Single Sign-On SSH

Seamless SSH access. Zero key management.

Smallstep SSH Pricing

Sign up, it's free. No credit card required.

Smallstep SSH is available as a managed SaaS service or an on-premise Run Anywhere subscription. Pricing is by the number of hosts and Smallstep Account tier.

Contact us for information about volume discounts and Run Anywhere minimums.

Smallstep SSH Offerings

Professional

Team account or above

+ $3.00 Per Host,
per Month

Self-service SaaS

14-days free
Free

Self-service SaaS

  • Use SSH certificates to access hosts

  • Automatic OpenSSH configuration

  • Direct connect and bastion support

Team account or above

+ $3.00 Per Host,
per Month

Self-service SaaS

  • Built for businesses

  • Single Sign On with your Identity Provider (IDP)

  • Access control based upon IDP rules

  • Automatic user accounts on hosts

  • User and system event reporting

  • Private keys secured in cloud KMS

$5.00

Per Host,
per Month

On-Premise or Cloud

  • Run Smallstep SSH in your infrastructure

  • Deployed in your cloud of choice

  • Custom configurations & personalized support

  • SaaS-like pricing with on-premise control

SSH Professional SaaS registered hosts metered at $0.0041 per hour.
Compare Features

Smallstep Account

Free

$0.00

  • Good for dev, personal & homelab projects
  • One administrator, single user
  • Discord Community Support

Team

$249 Per Month

  • Good for small teams or standard deploys
  • Three administrators
  • Single sign-on to dashboard
  • Smallstep Support via Ticket

Business

$999 Per Month

  • Good for larger teams or unique deploys
  • Team plus:
  • Unlimited administrators
  • SIEM / webhook integrations
  • Access to Smallstep Experts (1:1 zoom via calendly link)
  • Open source step-ca and cli support
  • Smallstep Support via Ticket, Slack, or email

Custom

  • Good for custom deployments
  • Business Plus:
  • Custom recommendations, deploys and pricing
  • Architecture reviews
  • Implementation services
  • Enterprise Smallstep Support

The security benefits and time savings made it easy to justify the investment.

Compare Features

Professional

Team account or above

+ $3.00 Per Host,
per Month

14-days free
Single sign-on SSH A
Y
Self-service SaaS offering A
Y
On-premise or your cloud A
Highly-available SSH certificate authority (CA) A
Y
Direct connect, bastion, and mixed environment support A
Y
Login with Smallstep Account A
Login with Okta, Azure AD, and G Suite (SSO+MFA) A
Y
Identity provider (IDP) authentication & user group sync A
Y
Satisfy compliance requirements A
Y
Automation
OpenSSH client configuration A
Y
SSHD server configuration A
Y
Enrollment token for easy host bootstrapping A
Y
Infrastructure automation (Ansible, Terraform, Puppet, Chef...) A
Y
User command to display the list of SSH accessible Hosts A
Y
Access Control
Use Smallstep login for access to all hosts A
Enforce access to host based on identity provider user groups A
Y
Immediate deprovisioning of terminated user accounts A
Y
Automatic synchronization of users and groups from IDP A
Y
Host and host tags self-discovery A
Y
Rules engine for user group to host tag permission mapping A
Y
Sudo privileges based on identity provider groups A
Y
User Management
Transparently connect via bastion hosts A
Y
Automatically create home directories on Hosts A
Y
Create, modify, and deactivate user accounts on managed hosts A
Y
Best Practices
Short-lived host certificates with automated renewal A
Y
Root certificate rotation A
Y
Host certificate renewal/rekey A
Y
Private keys in multi-tenant KMS A
Y
Private Keys in dedicated in HSM with attestation A
Reporting
User session reporting A
Y
Session summary metrics (Host, time, etc.) A
Y
Host inventory and tags A
Y
User and group lists A
Y
Logging
Session summary metrics (host, time, etc.) A
Y
Host and bastion additions, updates, and removals A
Y
Host access A
Y
User and user group additions, updates, and removals A
Y
Sudo privileges escalations A
Y
Export logs to webhook / SIEM A
Y
Support
Releases
Current Release
Channels
Ticket
Availability
48-hour Response (Monday - Friday)
Pricing Table Image

Team account or above

+ $3.00 Per Host,
per Month

$5.00

Per Host,
per Month

Single sign-on SSH
Y
Y
Y
Self-service SaaS offering
Y
Y
On-premise or your cloud
Y
Highly-available SSH certificate authority (CA)
Y
Y
Y
Direct connect, bastion, and mixed environment support
Y
Y
Y
Login with Smallstep Account
Y
Login with Okta, Azure AD, and G Suite (SSO+MFA)
Y
Y
Identity provider (IDP) authentication & user group sync
Y
Y
Satisfy compliance requirements
Y
Y
Automation
OpenSSH client configuration
Y
Y
Y
SSHD server configuration
Y
Y
Y
Enrollment token for easy host bootstrapping
Y
Y
Y
Infrastructure automation (Ansible, Terraform, Puppet, Chef...)
Y
Y
User command to display the list of SSH accessible Hosts
Y
Y
Access Control
Use Smallstep login for access to all hosts
Y
Enforce access to host based on identity provider user groups
Y
Y
Immediate deprovisioning of terminated user accounts
Y
Y
Automatic synchronization of users and groups from IDP
Y
Y
Host and host tags self-discovery
Y
Y
Rules engine for user group to host tag permission mapping
Y
Y
Sudo privileges based on identity provider groups
Y
Y
User Management
Transparently connect via bastion hosts
Y
Y
Y
Automatically create home directories on Hosts
Y
Y
Y
Create, modify, and deactivate user accounts on managed hosts
Y
Y
Best Practices
Short-lived host certificates with automated renewal
Y
Y
Y
Root certificate rotation
Y
Y
Y
Host certificate renewal/rekey
Y
Y
Y
Private keys in multi-tenant KMS
Y
Y
Private Keys in dedicated in HSM with attestation
Y
Reporting
User session reporting
Y
Y
Y
Session summary metrics (Host, time, etc.)
Y
Y
Y
Host inventory and tags
Y
Y
Y
User and group lists
Y
Y
Logging
Session summary metrics (host, time, etc.)
Y
Y
Y
Host and bastion additions, updates, and removals
Y
Y
Y
Host access
Y
Y
Y
User and user group additions, updates, and removals
Y
Y
Sudo privileges escalations
Y
Y
Export logs to webhook / SIEM
Y
Y
Support
Releases
Current Release
Current Release
N-1 Releases
Channels
Ticket
Ticket
Ticket, Slack
Availability
Best Effort Response
48-hour Response (Monday - Friday)
24-hour Response (Monday - Friday)
14-days free
Open Source or Managed?
Use our open source tools and your existing Identity Provider (IDP) to bring single sign-on (SSO) and multi-factor authentication (MFA) to OpenSSH. Users SSH as normal directly to hosts or via bastion servers after a daily OAuth OIDC login. Read more about getting started with open source.

The Professional Edition is a managed offering that takes the open source and adds automatic access control, end-to-end user lifecycle management, event activity logging and reporting, and GitHub Enterprise integration.
Sign up, it's free
No credit card required.