15 YEARS · ZERO BREACHES · 5,000+ TEAMS

SSH keys to every node.
No ports opened. Ever.

A lightweight open-source agent on each node pulls SSH keys and sudo roles over outbound HTTPS. No inbound connections. No attack surface. All accounts are local, so everything works — even if Userify goes down.

Outbound-only

Stateless overwrite

Active termination

Zero attack surface

Real SSH, not a portal

AI agent ready

The dashboard

One screen. Every user. Every server group.

This is what you actually see. Users on rows, server groups on columns. Red means root (sudo). Green means user. Gray means no access. Click a dropdown, change a permission — it's overwritten on every server in that group within seconds.

Nexus AI · LLM Training Cluster 2026 Total Servers: 2,847

	INGEST412	TRAINING1,024	EVAL256	SERVING640	MONITORING515

Server list

Click a group header. See every server.

Each server checks in on its poll cycle. If it misses a cycle or two, it goes stale and times out. What you see here is the actual state — which servers are alive, which are pulling keys, which have gone dark.

Nexus AI / TRAINING — 1,024 servers poll cycle ~90s

Status	Hostname	IP	Instance	Last check-in

AI-native SSH

Give your AI agents real SSH access

Teams are already using Userify to distribute keys so Claude Code, Cowork, and other AI coding agents can SSH directly into infrastructure. No bastion hacks. No port forwarding. Just keys, deployed where needed, when needed.

Your AI agent needs real shell access.

Web terminals and sandboxed consoles don't cut it when your agent needs to debug a production incident, run Ansible across a fleet, or pull logs from a specific node. Userify gives your agents the same SSH access your SREs have — scoped to exactly the servers they need, revocable in milliseconds.

Claude Code / Cowork

Deploy a key for your AI agent into specific node groups. It gets full SSH, SCP, SFTP, and tunneling — completely revocable.

Incident response

Key doesn't live anywhere until you need it. Drop into production in seconds when something breaks. Pull it when it's fixed.

Ansible & automation

AI agents driving Ansible, Terraform, or scripts get centrally managed SSH keys — not scattered configs.

Zero standing access

No permanent keys sitting on servers. Deploy on-demand, scoped to the exact group and role. Auto-revoke when done.

Architecture

Nodes reach out. Userify never reaches in.

The shim makes a single outbound HTTPS call to your Userify server — whether that's Userify Cloud or your own self-hosted instance. Uses standard Linux utilities — useradd, sudo — and never touches PAM or NSS.

Deployment

Install the shim however you launch servers

Userify Cloud gives you a one-line shim installer from your dashboard. Or bake it into your AMI, drop it in UserData, add it to your Terraform module, Ansible playbook, Chef recipe, or Puppet manifest.

⚡

Instant Deploy

One-liner from your dashboard

🏗

Terraform

Module for provisioning

📋

Ansible

Playbook task

🍳

Chef

Recipe

🎭

Puppet

Manifest

🧂

Salt Stack

State file

☁️

CloudInit

UserData script

🖼

AMI / Image

Bake into golden image

Want to self-host instead?

curl https://i.userify.com | sudo -sEInstalls Userify Express or Enterprise on your own server

Behind the scenes

What the shim does on each poll cycle

You change a permission in the dashboard. Behind the scenes, the shim on every affected server pulls the new desired state and overwrites reality. No diff, no merge — just a complete overwrite.

↓ Pull desired state

Outbound HTTPS call to your Userify server with group credentials. Returns the complete list: users, public keys, sudo roles. That's the truth.

⊕ Create & overwrite

Missing users created with useradd. GECOS tagged {user}-userify. Existing keys overwritten — not merged. The dashboard is the single source of truth.

🔑 Keys & sudo deployed

Public keys → authorized_keys. Sudo: root or user only. No custom sudoers. Plays nice with LDAP, NIS, anything — only touches *-userify accounts.

⊘ Active Termination

Any *-userify account NOT in the desired state: kill every process — daemons, tmux, screen, cron, everything. Home dir → /home/deleted:{user}. Account removed.

✓ Converged

Machine matches desired state. If the connection fails — or if the shim dies — locally created accounts remain accessible. The shim restarts itself each cycle. Bulletproof.

Philosophy

Why it works

Boring is reliable.
Boring is secure.
Boring always works.

We resist features for the sake of features because that's the fastest path to vulnerability. Local accounts, standard Linux tools, outbound-only connections, and a shim you can read in an afternoon. Elegant security through simplicity.

Real SSH

Not a web console. Actual SSH.

SSH, SFTP, SCP, tunnels, port forwarding, agent forwarding, multiplexing — all the power SSH gives, constrained by Linux's built-in authorization. Use Ansible, Fabric, csshX, or any SSH tool you want. Or sit back and don't deploy your key anywhere until the day you need it.

Full SSH power

SSH, SCP, SFTP, tunnels. Not a browser terminal. Not a single-server portal. The real thing.

Just-in-time access

Your key isn't deployed anywhere until you need it. Drop into production in seconds. Pull it when you're done.

Auto-scaling native

Shim baked into AMI or CloudInit. New instances join their node group automatically. No manual config ever.

Offline bulletproof

All accounts are locally created. If Userify goes down, your access doesn't. If the shim dies, your accounts stay.

Active termination

Deprovisioning in milliseconds

Every edition of Userify includes Active Termination — remove a user from the dashboard and their processes are killed on every server before the page finishes loading. With Userify Enterprise, you can trigger it directly from Active Directory.

T+0ms

User removed

Admin removes user from the Userify dashboard — or, with Enterprise, disables them in Active Directory.

T+~100ms

Desired state updated

User removed from every server group they belonged to. Next poll cycle picks it up.

T+~200ms

Next poll cycle

Shim pulls updated state. User is gone from the list.

T+~210ms

Kill all processes

Every process they own — daemons, tmux, screen, cron — terminated. disgruntled_kill_company.sh dies mid-execution.

T+~220ms

Preserve & remove

/home/jdoe → /home/deleted:jdoe. Account removed. Keys gone. Evidence preserved.

T+~230ms

Clean

Every server, every cloud, every node group. 230ms from click to clean.

Trust

Security through simplicity

Zero-knowledge dashboard: if you don't have access to a company, project, or server group, it doesn't exist. All data encrypted at rest with Curve25519. Open-source shim on GitHub.

✓

Zero-knowledge
Dashboard isolation

✓

Curve25519
Encryption at rest

✓

Open source
Shim on GitHub

✓

Aids compliance
SOC-2, PCI, HIPAA

✓

AWS reviewed
Well-Architected

✓

Outbound only
Zero attack surface

Pricing

Pay for running servers. Nothing else.

Unlimited users, keys, and projects. No per-seat fees. Billed hourly — only when a server is online and pulling updates. Perfect for auto-scaling.

Free tier

$0 forever

Up to 5 servers. No credit card. No expiration.

5 servers
Unlimited users & keys
Unlimited projects
Email support
Never expires

Production

$0.0315 / server / hour

~$23/server/month. Spin up 200 for a training run — pay only for hours alive.

Unlimited servers
Unlimited everything
Priority support
Auto-scaling native
Hourly billing only

SSH keys to every node.No ports opened. Ever.