Zero Trust SSH, Secured by BastionZero

BastionZero is the most advanced access tool for organizations that use Secure Shell (SSH). We eliminate SSH key management, support least privilege access and enable you to meet SOC 2 and ISO 27001 requirements.

Secure SSH in 3 Minutes

BastionZero uses the existing SSH config file to identify and secure hosts. Here’s how:

Users simply launch the 4-step Quickstart process from the ZLI to log into BastionZero, select the hosts they want to secure and install and register the BastionZero agent on the chosen SSH target(s).

Why Teams Use BastionZero Alongside SSH

Eliminate SSH Key Management and Distribution

BastionZero eliminates the hassle of provisioning, decommissioning and rotating passwords and SSH keys.

Grant Just in Time Access

BastionZero works with existing identity providers (IdPs) and workflows and allows admins to set least privilege policies that grant single-time use keys and just in time access.

Preserve Your SSH User Experience

Users simply download the BastionZero desktop app or command line interface, log in and use SSH as they do today — with the added benefit of a zero trust security architecture.  

Comply With SOC 2 and ISO 27001

BastionZero provides necessary controls and visibility to meet SOC 2 and ISO 27001 requirements, including session recordings and searchable access and command logs.

It’s No Secret: Managing SSH Keys Is a Pain

Enterprises have thousands of SSH targets. Administrators must constantly track, rotate and validate the keys that grant access to those targets, which is difficult in the best of circumstances and nearly impossible when employees leave or are reorganized. On top of this, administrators often can’t see who’s logged into what target and what commands they’re executing. This makes audits next to impossible and hinders triage in the event of a breach.

On top of this, administrators often can’t see who’s logged into what target and what commands they’re executing. This makes audits next to impossible and hinders triage in the event of a breach.

BastionZero Improves:

Management

  • Eliminate SSH key management and distribution

  • Enforce single-time use keys, least privilege principles and just in time access

  • Provide immediate revocation

Visibility 

  • Get username-based visibility and control via BastionZero policies

  • Automatically validate users and accounts

  • Get real-time visibility and audit logs for user activity across all infrastructure

Security

  • Authenticate users and systems using two independent roots of trust

  • Grant access to targets, not networks, to prevent lateral movement

  • Remove public facing machines and open ports