prodnull

prodnull / prmana

Public

OIDC SSH login for Linux with DPoP — replace static SSH keys with IdP-issued tokens, no gateway

authentication dpop linux oidc pam
13
0
100% credibility
Found Apr 15, 2026 at 13 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Rust
AI Summary

prmana is a Linux PAM module that enables direct SSH authentication using short-lived OIDC tokens from identity providers, replacing static keys with DPoP-bound credentials without needing a gateway.

How It Works

1
🔍 Discover secure logins

You hear about a simple way to log into your Linux server using your company's login page instead of remembering passwords or managing keys.

2
🔗 Link your login service

Connect your existing login provider like Google, Microsoft, or Okta so it can issue secure, short-term access codes.

3
📦 Add to your server

Install the helper on your Linux server with a quick command—it sets everything up safely.

4
🚀 Start it up

Launch your secure login system with one click and watch it come alive on your server.

5
📱 Grab your access code

On your computer, open a helper app that gets a fresh access code from your login service.

Log in securely

Just type your usual server command and connect instantly—your logins are now protected without extra hassle.

Sign up to see the full architecture

4 more

Sign Up Free

Star Growth

See how this repo grew from 13 to 13 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is prmana?

prmana replaces static SSH keys with short-lived OIDC tokens for Linux login, using a client agent to fetch tokens from your IdP and a PAM module to validate them directly on the host—no gateways or CAs required. It enforces DPoP token binding to prevent theft, supports device flows for headless auth, and maps identities via SSSD. Written in Rust, it handles Keycloak, Okta, Azure AD, and more for linux ssh oidc and oidc ssh login.

Why is it gaining traction?

It skips proxies like cloudflare oidc ssh setups or full PAM overhauls, delivering direct-to-host auth with DPoP proof-of-possession that reuses oidc github actions aws, oidc github azure, or oidc github enterprise workflows. Hardware support for YubiKey and TPM adds enterprise polish, while policy-driven rules and audit logs fit compliance without oidc github artifactory complexity. Deployment playbooks for Ansible, Chef, and Terraform make rollout painless.

Who should use this?

DevOps teams auditing SSH key sprawl on Ubuntu/RHEL fleets, needing oidc github provider integration for CI/CD deploys. Security engineers enforcing MFA via ACR levels for oidc github jfrog pipelines or github artifactory oidc. Linux admins bridging browser SSO to servers without pr manager overhead.

Verdict

Grab it for proof-of-concept if static keys are your nightmare—docs, tests, and multi-IdP templates shine despite 13 stars and 1.0% credibility score signaling early maturity. Scale cautiously until adoption grows.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.