Single Sign-On SSH

Seamless SSH access. Zero key management.

Sign up, it's free
Smallstep
Overview
How it works
Pricing
Sign Up

Pricing

Sign up, it's free. No credit card required.

Professional

$3.00

Per Host,
per Month

Self-service SaaS

14-days free
Single User
Sign up today
Free

Self-service SaaS

  • Use SSH certificates to access hosts

  • Extend single sign-on to SSH access

  • SSH with a Smallstep SSO account

  • Automatic OpenSSH configuration

  • Direct connect and bastion support

Professional
14-days free

$3.00

Per Host,
per Month

Self-service SaaS

  • Built for businesses

  • Access control based upon IDP rules

  • Automatic user accounts on hosts

  • User and system event reporting

  • Private keys secured in cloud KMS

RUN ANYWHERE
Contact Us

$5.00

Per Host,
per Month

On-Premise or Cloud

  • Run Smallstep SSH in your infrastructure

  • Deployed in your cloud of choice

  • Custom configurations & personalized support

  • SaaS-like pricing with on-premise control

Contact us for information about volume discounts and Run Anywhere minimums.
SSH Professional SaaS registered hosts metered at $0.0041 per hour.
Your data is safe with Smallstep, learn more.
Compare Features

The security benefits and time savings made it easy to justify the investment.

Compare Features

Professional

$3.00

Per Host,
per Month

14-days free
Single sign-on SSH
Y
Self-service SaaS offering
Y
On-premise or your cloud
Highly-available SSH certificate authority (CA)
Y
Direct connect, bastion, and mixed environment support
Y
Login with Smallstep Account
Login with Okta, Azure AD, and G Suite (SSO+MFA)
Y
Identity provider (IDP) authentication & user group sync
Y
Satisfy compliance requirements
Y
Automation
OpenSSH client configuration
Y
SSHD server configuration
Y
Enrollment token for easy host bootstrapping
Y
Infrastructure automation (Ansible, Terraform, Puppet, Chef...)
Y
User command to display the list of SSH accessible Hosts
Y
Access Control
Use Smallstep login for access to all hosts
Enforce access to host based on identity provider user groups
Y
Immediate deprovisioning of terminated user accounts
Y
Automatic synchronization of users and groups from IDP
Y
Host and host tags self-discovery
Y
Rules engine for user group to host tag permission mapping
Y
Sudo privileges based on identity provider groups
Y
User Management
Transparently connect via bastion hosts
Y
Automatically create home directories on Hosts
Y
Create, modify, and deactivate user accounts on managed hosts
Y
Best Practices
Short-lived host certificates with automated renewal
Y
Root certificate rotation
Y
Host certificate renewal/rekey
Y
Private keys in multi-tenant KMS
Y
Private Keys in dedicated in HSM with attestation
Reporting
User session reporting
Y
Session summary metrics (Host, time, etc.)
Y
Host inventory and tags
Y
User and group lists
Y
Logging
Session summary metrics (host, time, etc.)
Y
Host and bastion additions, updates, and removals
Y
Host access
Y
User and user group additions, updates, and removals
Y
Sudo privileges escalations
Y
Export logs to webhook / SIEM
Y
Support
Releases
Current Release
Channels
Ticket
Availability
48-hour Response (Monday - Friday)
Pricing Table Image
Single User
Free
Sign up today
Professional

$3.00

Per Host,
per Month

14-days free
RUN ANYWHERE

$5.00

Per Host,
per Month

Contact Us
Single sign-on SSH
Y
Y
Y
Self-service SaaS offering
Y
Y
On-premise or your cloud
Y
Highly-available SSH certificate authority (CA)
Y
Y
Y
Direct connect, bastion, and mixed environment support
Y
Y
Y
Login with Smallstep Account
Y
Login with Okta, Azure AD, and G Suite (SSO+MFA)
Y
Y
Identity provider (IDP) authentication & user group sync
Y
Y
Satisfy compliance requirements
Y
Y
Automation
OpenSSH client configuration
Y
Y
Y
SSHD server configuration
Y
Y
Y
Enrollment token for easy host bootstrapping
Y
Y
Y
Infrastructure automation (Ansible, Terraform, Puppet, Chef...)
Y
Y
User command to display the list of SSH accessible Hosts
Y
Y
Access Control
Use Smallstep login for access to all hosts
Y
Enforce access to host based on identity provider user groups
Y
Y
Immediate deprovisioning of terminated user accounts
Y
Y
Automatic synchronization of users and groups from IDP
Y
Y
Host and host tags self-discovery
Y
Y
Rules engine for user group to host tag permission mapping
Y
Y
Sudo privileges based on identity provider groups
Y
Y
User Management
Transparently connect via bastion hosts
Y
Y
Y
Automatically create home directories on Hosts
Y
Y
Y
Create, modify, and deactivate user accounts on managed hosts
Y
Y
Best Practices
Short-lived host certificates with automated renewal
Y
Y
Y
Root certificate rotation
Y
Y
Y
Host certificate renewal/rekey
Y
Y
Y
Private keys in multi-tenant KMS
Y
Y
Private Keys in dedicated in HSM with attestation
Y
Reporting
User session reporting
Y
Y
Y
Session summary metrics (Host, time, etc.)
Y
Y
Y
Host inventory and tags
Y
Y
Y
User and group lists
Y
Y
Logging
Session summary metrics (host, time, etc.)
Y
Y
Y
Host and bastion additions, updates, and removals
Y
Y
Y
Host access
Y
Y
Y
User and user group additions, updates, and removals
Y
Y
Sudo privileges escalations
Y
Y
Export logs to webhook / SIEM
Y
Y
Support
Releases
Current Release
Current Release
N-1 Releases
Channels
Ticket
Ticket
Ticket, Slack
Availability
Best Effort Response
48-hour Response (Monday - Friday)
24-hour Response (Monday - Friday)
14-days free
Open Source or Managed?
Use our open source tools and your existing Identity Provider (IDP) to bring single sign-on (SSO) and multi-factor authentication (MFA) to OpenSSH. Users SSH as normal directly to hosts or via bastion servers after a daily OAuth OIDC login. Read more about getting started with open source.

The Professional Edition is a managed offering that takes the open source and adds automatic access control, end-to-end user lifecycle management, event activity logging and reporting, and GitHub Enterprise integration.
Sign up, it's free
No credit card required.