opkssh
« Back to VersTracker
Description:
Enables SSH to be used with OpenID Connect
Type: Formula  |  Tracked Since: Dec 28, 2025
Links: Homepage  |  formulae.brew.sh
Category: Security
Tags: ssh oidc authentication security devops
Install: brew install opkssh
About:
Opkssh is a tool that integrates SSH authentication with OpenID Connect (OIDC). It allows users to authenticate to SSH servers using identity tokens issued by an OIDC provider, such as Okta or Azure AD. This approach enables short-lived, certificate-based SSH access managed by standard identity providers, eliminating the need to distribute and manage traditional public keys.
Key Features:
  • Enables OpenID Connect (OIDC) authentication for SSH sessions
  • Issues short-lived certificates instead of static keys for enhanced security
  • Integrates with standard OIDC providers like Okta, Azure AD, and Keycloak
  • Reduces operational overhead of SSH key management and rotation
Use Cases:
  • Implementing passwordless SSH authentication in enterprise environments
  • Granting ephemeral access to infrastructure for contractors or temporary staff
  • Centralizing SSH access control via an existing identity provider
Alternatives:
  • Teleport – Teleport is a comprehensive access platform with a built-in CA and web UI, whereas opkssh is a lightweight tool focused specifically on OIDC integration for OpenSSH.
  • HashiCorp Vault SSH – Vault provides dynamic SSH certificates via its secrets engine, requiring a Vault server; opkssh leverages an external OIDC provider without a dedicated secrets management backend.
Version History
Detected Version Rev Change Commit
Sep 16, 2025 9:10am 0 VERSION_BUMP 18d5fcfb
« Back to VersTracker  |  Browse Packages  |  About