Open-sourcing OpenPubkey SSH (OPKSSH): integrating single sign-on with SSH
blog.cloudflare.com
OPKSSH (OpenPubkey SSH) is now open-sourced as part of the OpenPubkey project. This enables users and organizations to configure SSH to work with single sign-on technologies like OpenID Connect, removing the need to manually manage & configure SSH keys without adding a trusted party other than your IdP.

My first exposure to this and supposedly just a two line change to the SSH server configuration.

Anyone set this up on their own servers yet? Just for kicks?

  • farcaller@fstab.shEnglish
    3·
    21 days ago

    I think the point here is moving away from long-lived ssh keys and using whatever IdP you have (enterprise cloud or local oidc) to provide short-term ssh keys. It generally improves the security posture as it’s similar to ssh with certs but less painful to set up.