OpenPubkey SSH (OPK SSH) enables SSH access without the use of SSH keys by leveraging OpenPubkey, an open source project created in partnership with BastionZero, Docker, and the Linux Foundation. OPK SSH is free and available for use with remote servers and containers that run Linux.

OpenPubkey introduces a protocol for binding OpenID Connect (OIDC) identities to public keys. OPK SSH builds on top of OpenPubkey's functionality by packaging the bound OIDC identity and public key (called a PK Token) into an SSH certificate. (For full details on how a PK Token is generated and to learn more about OpenPubkey, take a look at the GitHub repository.)

This frees users from the headache of setting up SSH access to hosts, VMs, and containers that requires distributing SSH keys, remembering to revoke and rotate them, or worrying that credentials may inadvertently be exposed or lost.

OPK SSH also innovates on collaborating across individuals and organizations. Because access is tied to the OpenID Connect Provider (OP) and an associated OIDC identity and not a specific organization id, any individual who uses Gmail or G Suite can have access to a remote host.

To get started, follow our guides below: