winget install --id openpubkey.opkssh
About OpenPubkey SSH
opkssh is a tool which enables ssh to be used with OpenID Connect allowing SSH access management via identities like alice@example.com instead of long-lived SSH keys. It does not replace ssh, but rather generates ssh public keys that contain PK Tokens and configures sshd to verify the PK Token in the ssh public key. These PK Tokens contain standard OpenID Connect ID Tokens. This protocol builds on the OpenPubkey which adds user public keys to OpenID Connect without breaking compatibility with existing OpenID Provid...
What's new in 0.15.0
π Features - Adds ssh certificate principals arg @EthanHeilman (#533) π Bug Fixes - fix(deps): Update docker/build-push-action action to v7.2.0 @renovate[bot] (#515) - Fix: Ensure openssh can be installed on windows arm @EthanHeilman (#548, #547, #544) - fix(deps): Update goreleaser/goreleaser-action action to v7.2.2 @renovate[bot] (#542) - fix(deps): Update actions/setup-go action to v6.3.0 @renovate[bot] (#483) π§° Maintenance - fix(deps): bump go to v1.25, crypto to v0.53.0 @gastmaier (#528) - Update CLI documentation @github-actions[bot] (#534) - Update go version in hack/build.sh @Kunzol (#531)
Version history
| Version | Updated | Notes |
|---|---|---|
| 0.15.0 | Unknown | π Features - Adds ssh certificate principals arg @EthanHeilman (#533) π Bug Fixes - fix(deps): Update docker/build-push-action action to v7.2.0 @renovate[bot] (#515) - Fix: Ensure openssh can be installed on windows arm... |
| 0.14.0 | Unknown | Adds support for sshing into windows servers. Openssh 10.13 makes a breaking, non-backwards compatible change to how ssh certificates work, this breaks opkssh older than this release. This release creates a fix for this... |
| 0.13.0 | Unknown | Main feature of this release is the ability to specify remote redirect URIs. This helps with integrating opkssh with other tools such as termix. Most users of opkssh should not be using this flag and can skip this update... |
| 0.12.0 | Unknown | Main feature of this release is the audit command, which allows you to check server side configurations. Read the docs here: https://github.com/openpubkey/opkssh/blob/main/docs/audit.md Changes - docs: warn that azure al... |
| 0.11.0 | Unknown | π Features - Add support for custom group claims @mvanderlee (#133) - feat: Flag to print SSH cert and private key rather than FS @EthanHeilman (#437) - feat: Process extra arguments to the verify command @justincmoy (#4... |
| 0.10.0 | Unknown | Changes β’ Merge SELinux Type Enforcement Files. @SweBarre (#332) β’ Feature/provider command @aaron-riact (#307) β’ Fixes typo in linux install script and docs (regression) @SweBarre (#320) π Bug Fixes β’ fix(deps): Update... |
| 0.9.0 | Unknown | Changes - Improve docs command package @gppmad (#303) - docs: Better description of policy being additive @EthanHeilman (#288) - Add description for OPKSSH command-line tool @gppmad (#284) π Features - Create user deny l... |
| 0.8.0 | Unknown | Changes - Add azure config doc @EthanHeilman (#243) - Add test for piping install script to bash @SweBarre (#241) - Unittests for the install script @SweBarre (#204) π Features - Feat: Add 12h expiration policy @bmodotde... |
| 0.7.0 | Unknown | Changes - fix: only make GitHub provider available in GitHub environments @datosh (#210) - Harden gh actions @datosh (#198) - Cleans up TODOs on unneeded logging statement @EthanHeilman (#195) - Adds Chocolatey install t... |
| 0.6.1 | Unknown | Changes - bugfix: use scopes from client config @datosh (#174) - Kanidm integration guide @datosh (#172) |
| 0.6.0 | Unknown | Changes - Corrected Windows config filepath @L-Wehmschulte (#168) - Use shellquote for parsing policy::Table @markafarrell (#158) - Improve integration test runtime @datosh (#150) - Bump golang.org/x/net from 0.36.0 to 0... |
| 0.5.1 | Unknown | What's Changed - Fixing go-releaser by @EthanHeilman in #137 |
| 0.4.0 | Unknown | Changes π Features - feat: Adds oidc:groups claim matcher for token verification @SamMurphyDev (#68) - feat: Rewrites arg parser to use Cobra @EthanHeilman (#67) - feat: Adds support for generic OpenID Connect providers... |
| 0.3.0 | Unknown | No notes |