DealForge autonomously sources, scores, and writes investment memos on venture deals. Stop manually hunting.
1,180+ deals tracked · 22 AI investment memos · Updated daily
Show HN: Prmana – OIDC SSH Login for Linux with DPoP (Rust, Apache 2.0)
prmana replaces static SSH keys with short-lived OIDC tokens validated at the host through PAM. What makes it different from other OIDC-for-SSH approaches is DPoP (RFC 9449) — every authentication includes a cryptographic proof that the token holder has the private key. Stolen tokens can't be replayed.<p>Three components: a PAM module (pam_prmana.so), a client agent (prmana-agent), and a shared OIDC/JWKS library (prmana-core). All Rust.<p>DPoP keys can be software, YubiKey (PKCS#11), or TPM 2.0. No gateway, no SSH CA, no patches to sshd. Standard ssh client, standard sshd, PAM in between.<p>Tested against Keycloak, Auth0, Google, and Entra ID.<p>The name is from Sanskrit — pramana (प्रमाण) means "proof."
Prmana offers a technically elegant solution to SSH security by leveraging OIDC and DPoP to eliminate static keys without the architectural overhead of a gateway or CA. While the product innovation is strong and addresses a clear enterprise pain point, the venture is currently at a pre-seed/project stage with minimal traction and significant competition from established players like Teleport and Tailscale.