sshrimp implements zero-trust SSH authentication by issuing short-lived certificates instead of managing static keys. Deployed as an AWS Lambda function across multiple regions, it integrates with OpenID Connect for automated agent authentication and works seamlessly with standard OpenSSH clients. Minimal server configuration required—just a single trusted CA keys file.