Open-sourcing OpenPubkey SSH (OPKSSH): integrating single sign-on with SSH
blog.cloudflare.com
OPKSSH (OpenPubkey SSH) is now open-sourced as part of the OpenPubkey project. This enables users and organizations to configure SSH to work with single sign-on technologies like OpenID Connect, removing the need to manually manage & configure SSH keys without adding a trusted party other than your IdP.

My first exposure to this and supposedly just a two line change to the SSH server configuration.

Anyone set this up on their own servers yet? Just for kicks?

  • jonathan@lemmy.zipEnglish
    151·
    6 days ago

    Orgs commonly need idp, fuck managing ssh key auth for hundreds of engineers.

    This isn’t aimed at individuals or self-hosters, though you can if you find it interesting enough.

    • corsicanguppy@lemmy.caEnglish
      1·
      4 days ago

      fuck managing ssh key auth for hundreds of engineers.

      You can pull the ssh key out of LDAP/AD. We did this 10 years ago. Really slick.

      Now with modern config management (sit down, Ansible, you millennial junk) the keys update anyway in about a second.