Sshifu – SSH Login with SSO. Alternative to Teleport and Smallstep

Name: Sshifu – SSH Login with SSO. Alternative to Teleport and Smallstep
Availability: InStock
Author: azophy_2

by azophy_2·Mar 30, 2026·3 points·0 comments

Visit Project View on HN

AI Analysis

●MidShip It

Yet another SSH SSO tool competing with Teleport and Smallstep without clear differentiation.

Strengths

•npx-based installation means zero setup friction for trying it out.
•Three-component architecture (CLI, server, trust) keeps concerns cleanly separated.

Weaknesses

•Author admits it's 99% vibe-coded—concerning for security-critical infrastructure.
•No audit logging or compliance features that enterprise teams actually need.

Post Description

Almost every engineer knows SSH.

And almost every team I’ve worked with manages access by:

* copying public keys into servers * forgetting to remove them later * sharing access in ways that are… not ideal

It works fine until you have:

* dozens of servers * multiple engineers * short-term access needs * or any real security requirement

I looked into tools like Teleport and Smallstep, but they felt too heavy for what I needed (infra, setup, learning curve).

So I built sshifu.

The idea is simple:

* you run a small server that handles authentication (e.g. GitHub org) * it issues short-lived SSH certificates * users just run a CLI and get access automatically

No more manually managing authorized_keys across machines.

*Quick disclaimer:* this is very much a “vibe-coded” project (probably 99%). I built it to scratch my own itch, so it’s still early and rough around the edges.

That said, it works well for my use case so far.

Would love feedback, especially:

* what’s missing for real-world usage? * what would stop you from using this?