Today we’re announcing OpenPubkey's first complete use case available to the public: OpenPubkey SSH (OPK SSH). It will change the way you think about SSH keys in that you won’t have to think about them… ever. Read on to learn more about how you can use OpenPubkey SSH for free! Or jump ahead to our complete, no-nonsense documentation for setting up OpenPubkey SSH.
What is OpenPubkey?
OpenPubkey is an open source, collaborative effort between the Linux Foundation, BastionZero and Docker. Building on the functionality of OpenID Connect (OIDC), OpenPubkey adds a temporary public key to your ID token. This key lets you sign messages attested to by trusted entities like Google and Microsoft, meaning they’re verifiable from anywhere.
With vanilla OIDC, anyone with your ID token can impersonate you. OpenPubkey will not only send out your public token, but a message signed using a secret that never leaves your machine. This keeps your identity yours and your secrets secret.
SSH Key Management is a Hassle
SSH is everywhere, which means you have to worry about SSH keys getting lost, stolen, shared, rotated or forgotten. There are entire swaths of the internet dedicated to SSH hacking. Test environments accessible via SSH get cryptojacked and proxyjacked all the time. Even Github exposed its SSH private key in a public repository last year. Managing SSH keys is a hassle that is bound to lead to security risks.
So, what can we do? How can we do better? And is it free? Yes, yes and yes.
Introducing OpenPubkey SSH
OpenPubkey SSH (OPK SSH) allows you to log in with your regular email account or Single Sign-On (SSO) and SSH to a server with a quick, one-time setup. No more assessing SSH key risk on the fly. No more cursing after poor key naming conventions. No keys.
Managing user access is a breeze. Easily add and remove access without any user coordination. No more complicated instructions for generating and sharing keys or hoping that someone remembered to remove an employee’s access when they leave. Everything is SSO.
All you need are two simple commands and less than 5 minutes to get everything set up.
Try OpenPubkey for Zero Trust SSH
To get a better understanding of OpenPubkey SSH and see it in action, check out this webinar with me and Ivan Pedrazas from Docker! We will introduce OpenPubkey SSH and provide a demonstration of its setup and usage.
For those keen on diving deeper into the technical aspects and future developments of OpenPubkey, our community is open to you. Join us by watching or starring OpenPubkey on GitHub and contribute to the ongoing discussions shaping the future of our protocol.
And if you’re ready to try our free open source implementation of OpenPubkey SSH to SSH without SSH keys, then see the comprehensive guide in our documentation.
See BastionZero in Action
BastionZero connects teams to resources and requires no additional infrastructure to deploy or manage. It is the first—and only—cloud-native solution for trustless access providing multi-root authentication while maintaining zero entitlements to your systems.
With BastionZero, you can reclaim your architecture from over-privileged third parties and ensure that the right people have access to the right resources at just the right time—every time.
Schedule a demo now to see how you can trust less and access more with BastionZero.
