Versions:
OpenPubkey SSH (opkssh) version 0.13.0 is an identity-centric security utility that bridges the gap between modern OpenID Connect authentication and traditional SSH access control, eliminating the need to distribute and rotate long-lived SSH keys across fleets of servers. By embedding short-lived PK Tokens—standard OpenID Connect ID Tokens—inside ephemeral SSH public keys, the software lets administrators grant or revoke login rights instantly through an organization’s existing identity provider simply by referencing a user’s email address (e.g., alice@example.com). The tool does not replace the OpenSSH daemon; instead, it generates transient certificates that sshd validates at connect time, ensuring that only currently authorized identities can establish sessions while leaving the core SSH workflow unchanged. Typical use cases include cloud-native DevOps teams that provision on-demand shell access during incident response, educational institutions that want students to log in with university single-sign-on credentials, and corporations seeking to meet compliance mandates by tying every privileged session to a traceable corporate identity. Because the protocol extends OpenPubkey—which adds user-generated public keys to OpenID Connect without altering provider behavior—the solution remains compatible with Google, Azure AD, Okta, Keycloak, and other mainstream identity platforms. Twelve incremental releases have refined token caching, audit logging, and group-based access rules since the project’s inception. As an open-source project in the System Administration / Remote Access category, the software is available for free on get.nero.com, with downloads provided via trusted Windows package sources (e.g. winget), always delivering the latest version, and supporting batch installation of multiple applications.
Tags: