Cloudflare has announced the launch of the OpenPubkey SSH (OPKSSH) project as open-source, following its development by BastionZero since the beginning of 2024 and Cloudflare’s subsequent acquisition of BastionZero’s business.
OPKSSH is software that enables users to log in to Secure Shell using the login of any system that supports the OpenID Connect standard. It is developed based on the concept of OpenPubkey, which incorporates OpenID Connect for document certification.
The use of OPKSSH allows organizations to grant employees access to servers without having to exchange long-term keys. Instead, employees must log in with OIDC and receive keys with limited lifetimes. The server side verifies the correctness of the key by checking against the OIDC server’s certification key, allowing organizations to define detailed policies. Employees cannot access the server immediately after their accounts are closed, ensuring security through login policies. Employees also save time by not having to sync keys back and forth when switching devices, as they can access from any device instantly after logging in with OIDC.
The OPKSSH project is open source under the Apache 2.0 license, allowing for extensive freedom of use. In the future, we can expect to see a much wider adoption of this technology.
Source: Cloudflare
TLDR: Cloudflare introduces the OPKSSH project, an open-source software enabling Secure Shell login using any system’s login supporting OpenID Connect, enhancing security and accessibility for organizations.
Leave a Comment