SSH Authenticator

IDEE's SSH Authenticator is a strong, multi factor authentication solution for secure access to your servers. Simply install the IDEE PAM module on your Linux servers and authenticate using the SSH Authenticator app we have created. No passwords, no 2FA codes and no tokens that can be centrally hacked, phished or compromised.

SSH Authenticator App
+ PAM Module

Our secure Authenticator app was built from the ground up with security by design, privacy by design and convenience in mind. It was made by developers for developers. Our custom PAM module is built following the NIST standards and is available as a separate download.

Biometric &
Key-based Authentication

A hardware generated key is stored inside smartphone's HSM chip such that it cannot be extracted. Only you can access it by unlocking your smartphone with your preferred unlock method including biometrics (fingerprint, faceID, etc.).

Key Features & Benefits

All the secure SSH authentication tips & tricks in one app.

Using key-based authentication, no passwords and two factor authentication, has undoubtedly become the de-facto standard today to secure and harden your servers when remotely accessing them via SSH. However, current 2FA authentication solutions are based on shared knowledge and require users to type in six-digit TOTP codes on every authentication or even with every transaction made with the servers.

No Two Factor Codes

Multi Factor authentication without having to enter 6-digit codes.

Access your servers as usual via SSH command in the terminal and approve the login on your smartphone. Your device lock (e.g. Fingerprint, FaceID) acts as your second factor. No time-based codes that expire, no manual entry.

Strong Authentication

Using the SSH Authenticator enables strong authentication by default.

When using the SSH Authenticator, every transaction such as authenticating to the server or authorizing file changes, multiple factors are used (e.g. biometric and possession of the smartphone).

Account Takeover Prevention

Say goodbye to phishing and weak, knowledge-based factors.

With the SSH Authenticator and the PAM module by IDEE, it is impossible to hijack a user account without physical access to the smartphone and the strong factor used to protect access to the device (e.g. Fingerprint, FaceID). There are no credentials or shared knowledge stored on servers or known to the user that attackers can obtain or phish.

Insider Threat Prevention

Coming Soon

Even administrators can't know your login credentials.

IDEE's SSH Authenticator operates using fully decentralized credentials, stored inside the secure element of your smartphone. Administrators don't know your credentials and the credentials cannot be leaked.

Remote Intruder Logout

Spot and end any unwanted or forgotten session directly in the app.

Forgot to log out or spotted a suspicious session to your servers? End any active sessions directly in the app. The session will be terminated immediately.

Defense
In-Depth

Get verifiable assurance with every authentication.

Unlike other authenticators, SSH Authenticator by IDEE provides a verifiable assurance of the user that authenticates to the server in the authentication response. This way you can rely on the integrity, non-repudiation and provenance of the authentication.

Multi-Device Support

Automatic synchronisation to multiple devices for all connections.

Use multiple devices as authenticators without having to manually add every server on every authenticator. When you add a new device, all existing connections are activated on your new device, as well. No re-enrolling, no QR codes or manual key entry required.

Decentralized Backups

Optional

Easily recover access to all your servers in case a device is lost or stolen.

Typically, if you lose your Authenticator Device you’re screwed. Our back-up features with decentralized keys and backup codes ensure that you can independently restore your access to new devices . No helpdesk or administrator involvement required.

Simplified
User Experience

A user experience that is super seamless, flexible and just overall awesome.

We build the complete process with users in mind. Users get a simple one click authentication experience while maintaining the strongest level of security. A great user experience and exceptional security can go hand in hand, after all.

Multi-Party Authorization

Require multiple users to authorize e.g. to make changes to files.

Coming Soon

IoT Device
Management

Securely authenticate to embedded systems such as Armbian or Raspbian.

Coming Soon

Reporting & Compliance

Our zero knowledge solution does not store any PII about users, however we can provide access log details that when combined in your identity or user management will allow you to create an audit trail of past actions. Coming soon the audit trail will make use of our existing blockchain infrastructure to become immutable.

Secure SSH connections to your Ubuntu servers with
our SSH Authenticator app
and PAM module.