How It Works
Controlled SSH access without shared keys or guesswork
GrantSSH gives teams a clear, auditable way to control SSH access. You define who can access which servers and accounts, for how long, and the agent keeps each server's authorized keys in sync.
Access is defined as permissions
Permissions tie a team member to a specific server account and schedule.
Enforcement happens on your servers
The open-source agent updates authorized keys locally based on current permissions.
SSH activity is visible
Logins, disconnects, sudo use, and failed login summaries are collected from your servers.
The simple flow
GrantSSH is intentionally focused on SSH access management. It does not replace SSH or change your login workflow. It keeps access clean, time-bound, and auditable.
Add a server and install the agent
Create a server in the dashboard, then install the open-source agent using a claim code or team enrolment token.
Approve the server and define accounts
A manager approves the server once the agent checks in, then defines the OS-level server accounts GrantSSH should manage.
Define permissions
Permissions connect team members or member groups to server accounts and schedules.
Access is enforced locally
When a permission is active, the key is present. When it becomes inactive, the agent removes it on the next poll.
SSH activity is recorded
The agent reports logins, disconnects, sudo use, and failed login summaries to the team activity log.
Predictable enforcement
Changes are applied on the agent polling interval. Access is as fresh as the poll schedule.
No SSH proxying
Users connect with their normal SSH clients. GrantSSH does not sit in the middle.
Open-source agent
The server-side agent is inspectable and runs inside your infrastructure.
Core concepts GrantSSH uses
These definitions keep access conversations precise and unambiguous.
Team
The team account that owns members, servers, permissions, and SSH activity events.
Team member
A human with a GrantSSH account who uploads their own SSH public keys.
Server
A machine with the GrantSSH agent installed to manage access locally.
Server account
An OS-level user on a server, such as deploy or ubuntu.
Permission
The access rule that ties a team member to a server account and schedule.
Group
A named set of team members. Permissions can target a group so you grant access to several people at once.
Activity event
An SSH-related event reported by the agent, such as a login, disconnect, sudo command, or failed login summary.
How access is granted and enforced
Access is explicit, time-bound, and enforced by key presence in authorized keys.
Request and approval
Members can request access. Managers and owners can approve, reject, or adjust details before a permission is created.
Schedule types
- Permanent access
- Date range access
- Time-of-day and day-of-week windows
Enforced by key presence
When a permission is active, the agent ensures the user's public key is in the
target server account authorized_keys.
When inactive, it is removed on the next poll.
Schedule-driven removal
Access ends when a permission becomes inactive. The agent removes keys on its polling interval — typically within 30 to 120 seconds.
SSH key handling, clearly scoped
GrantSSH manages public keys only. It never asks for or stores private keys.
Public keys only
- Team members upload their own public keys
- No private key handling, storage, or generation
- Keys sync to servers when access is active
No workflow change
Users connect with standard SSH clients. GrantSSH is not a bastion, proxy, or session recorder.
SSH activity and visibility
Activity events give teams a timeline of SSH usage reported from their servers.
Events captured
- SSH login events
- SSH disconnect events
- Sudo usage events
- Failed login summaries
Server-side collection
Events come from the agent on each server — not from session recording, command logging, or proxying SSH traffic.
Roles and capabilities
Different responsibilities require different levels of control.
Member
- Manage their own public keys
- Request access permissions
- View team SSH activity
Manager
- Approve or reject access requests
- Create and modify permissions directly
- View and filter the full team activity log
Owner
- Invite and remove team members
- Change roles
- All manager capabilities
What GrantSSH is not
GrantSSH defines who can SSH in, for how long, and records what the agent sees on the server. The features below are handled separately, often by other tools you already run or add alongside GrantSSH.
No bastion or proxy
SSH goes directly to your servers, with the same client you use today.
Public keys only
Team members upload public keys. GrantSSH does not store passwords or handle MFA at SSH login.
Activity events, not recordings
The agent reports logins, disconnects, sudo use, and failed login summaries. It does not record full sessions or keystrokes.
Connection access only
Permissions decide who can reach a server account and when. They do not filter commands after someone is logged in.
Ready for Controlled SSH Access?
Create your account and start granting time-limited SSH access in minutes.
Set up controlled SSH access in minutes.