Name: OpenPubkey SSH
Author: OpenPubkey

OpenPubkey SSH

OpenPubkey · openpubkey.opkssh

A tool which enables SSH to be used with OpenID Connect, allowing SSH access management via identities like alice@example.com instead of long-lived SSH keys.

opkssh is a tool which enables ssh to be used with OpenID Connect allowing SSH access management via identities like alice@example.com instead of long-lived SSH keys. It does not replace ssh, but rather generates ssh public keys that contain PK Tokens and configures sshd to verify the PK Token in the ssh public key. These PK Tokens contain standard OpenID Connect ID Tokens. This protocol builds on the OpenPubkey which adds user public keys to OpenID Connect without breaking compatibility with existing OpenID Provider.

winget install --id openpubkey.opkssh --exact --source winget

Latest 0.14.0

Release Notes

Adds support for sshing into windows servers. Openssh 10.13 makes a breaking, non-backwards compatible change to how ssh certificates work, this breaks opkssh older than this release. This release creates a fix for this breaking change. Changes

feat: update to openpubkey 0.23.0 @ianroberts (#510)
fix(ci): use go run . instead of go run main.go in gha workflow @fdcastel (#506)
[3/3] Add Windows SSH server support @fdcastel (#480)
refactor: unify MockUserLookup into shared test helper package. Closes #439. @fdcastel (#495)
Update CLI documentation @github-actions[bot] (#500)
feat: add --inspect-cert and --verbose flags to login command. Closes #353. @fdcastel (#497)
docs: Add GitHub Actions integration guide. Closes #481 @fdcastel (#492)
test: cover full printed output of opkssh inspect. Closes #356 @fdcastel (#493)
Update CLI documentation @github-actions[bot] (#498)
Add logout command to remove opkssh-generated SSH keys. Closes #317. @fdcastel (#496)
Update CLI documentation @github-actions[bot] (#490)
[2/3] Add permissions command @fdcastel (#479)
bug: ensure provider arg doesn't skip remote-redirect-uri @EthanHeilman (#471)
[1/3] Update GitHub Actions workflows and .gitignore @fdcastel (#478)
docs: Add AWS EC2 setup guide for opkssh @Rishang (#467) 🐛 Bug Fixes
fix(deps): Update docker/build-push-action action to v7 @renovate[bot] (#512)
Fix for openssh 10.13 breaking principals wildcard in SSH certificates @EthanHeilman (#513)
fix(deps): Update zizmorcore/zizmor-action action to v0.5.2 @renovate[bot] (#488)
fix(deps): Update dependency golangci/golangci-lint to v2.11.2 @renovate[bot] (#486)
fix(deps): Update goreleaser/goreleaser-action action to v7 @renovate[bot] (#484)
fix(deps): Update goreleaser/goreleaser-action action to v7 @renovate[bot] (#477)
fix(deps): Update actions/setup-go action to v6.3.0 @renovate[bot] (#482)
fix(deps): Update zizmorcore/zizmor-action action to v0.5.0 @renovate[bot] (#451)
fix(deps): Update Docker @renovate[bot] (#464) 🧰 Maintenance
Improve install script to make linter happy, fix typo @EthanHeilman (#514)

Installer type: `portable`

Architecture	Scope	Download	SHA256
`x64`	—	Download	`BFCFAFDA088258243B49111C58CCAF7EA2041D05A15C481C627F4BEC3F1610F3`

Details

Homepage: https://github.com/openpubkey/opkssh
License: Apache-2.0
Publisher: OpenPubkey
Support: https://github.com/openpubkey/opkssh/issues
Moniker: opkssh

Older versions (12)

0.13.0

Architecture	Scope	Download	SHA256
`x64`	—	Download	`0686E456126BC6B2ED5C1583F28857A6D78E8D6C469AC7B1C20EBCE26A834DD1`

0.12.0

Architecture	Scope	Download	SHA256
`x64`	—	Download	`E2CDF9F10C75923FA904ABF8ACF5EB3C4882AE3D2C63C394637AA8D3217DA3B5`

0.11.0

Architecture	Scope	Download	SHA256
`x64`	—	Download	`33430FCBC16A73FC421171A021ECC188955E965E935445AEBDFE34F674970E9C`

0.10.0

Architecture	Scope	Download	SHA256
`x64`	—	Download	`DEA9BA153365E9151E43A13ABB16BF19A97567AC02E4CEF24CD454ACB0EA9F85`

0.9.0

Architecture	Scope	Download	SHA256
`x64`	—	Download	`59975CCF84961AE04B03022A93257189BA03EF4F950509B38199F8159BAB3CC4`

0.8.0

Architecture	Scope	Download	SHA256
`x64`	—	Download	`175F8B6BB08B6508B118E4EF855A342CBF64B9008B4665A56984FF1F5B32F8F6`

0.7.0

Architecture	Scope	Download	SHA256
`x64`	—	Download	`FA2FBDEB3CB716C8EA9941C0A13E14EA83DE3C49E9CAFB33F83CBC2FCE9E4BD3`

0.6.1

Architecture	Scope	Download	SHA256
`x64`	—	Download	`9FD481FC6682BF56D7723B6672FAB71BB942DFEFDD2E166B1C276F3F7D4767BA`

0.6.0

Architecture	Scope	Download	SHA256
`x64`	—	Download	`A80AEB7679E74363065E07C05D1E765A296D81A1E8D4496161C309466381052F`

0.5.1

Architecture	Scope	Download	SHA256
`x64`	—	Download	`DDD11D8BEB15677C269EBA8101B8CFB19A3CF5F85DB8AFB8C34C0F303C8131E3`

0.4.0

Architecture	Scope	Download	SHA256
`x64`	—	Download	`2CE152F1C5E62201B34D7012D14A67ACE4DB62DE914CE1A9A4DC3D36335B56E0`

0.3.0

Architecture	Scope	Download	SHA256
`x64`	—	Download	`D864576A0007E9CAD914420A94DB51EA74B3473EA22F88317492AFC0B7B4F895`

OpenPubkey SSH

Latest 0.14.0

Installer type: portable

Details

Tags

Older versions (12)

Installer type: `portable`