linuxidentity.com

What It Is

Linux Identity is an SSH identity, access, and audit governance product for Linux fleets. It replaces long-lived static SSH keys with short-lived OpenSSH certificates tied to SSO, and uses a host Agent to capture sudo calls plus SSH/session events, writing them to append-only audit logs protected by a sha256 hash chain. Its target use cases are very clear: offboarding cleanup, authorized_keys sprawl, untraceable sudo activity, and the difficulty of collecting SOC 2 evidence.

Core Capabilities and Deployment

The architecture has three parts: your existing IdP handles identity, the Linux Identity control plane verifies OIDC tokens and issues short-lived certificates, and the Linux host Agent registers hosts, installs the CA public key, and collects sudo audit data at the PAM layer. It supports OIDC IdPs such as Okta, Google Workspace, and Microsoft Entra; Enterprise also mentions SAML, SCIM, and on-prem deployments. The Agent is not in the critical path for SSH login, which is an important design choice: even if the Agent crashes, engineers can still access hosts through sshd certificate validation.

Compliance, Management, and Security Design

The product is heavily designed around SOC 2 evidence, including CC6.x evidence export, tamper-resistant audit chains, centralized dashboards for host inventory, certificates, and sudo events, plus audit retention of up to 7 years. The documentation also mentions CA private keys stored in managed KMS, Postgres row-level security isolation, application roles without UPDATE/DELETE privileges, cosign-signed binaries, and SBOM publication. Note, however, that SOC 2 Type II is marked as underway, not as a completed certification.

Pricing and Target Users

Pricing is per host rather than per user: the self-hosted Open Source plan is free for up to 5 hosts; Team costs $25/host/month when billed annually or $30/host/month when billed monthly, and is intended for 6–50 hosts; Enterprise is for 50+ hosts and needs such as SAML, SCIM, and on-prem deployment, with sales contact required. The text also mentions free use for teams with fewer than 10 hosts and 5 users, plus 6 months free for design partners. It is best suited to Series A–C companies, platform teams running 10–500 production Linux hosts, and organizations working toward SOC 2.

Pros, Cons, and Access from China

Its strengths are a focused scope, a clear migration path, no per-seat tax, and a lighter footprint for small and mid-sized platform teams compared with full-stack access platforms like Teleport. The downsides are that it is still in private preview, with limited public information on customers, completed certifications, alerting integrations, and support SLAs; it also does not cover broader access surfaces such as databases, Kubernetes, or application proxies. Direct access from mainland China, RMB payments, invoicing, and compatibility with local alternatives have not been disclosed, so its availability can only be considered unknown. If you have local compliance requirements, consider evaluating a self-managed OpenSSH CA, Teleport, or cloud KMS/HSM-based approaches.