Citadel SSH
Secure your
SSH access
Power up your PKI security by moving to SSH without passwords. Store every employee's private keys in the secure element of their security keys. You’ve just given your infrastructure a seal, with credentials impossible to steal.
The ultimate protection for your private key
Security keys protect the most sensitive operations in the world—from the largest cloud providers to rocket companies. Attackers steal private keys to advance their operation, but when you store all private keys on a the isolated processor of a security key, credential theft becomes impossible.
SSH authentication and access management
A scalable system
for SSH access
Let users enroll themselves
The 0pass App helps users enroll their YubiKeys for native SSH access. It gives an easy enrollment flow for every employee—whether they’re in HR or engineering.
Tie PKI to corporate identity
When a user enrolls a YubiKey, Citadel installs a signed certificate onto the YubiKey and derives a public SSH key from it. SSH servers will check Citadel for allowed keys.
Manage users and their access
Define the resources that each user or user group is permitted to access, managing server access the same way that you manage application access with your identity provider.
No public keys on servers
The 0pass SSH Plugin only runs when authentication is initiated. It enables the server to communicate directly with Citadel and the YubiKey. No need to deploy and manage public keys.
The passwordless infrastructure
The 0pass App helps users enroll their YubiKeys for native SSH access.
Your questions, answered.
Does this work with OpenSSH?
What happens if a user loses their security key?
Does Citadel provide audit logging capabilities?
How can I configure SSH servers to support Citadel SSH?
How can I configure SSH clients to support Citadel SSH?
Is this deployed via SaaS or self hosted?
How does a YubiKey’s PIN and a password differ?
Can I sudo via SSH with the YubiKey?