Extend SSO & device identity to SSH
Embrace short-lived certificates for better security, less hassle, and real cost savings. Smallstep SSH is the flexible, modern approach to secure remote access in cloud, on-prem, or hybrid environments. Give your developers the frictionless experience they deserve while giving your business the peace of mind it demands.

Bridge the gap between your IdPs and your servers
Automate SSH key management
Replace long-lived SSH keys with ephemeral certificates that regenerate each day. Static SSH keys often linger in servers and laptops for months or years, creating a ticking time bomb for unauthorized access. They’re easy to lose track of, hard to rotate, and seldom rekeyed.
Add MFA with your IdP
Connect to popular IdPs like Okta, Google Workspace, or Microsoft Entra ID with just a few clicks, and map existing identity provider groups directly to server roles. Assign granular access based on familiar group structures and user roles, no separate password or SSH key needed. Add or remove a user in your IdP, and that change propagates to all SSH access instantly.
Short-lived certificates for strong security
(Try saying that 10x fast.) Smallstep SSH replaces static keys with ephemeral certificates that renew daily to lower risk exposure. Think of it like a backstage pass that automatically expires every day. Each certificate is valid for hours, not months, preventing unintentional long-term access. Certificates also automatically rotate without manual intervention or downtime.
Break-glass emergency and offline access
Worried about losing SSH access if your SSO provider is offline? Smallstep SSH supports hardware-backed offline certificates. In an emergency, create a short-lived backup certificate stored on a secure device. This ensures you always have a fallback plan for critical infrastructure—even during an identity provider outage.
Smallstep SSH is exactly what we needed, significantly reducing the work required to manage SSH keys
Joe Doss, Director of Engineering Ops • Kenna Security by CISCO
Centralize your SSH auditing
Get a single source of truth for SSH connections across your fleet. Track all SSH activities and sessions from a single dashboard for compliance and troubleshooting. From one dashboard, use simple rules to let developers connect only to which servers they need, exactly when they need it. View active sessions, manage user groups, and generate usage reports to keep stakeholders informed.
Lower operational overhead
No one likes toil. Reduce the time spent adding, removing, and rotating static keys. By removing manual key handling, you can reclaim engineering hours and limit downtime. New employees can be up and running in minutes, without specialized key setup required.
Learn more about the platform
The Smallstep platform helps mitigate numerous cybersecurity threats – from phishing to advanced hardware attacks – without impacting end-user workflows.
Enforce device identity everywhere
Whether you’re working towards a compliance standard, closing gaps in policy enforcement, or preventing nation-state attacks, our team is here to show you how Smallstep can help.