connecting to the host.

Single Sign-On Workflow for SSH

Users type ssh [host-name] and get directed through your existing identity provider single sign-on flow before connecting to the host.

Single Sign-On Workflow for SSH
Single Sign-On Workflow for SSH
Automatically Synchronized
Automatically Synchronized

Automatically Synchronized

Identity provider user groups are automatically synchronized and used for access control and compliance reporting.

Access Control
Access Control

Access Control

Operators define access control based upon information populated from your identity provider. Revoking or suspending access at the identity provider removes SSH access immediately.

Access Control

Operators define access control based upon information populated from your identity provider. Revoking or suspending access at the identity provider removes SSH access immediately.

Access Control
Access Control
Lifecycle Management
Lifecycle Management

Lifecycle Management

Complete user lifecycle management. No more adding, removing, synchronizing, and auditing static public key files across your fleet of hosts.

Compliance Included
Compliance Included

Compliance Included

Reporting and logging of user sessions, access to hosts, and privilege escalations simplify compliance audits.

Compliance Included

Reporting and logging of user sessions, access to hosts, and privilege escalations simplify compliance audits.

Compliance Included
Compliance Included

Use OpenSSH and your existing single sign-on provider for SSH access to AWS, Azure, Google Cloud, and on-premise environments

lifecycle_management
lifecycle_management
Try it free for 30 days
Say goodbye to your SSH key deploys!
Deploy your private CA
SSH & x509 certificates for production workloads

Smallstep SSH is exactly what we needed. It's as easy as adding or removing someone in an Okta Group.

Smallstep SSH Benefits

Your own managed SSH certificate authority
All operations secured by a private certificate authority operated by the experts at smallstep.
Eliminate SSH credential management
Issue ephemeral SSH certificates to replace manual deployment of user-generated static keys and passwords.
Centralize operations with real-time access control
Extend existing identity management services to deliver SSO and MFA workflows to SSH authentication and authorization.
Do more with end-to-end Automation
Full life cycle management of Mac, Linux, and Windows user accounts across your fleet of Hosts and Bastions.
Improved security hygiene
Replace static SSH keys with short-lived certificates generated on-demand using your canonical identity infrastructure.
Use proven standards
Built to configure OpenSSH, not to replace it, the smallstep solution uses industry-standard Unix components that have proven secure under years of operation.
Keep using SSH like you’re used to
Users continue to SSH to Hosts or Bastions as usual, with SSO login seamlessly integrated when required.
Subscription Plans for everybody
Priced to be less expensive than the cost of manual operations (cheaper than free) and delivered as a self-service SaaS offering with no long-term commitments or pesky sales reps.
Try it free for 30 days
Say goodbye to your SSH key deploys!
Deploy Quickly With Pre-built Integrations