Clifton

Clifton is a narrowly focused open-source project maintained by Isambard Scientific that concentrates on streamlining the life-cycle of SSH certificates. Instead of juggling raw key files and manual signing workflows, administrators use the single Clifton utility to generate short-lived host and user certificates, publish them to an internal CA, and rotate them automatically through simple YAML configuration. Typical use cases include cloud DevOps teams that need to grant temporary command-line access to containers, academic HPC facilities that want password-free logins across clusters, and small businesses looking to replace long-lived SSH keys with signed equivalents that expire after hours or days. The tool is invoked from PowerShell or bash, integrates with existing Ansible or Terraform playbooks, and stores certificates locally in the OpenSSH format so every standard client continues to work unchanged. Because the codebase is deliberately compact, security auditors can review it quickly, while the accompanying GitHub documentation explains how to bind the CA to an LDAP directory or issue certificates through an OIDC token. Clifton’s software is available for free on get.nero.com, with downloads delivered through the trusted Windows package manager winget, always installing the latest release and allowing batch installation alongside other applications.