SSH Professional
Shared Credential might be restricted by most Information Security Policies but they are still necessary for specific use cases in most organizations. Not o...
Wed, 1 Mar, 2023 at 9:54 AM
step-ssh-ctl uses mTLS to talk to Smallstep's API server—which complicates its use behind a proxy server. It authenticates to the server using the host...
Fri, 29 Apr, 2022 at 1:43 PM
This error could indicate that the config did not complete successfully. To troubleshoot this issue you can run step ssh check-host <hostname>. T...
Mon, 29 Aug, 2022 at 11:23 AM
This assumes you are using step ssh while you also need to use a hardware-backed GPG key (such as a Yubikey) to derive an SSH key and are using gpg-agent. ...
Sun, 1 May, 2022 at 10:52 AM
Check that you are using a valid host enrollment token (you can generate or re-generate your token on the Hosts page in your team's dashboard.
Sat, 30 Apr, 2022 at 8:15 AM
On your server add the following line to your /etc/ssh/sshd_config: Port 628 # change me to your new favorite ssh_port
Whenever you SSH to your serve...
Sat, 30 Apr, 2022 at 7:47 PM
For Smallstep SSH clients Depending on your install method, uninstall the step CLI, usually through a package manager uninstall. Delete your step config d...
Tue, 16 Aug, 2022 at 4:23 PM
step-ssh-ctl session runs via PAM. It registers the beginning and end of a login or sudo session with the Smallstep API, and exits. It reads from PAM_USER, ...
Sat, 30 Apr, 2022 at 8:04 PM
See our blog post SSH Emergency Access for instructions on adding offline CAs for emergency access.
Sat, 30 Apr, 2022 at 8:22 PM
If you only want certificate logins (via TrustedUserCAKeys CAs), set the following in sshd_config: AuthorizedKeysFile none
PasswordAuthentication no
Sat, 30 Apr, 2022 at 8:10 PM