Single Sign-On SSH

Seamless SSH access. Zero key management.

Smallstep SSH Pricing

Sign up, it's free. No credit card required.

Smallstep SSH is available as a managed SaaS service or an on-premise Run Anywhere subscription. Pricing is by the number of hosts and Smallstep Account tier.

Contact us for information about volume discounts and Run Anywhere minimums.

Smallstep SSH Offerings

Professional

$3.00

Per Host,
per Month

Self-service SaaS

14-days free
Free

Self-service SaaS

  • Use SSH certificates to access hosts

  • Extend single sign-on to SSH access

  • SSH with a Smallstep SSO account

  • Automatic OpenSSH configuration

  • Direct connect and bastion support

$3.00

Per Host,
per Month

Self-service SaaS

  • Built for businesses

  • Access control based upon IDP rules

  • Automatic user accounts on hosts

  • User and system event reporting

  • Private keys secured in cloud KMS

$5.00

Per Host,
per Month

On-Premise or Cloud

  • Run Smallstep SSH in your infrastructure

  • Deployed in your cloud of choice

  • Custom configurations & personalized support

  • SaaS-like pricing with on-premise control

SSH Professional SaaS registered hosts metered at $0.0041 per hour.
Compare Features

Smallstep Account

Free

$0.00

  • Good for dev, personal & homelab projects
  • One administrator
  • Login with Google
  • Discord Community Support

Team

$249 Per Month

  • Good for small teams or standard deploys
  • Three administrators
  • Single sign-on to dashboard
  • Smallstep Support via Ticket

Business

$999 Per Month

  • Good for larger teams or unique deploys
  • Team plus:
  • Unlimited administrators
  • SIEM / webhook integrations
  • Access to Smallstep Experts (1:1 zoom via calendly link)
  • Open source step-ca and cli support
  • Smallstep Support via Ticket, Slack, or email

Custom

  • Good for custom deployments
  • Business Plus:
  • Custom recommendations, deploys and pricing
  • Architecture reviews
  • Implementation services
  • Enterprise Smallstep Support

The security benefits and time savings made it easy to justify the investment.

Compare Features

Professional

$3.00

Per Host,
per Month

14-days free
Single sign-on SSH A
Tooltip text with a link
Y
Self-service SaaS offering A
Y
On-premise or your cloud A
Highly-available SSH certificate authority (CA) A
Y
Direct connect, bastion, and mixed environment support A
Y
Login with Smallstep Account A
Login with Okta, Azure AD, and G Suite (SSO+MFA) A
Y
Identity provider (IDP) authentication & user group sync A
Y
Satisfy compliance requirements A
Y
Automation
OpenSSH client configuration A
Y
SSHD server configuration A
Y
Enrollment token for easy host bootstrapping A
Y
Infrastructure automation (Ansible, Terraform, Puppet, Chef...) A
Y
User command to display the list of SSH accessible Hosts A
Y
Access Control
Use Smallstep login for access to all hosts A
Enforce access to host based on identity provider user groups A
Y
Immediate deprovisioning of terminated user accounts A
Y
Automatic synchronization of users and groups from IDP A
Y
Host and host tags self-discovery A
Y
Rules engine for user group to host tag permission mapping A
Y
Sudo privileges based on identity provider groups A
Y
User Management
Transparently connect via bastion hosts A
Y
Automatically create home directories on Hosts A
Y
Create, modify, and deactivate user accounts on managed hosts A
Y
Best Practices
Short-lived host certificates with automated renewal A
Y
Root certificate rotation A
Y
Host certificate renewal/rekey A
Y
Private keys in multi-tenant KMS A
Y
Private Keys in dedicated in HSM with attestation A
Reporting
User session reporting A
Y
Session summary metrics (Host, time, etc.) A
Y
Host inventory and tags A
Y
User and group lists A
Y
Logging
Session summary metrics (host, time, etc.) A
Y
Host and bastion additions, updates, and removals A
Y
Host access A
Y
User and user group additions, updates, and removals A
Y
Sudo privileges escalations A
Y
Export logs to webhook / SIEM A
Y
Support
Releases
Current Release
Channels
Ticket
Availability
48-hour Response (Monday - Friday)
Pricing Table Image

$3.00

Per Host,
per Month

$5.00

Per Host,
per Month

Single sign-on SSH
Tooltip text with a link
Y
Y
Y
Self-service SaaS offering
Y
Y
On-premise or your cloud
Y
Highly-available SSH certificate authority (CA)
Y
Y
Y
Direct connect, bastion, and mixed environment support
Y
Y
Y
Login with Smallstep Account
Y
Login with Okta, Azure AD, and G Suite (SSO+MFA)
Y
Y
Identity provider (IDP) authentication & user group sync
Y
Y
Satisfy compliance requirements
Y
Y
Automation
OpenSSH client configuration
Y
Y
Y
SSHD server configuration
Y
Y
Y
Enrollment token for easy host bootstrapping
Y
Y
Y
Infrastructure automation (Ansible, Terraform, Puppet, Chef...)
Y
Y
User command to display the list of SSH accessible Hosts
Y
Y
Access Control
Use Smallstep login for access to all hosts
Y
Enforce access to host based on identity provider user groups
Y
Y
Immediate deprovisioning of terminated user accounts
Y
Y
Automatic synchronization of users and groups from IDP
Y
Y
Host and host tags self-discovery
Y
Y
Rules engine for user group to host tag permission mapping
Y
Y
Sudo privileges based on identity provider groups
Y
Y
User Management
Transparently connect via bastion hosts
Y
Y
Y
Automatically create home directories on Hosts
Y
Y
Y
Create, modify, and deactivate user accounts on managed hosts
Y
Y
Best Practices
Short-lived host certificates with automated renewal
Y
Y
Y
Root certificate rotation
Y
Y
Y
Host certificate renewal/rekey
Y
Y
Y
Private keys in multi-tenant KMS
Y
Y
Private Keys in dedicated in HSM with attestation
Y
Reporting
User session reporting
Y
Y
Y
Session summary metrics (Host, time, etc.)
Y
Y
Y
Host inventory and tags
Y
Y
Y
User and group lists
Y
Y
Logging
Session summary metrics (host, time, etc.)
Y
Y
Y
Host and bastion additions, updates, and removals
Y
Y
Y
Host access
Y
Y
Y
User and user group additions, updates, and removals
Y
Y
Sudo privileges escalations
Y
Y
Export logs to webhook / SIEM
Y
Y
Support
Releases
Current Release
Current Release
N-1 Releases
Channels
Ticket
Ticket
Ticket, Slack
Availability
Best Effort Response
48-hour Response (Monday - Friday)
24-hour Response (Monday - Friday)
14-days free
Open Source or Managed?
Use our open source tools and your existing Identity Provider (IDP) to bring single sign-on (SSO) and multi-factor authentication (MFA) to OpenSSH. Users SSH as normal directly to hosts or via bastion servers after a daily OAuth OIDC login. Read more about getting started with open source.

The Professional Edition is a managed offering that takes the open source and adds automatic access control, end-to-end user lifecycle management, event activity logging and reporting, and GitHub Enterprise integration.
Sign up, it's free
No credit card required.