Open-sourcing OpenPubkey SSH (OPKSSH): integrating single sign-on with SSH
blog.cloudflare.com
OPKSSH (OpenPubkey SSH) is now open-sourced as part of the OpenPubkey project. This enables users and organizations to configure SSH to work with single sign-on technologies like OpenID Connect, removing the need to manually manage & configure SSH keys without adding a trusted party other than your IdP.

My first exposure to this and supposedly just a two line change to the SSH server configuration.

Anyone set this up on their own servers yet? Just for kicks?

  • Xanza@lemm.eeEnglish
    24·
    22 days ago

    I don’t understand the obsession in integrating everything with OID services, like Google. People already complain all the time about Google watch-dogging them and then integrate every single service imaginable with their Google account. Shit is just weird to me.

    • jonathan@lemmy.zipEnglish
      10·
      22 days ago

      Orgs commonly need idp, fuck managing ssh key auth for hundreds of engineers.

      This isn’t aimed at individuals or self-hosters, though you can if you find it interesting enough.

    • farcaller@fstab.shEnglish
      3·
      22 days ago

      I think the point here is moving away from long-lived ssh keys and using whatever IdP you have (enterprise cloud or local oidc) to provide short-term ssh keys. It generally improves the security posture as it’s similar to ssh with certs but less painful to set up.

    • ladfrombrad 🇬🇧@lemdro.idEnglish
      1·
      22 days ago

      Mine’s having the lazy arse syndrome of using it to sign in to Tailscale and having other friends/family using their SSO from the Big G to simplify them signing into my Tailnet.

      Guilty as charged?