Elsie Phillips

Paul Burt

@ThatMightBePaul

A lot of people know they should be using SSH, especially as their organization grows. But rotating SSH public keys is a pain. You have to hunt down every machine with your old ssh private key and correctly swap it out for the new one. It's clunky, prone to error, and frankly, insecure. But there's a better way to SSH - with certificates.

Welcome to Smallstep. With Smallstep you use SSH certificates, negating the need to gather, ship, and rotate SSH public keys. When a user needs to SSH, they can OAuth and be issued an SSH certificate for a specific amount of time, allowing them to SSH like normal into hosts.

But, what if rather than mapping hosts to users from your identity provider you want users to be able to just request access on-demand?

This is where the new Smallstep + Indent integration comes in!

By adding Indent’s on-demand access control to Smallstep, approvers can review requests and initiate the certificate generation process right from Slack. Users are able to get access by entering /access in Slack and are kept in the loop about the status of their request. When their access expires, it’s super simple to request another certificate. They can just click the “renew access” button in the expired access Slack notification.

With Smallstep and Indent you can:

• Use SSH certificates instead of public keys without mapping users to hosts in an identity provider
• Manage time-bound SSH access right from Slack and
• Get your on-call team access without the wait with auto approvals

Want to check out the workflow? Try it below:

To get started, you’ll need Smallstep and Indent accounts.

Then follow these steps:

• First, create an Indent space (and choose Slack / email)
• Follow the instructions in the Smallstep + Indent docs for installing the integration
• Start making requests for short-lived and secure SSH access

Want to get started? Talk to to our team and we're happy to help!