Secure SSH access for teams
Flotte makes SSH access management simple, secure, and transparent. Short-lived certificates, group-based permissions, and full audit logging - all without changing your workflow.
$ flotte login
✓ Authenticated via SSO
$ ssh production-server
✓ Certificate issued (valid for 60s)
✓ Connected to production-server
user@production-server:~$ _
<1 min
Certificate lifetime
Zero
Long-lived keys on machines
100%
SSH connections audited
Instant
On- and offboarding without missing access
Everything you need for secure SSH
Built for teams who care about security without sacrificing developer experience.
Short-Lived Certificates
Certificates expire in under 60 seconds. No more long-lived private keys sitting on user machines creating security risks.
Group-Based Permissions
Intuitive permission system using groups. Assign access to servers and users with flexible, granular control.
Centralized Access Control
Single source of truth for all SSH access. Easily onboard and offboard team members in seconds.
Passwordless Sudo Access
Centrally manage sudo privileges via PAM plugin. No passwords needed on servers, all privileges controlled from one place.
Complete Audit Logging
Every connection is logged. Know exactly who accessed what server and when for full accountability.
Always Know Who Has Access
See current access at a glance and grant it fast to users who need it without losing control.
CLI Integration
Seamless CLI tool with OAuth device flow. Certificates are issued on-demand per connection.
OIDC Authentication
Native support for Keycloak and Microsoft Entra ID out of the box. Easily extendable to other OIDC-compliant providers.
How Flotte works
Get up and running in minutes, not days.
Connect your identity provider
Integrate Flotte with your existing identity provider. Native support for Keycloak and Microsoft Entra ID, with other OIDC providers easily configurable.
Register your servers
Add your servers through the Flotte UI and configure them with the CA public key. Easy — no manual work needed.
Assign permissions with groups
Create groups and assign them to users and servers. Permissions are automatically managed.
SSH like normal
Users authenticate via CLI and SSH as usual. Certificates are issued just-in-time for each connection.
On & offboard team members
Add and remove team members instantly from the Flotte UI. Access is revoked immediately — no key rotation needed, because nobody should wonder who has access to your most valuable infrastructure.
Built with ISO 27001 compliance in mind
Flotte helps address common Annex A access-control evidence needs. By replacing long-lived SSH keys with short-lived certificates and centralized access management, your organization has a clearer path to audit-ready SSH access.
Access Control
Certificate-based authentication with short-lived credentials ensures access is always intentional and authorized. No stale keys, no shared secrets.
Operations Security
Complete audit trail of every SSH connection. Know who accessed which server, when, and with what permissions for full operational visibility.
Cryptography
SSH certificates are signed by your own CA with configurable algorithms. Credentials expire in under 60 seconds, minimizing exposure windows.
Incident Management
Instantly revoke access by removing groups or disabling users. No need to rotate keys across servers during incident response.
Compliance
Built-in audit logging and centralized access management make it straightforward to demonstrate compliance during audits.
System Security
No agent installation on servers. Flotte works with native OpenSSH, reducing your attack surface and simplifying maintenance.
Why certificates over SSH keys?
Traditional SSH key management is one of the most common compliance gaps in ISO 27001 audits. Long-lived keys are hard to track, rarely rotated, and nearly impossible to revoke across an entire fleet. Flotte eliminates this problem entirely: certificates are issued on-demand, expire automatically, and every access event is logged centrally. This shifts SSH access from a manual, error-prone process to an automated, auditable one.
<60s
Max cert lifetime
100%
Connections logged
0
Keys to manage
Instant
Access revocation
Be the first to secure your SSH access with Flotte
Or got questions? Just email us at hello@flotte.sh
We are currently in pre-launch. Join the waitlist to get early access and be notified when Flotte is ready.