Open-sourcing OpenPubkey SSH (OPKSSH): integrating single sign-on with SSH
blog.cloudflare.com
OPKSSH (OpenPubkey SSH) is now open-sourced as part of the OpenPubkey project. This enables users and organizations to configure SSH to work with single sign-on technologies like OpenID Connect, removing the need to manually manage & configure SSH keys without adding a trusted party other than your IdP.

My first exposure to this and supposedly just a two line change to the SSH server configuration.

Anyone set this up on their own servers yet? Just for kicks?

  • Xanza@lemm.eeEnglish
    271·
    6 days ago

    I don’t understand the obsession in integrating everything with OID services, like Google. People already complain all the time about Google watch-dogging them and then integrate every single service imaginable with their Google account. Shit is just weird to me.

    • semi [he/him]@lemmy.mlEnglish
      251·
      6 days ago

      I think the Google as an identity provider example is misleading. The more common use case will be medium to small companies where several admins/developers need to login to various servers and where manually adding and revoking keys across these servers will be cumbersome.

      As the other commenter said, in those cases, the organization would also deploy its own IDP.

    • jonathan@lemmy.zipEnglish
      131·
      6 days ago

      Orgs commonly need idp, fuck managing ssh key auth for hundreds of engineers.

      This isn’t aimed at individuals or self-hosters, though you can if you find it interesting enough.

      • corsicanguppy@lemmy.caEnglish
        1·
        5 days ago

        fuck managing ssh key auth for hundreds of engineers.

        You can pull the ssh key out of LDAP/AD. We did this 10 years ago. Really slick.

        Now with modern config management (sit down, Ansible, you millennial junk) the keys update anyway in about a second.