Low Friction Security for Startups


Cascara SSH eliminates the need to manage SSH keys and increases security.

Find Out More

SSH security integrated with GSuite


Rely on Google's security for authenticating users and enforcing 2FA. Cascara builds on top of Google in order to seamlessly provision short lived SSH keys. Deploy one key to all of your servers and use SSH the same way everyone from Facebook to Uber does.

According to ssh.com, 90% of SSH keys in a typical enterprise company are not actively used. Cascara ensures that no inactive keys exist thereby reducing the threat of a breach.

              
david@laptop $ cssh david@cascarasecurity.com
Logging in with Google...       # Opens a browser window to login using OAuth
Provisioning a new SSH key...
Session Established
david@cascarasecurity.com $
              
            

Setup Process


Signup

Configure custom SSH permissions through our website

Deploy

Deploy a single SSH certificate on all of your servers

Install

Install the open source cssh binary on your computer

Work, securely

Get back to the things that matter, confident that your servers are secure

Sign up

Sign up now and get started within 10 minutes


Get Started!

FAQ


SSH has a concept of "certificate authorities" where a single master key is placed on the server, and that key is used to create temporary keys that automatically expire after a set period of time. Cascara automates this process of provisioning new temporary keys based off of authenticating with your Google account.

Security is never absolute, but we believe that this does raise the bar for security. Cascara centralizes your SSH security so that one must attack Google in order to attack your SSH servers.

Using this service also requires trusting us. We maintain a warrant canary that we promise to keep up to date. In order to ensure that compromising us does not allow an attacker to compromise your servers, we recommend either configuring 2FA or a bastion host following the guides in the admin console.

Cascara eliminates the need to onboard and offboard engineers by manually editing the SSH keys deployed on servers. Even if you use Ansible or Chef to manage SSH keys, Cascara ensures that you do not need to wait for every server to get updated. With Cascara, you simply add or remove someone's email and it is done.

Cascara also removes the time consuming process of rotating SSH keys since all keys automatically expire.

Nothing! We are dedicated to ensuring that hobbyists and small startups can use our product. Overtime we plan on adding more enterprise focused features which we will charge for.

Made with ❤️ by David Dworken. I'm a Security Engineer with experience working everywhere from Snapchat to Keybase. I designed Cascara to solve a recurring security problem I've seen time and time again. In addition, it has been designed from the ground up with a secure scalable architecture.

More features are incoming!

Feedback, thoughts, ideas, or other questions? Let us know