Open-sourcing OpenPubkey SSH (OPKSSH): integrating single sign-on with SSH
blog.cloudflare.com
OPKSSH (OpenPubkey SSH) is now open-sourced as part of the OpenPubkey project. This enables users and organizations to configure SSH to work with single sign-on technologies like OpenID Connect, removing the need to manually manage & configure SSH keys without adding a trusted party other than your IdP.

My first exposure to this and supposedly just a two line change to the SSH server configuration.

Anyone set this up on their own servers yet? Just for kicks?

  • Xanza@lemm.eeEnglish
    1·
    3 days ago

    So does requiring all users to phone you ahead of time to get a temporary password that’s only alive for 20 minutes… But that’s also not done because it’s…stupid.

    There are dozens of tools and methods (like jumpboxes) which facilitate the authorization and usage of currently available and time tested tools for usage with environments without reinventing the wheel. Stepping away from the unix philosophy is heresy of the highest degree.

    It’s not a problem with the tool, only the plumber.

    • surewhynotlem@lemmy.worldEnglish
      2·
      3 days ago

      Stepping away from the unix philosophy

      SSH already allows auth with username and password against a local file. This just moves the file.