SSH One™ Trusted Access Security and Automation Platform

Some functionality on this page is not supported by your web browser. We recommend upgrading to a modern browser.

Secure data-in-transit, Boundary protection
Manage & Automate
Monitor & Control
Transformation & Cloud

SSH One™ API & Connectors
Future-proof, no vendor lock

  • Extend, customize, integrate, report

SSH DevOps™
Legacy-friendly, cloud-ready

360° visibility and control

Universal SSH Key Manager®
Process-driven management

Tectia® SSH
Premium Secure Shell

Services & Consulting
World-class subject matter expertise at your disposal

  • Access, specify, plan, evaluate
  • Deploy, implement, managed service

Security for cloud transformation, secrets management, elimination of SSH keys on VMs & containers. Secure provisioning & deprovisioning; microservices & DevOps enablement.

Transparently monitor & audit encrypted remote access. Control tunneling & file transfers. Enforce policy, analytics, DLP, anti-virus.

Access management for full lifecycle of SSH key based access, application by application. Interactive and automated processes. IAM integration. X.509 certificate management.

Secure file transfers, remote administration, application tunneling, automation, X.509 PKI, smartcards, VPN, 24x7 support.

SSH One™ Overview

SSH One™ is a platform for solving trusted access security and automation. It addresses all aspects of trusted access and access automation. It ensures compliance with a wide variety of regulations, enables effective audit, and reduces risk.


In large enterprises, the platform saves millions of dollars annually by automation, in addition to reduced reputation risk, better business continuity, compliance with customer or government requirements. Furthermore, adoption of secure DevOps practices helps win new markets, gain market share, and obtain higher margins via better and more timely products.

The platform is built to transparently support customers' application-oriented distributed workflows and support and secure their transformation into cloud. It helps adopt microservices, containers, and serverless computing. It brings audit and control into DevOps and production deployments while enabling developer access with full audit and analytics.

The platform secures data transfers in distributed environments, controls access between computational instances, automates credential and secrets management, and enforces security boundaries.

The platform is designed to integrate into other security applications through open APIs.

Enables Compliance

The platform addresses critical security risks and audit points, including those relating to:

  • Who has access to what systems and data, including proper provisioning and termination for SSH key credentials
  • Separation of duties, including preventing SSH key based access from development to production
  • Protection of confidentiality and integrity of communications
  • Authentication of communicating devices and users
  • Boundary protection
  • Data leakage prevention
  • Cryptographic key size, algorithm, age, and other policy controls
  • Mapping data flows and connections between information systems
  • Configuration change control for access-related configurations.

For more information on compliance, see the separate compliance page.

Who Has Access to What Systems and Data?

SSH keys grant access, and SSH access management is a top-5 critical security issue in enterprises right now. It is the top topic in identity and access management. It has turned out many organizations have way more SSH keys granting access to their systems than they have user names and passwords. The keys often bypass traditional privileged access management systems.

The platform includes the most comprehensive solution for managing SSH keys on the market. It manages and automates the full life cycle of keys, handling legacy environments, transformation to cloud, containers, and DevOps. It handles credentials for both automated and interactive access. In many organizations, over 95% of SSH access relates to automated processes and automated connections between information systems.

The platform manages keys for authenticating both devices and users. Device authentication keys include SSH host keys and X.509 certificates used for web server, application, and API server certificates and SSH host authentication. Management of user keys includes SSH user keys, X.509 certificates for user authentication, and other user certificates, such as X.509 keys for email encryption. For more information on the key management features, see Universal SSH Key Manager®.

Boundary Control

A fundamental tenet of IT security is to define boundaries between security domains to limit access. These are enforced using firewalls and access controls. However, encryption prevents traditional firewalls from inspecting traffic going through the firewall.

By having access to server keys via its key management functionality, the platform is able to decrypt incoming traffic at a firewall. This enables it to monitor incoming access, whether by employees, outsourcing partners, vendors, or consultants. It can also enforce policy, such as prevent SSH tunneling, to prevent backdoor access, or require a second factor of authentication. It can do these at the firewall, without installing agents or additional software on servers. It can also send any files transferred using the encrypted SFTP protocol to a data loss prevention system or anti-virus system for inspection. It can pass all session contents to analytics systems for early warning detection, and can record any or all sessions for forensics and internal investigations.

Privileged Access Management

The platform performs session recording, password management, and other normal privileged access management operations. It differs from traditional privileged access management systems in that it can operate transparently, without a jump server. It can also prevent going around the privileged access management system using SSH keys, which is possible with traditional approaches.

Secure Data-in-Transit and Communications

The platform provides data-in-transit protection for administrative access, file transfers, and connecting servers at different data centers (VPN).

Tectia SSH Client and Server come with 24x7 support, support all platforms including mainframes, and implement out-of-the box support for CAC and PIV cards, DoD PKI, and Windows Active Directory.

APIs for Integration, No Vendor Lock

The platform provides secure REST APIs, that is, programming interfaces that can be used for reading data from the platform components. The APIs can be used for operating the platform, including provisioning or deprovisioning of SSH keys, for exporting or importing data, for implementing plugins and extensions, and for integrating the platform to other products. This ensures there is no vendor lock and components of the platform can be mixed with existing and future infrastructure in the enterprise. For more information, see SSH One APIs & Connectors.

Services to Ensure Customer Success

We further provide services to ensure success in customer's deployment of SSH key management projects. From the SSH Risk Assessment service to subject matter expertise in SSH key management to full managed services, we focus on making the customer's project fast, minimally disruptive, and cost-effective. A success.

We also provide 24x7 support services for all our products.

Further Links