A lot of people know they should be using SSH, especially as their organization grows. But rotating SSH public keys is a pain. You have to hunt down every machine with your old ssh private key and correctly swap it out for the new one. It's clunky, prone to error, and frankly, insecure. But there's a better way to SSH - with certificates.
Welcome to Smallstep. With Smallstep you use SSH certificates, negating the need to gather, ship, and rotate SSH public keys. When a user needs to SSH, they can OAuth and be issued an SSH certificate for a specific amount of time, allowing them to SSH like normal into hosts.
But, what if rather than mapping hosts to users from your identity provider you want users to be able to just request access on-demand?
This is where the new Smallstep + Indent integration comes in!
By adding Indent’s on-demand access control to Smallstep, approvers can review requests and initiate the certificate generation process right from Slack. Users are able to get access by entering
/access in Slack and are kept in the loop about the status of their request. When their access expires, it’s super simple to request another certificate. They can just click the “renew access” button in the expired access Slack notification.
With Smallstep and Indent you can:
Want to check out the workflow? Try it below:
To get started, you’ll need Smallstep and Indent accounts.
Then follow these steps:
Want to get started? Talk to to our team and we're happy to help!