For any sysadmin, DevOps or SRE, one ritual is as constant as log rotation: opening SSH sessions—and doing it right: keys, port forwarding, file transfer, remote commands, and credentials kept out of harm’s way. That’s exactly the niche sshPilot aims to fill: a cross-platform (GNU/Linux, macOS) SSH connection manager with an integrated terminal, tabbed sessions, and secure credential storage, delivered as a lightweight, modern, open-source app (GPLv3).
Hosted on GitHub and distributed via DEB/RPM, Flathub (Flatpak), AUR for Arch, and DMG for macOS (Apple Silicon), sshPilot has gained traction as a practical alternative to long-standing (often closed-source) tools like PuTTY or SecureCRT. The philosophy is straightforward: group servers, connect with shortcuts, copy keys, set up port forwarding, transfer files, and work in tabs—without juggling windows or memorizing unwieldy command strings.
What sshPilot is (in one useful sentence)
sshPilot is an SSH connection manager with an integrated terminal that lets you organize hosts, open sessions in tabs, transfer files via SFTP/SCP, set up local/remote/dynamic port forwarding, generate/copy SSH keypairs, and store credentials securely. It’s free software (GPLv3) for Linux and macOS.
Why power users should care
1) Tabs & groups: order in the host jungle
Manage multiple sessions with a tabbed interface and group servers into folders. If you keep dozens or hundreds of hosts, this alone reduces click-fatigue and context switching.
2) Integrated terminal… or bring your favorite
sshPilot ships with an integrated terminal (VTE on Linux), yet you can launch your preferred terminal if you like. It supports light/dark themes and custom fonts/color schemes for those who fine-tune their terminal experience.
3) SFTP and SCP ready to go
Perform file management via SFTP and quick SCP uploads/downloads to/from remote servers—ideal for those “just drop this config” moments without spawning extra tools.
4) Complete port forwarding
Local, remote, and dynamic (SOCKS5) forwarding are supported. Expose a local service on a remote host, tunnel internal dashboards, or route traffic through a bastion—without mental gymnastics around -L, -R, and -D.
5) Broadcast commands (conduct the orchestra)
Send the same command to all open tabs. Used wisely, it’s a real time-saver for repetitive, idempotent checks across fleets (version checks, service reloads, quick status probes).
6) Key generation & “seed” to servers
Generate SSH keypairs and ssh-copy-id them to remotes. Moving away from passwords where possible boosts both security and productivity.
7) Auto-run commands on login
Define remote or local commands to run upon login—attach to a tmux session, tail a log, prepare an environment. You’ll get consistency across hosts and shifts.
8) Load/save your ~/.ssh/config
sshPilot understands standard OpenSSH config. If you already have aliases, ProxyJump, keys, or Match rules, you’re not starting from scratch. You can also use a dedicated config file if you want to keep things separate.
9) Credentials under lock and key (libsecret on Linux)
On Linux, sshPilot uses libsecret (Secret Service API) for secure credential storage. In plain terms: no passwords or passphrases are saved in cleartext or left on the clipboard. On macOS, it integrates with the native ecosystem.
10) Privacy & UX niceties
A privacy toggle hides IPs/hostnames in the main window (great for demos/screenshots). Full keyboard navigation and thoughtful shortcuts help keep hands on the home row.
Installation and platform support
- Debian/Ubuntu: install the .deb from GitHub releases; system deps via
apt(GTK4/libadwaita/VTE GI,python3-paramiko,python3-cryptography,sshpass,ssh-askpass,libsecret). - Fedora / RHEL / CentOS: .rpm available; deps via
dnf(GTK4, libadwaita, vte-gtk4, libsecret,paramiko,cryptography,sshpass,openssh-askpass). - Arch Linux: available in the AUR.
- Flatpak: Flathub install (
flatpak install flathub io.github.mfat.sshpilot). - macOS (Apple Silicon, aarch64): DMG in releases.
Prefer running from source? Install system dependencies (do not use pip for GTK/libadwaita/VTE bindings), Python modules from requirements.txt, and launch with:
python3 run.py
# verbose logging:
python3 run.py --verbose
Code language: CSS (css)Security: what it does (and what you still must do)
- Secure storage: libsecret on Linux; native integration on macOS. The app avoids copying secrets to the clipboard and does not store passwords/passphrases in plaintext.
- Keys first: key generation plus
ssh-copy-idhelp you ditch passwords. - Best practices remain yours: rotate keys when needed, require MFA on jump hosts, and restrict
PermitRootLogin/PasswordAuthenticationwhere applicable.
Real-world use cases
Multi-host ops with broadcast
Send the same command to ten servers: version checks, systemctl daemon-reload, clearing a small cache—done once, carefully.
Dynamic SOCKS for safe routing
Bring up a dynamic SOCKS5 tunnel (-D) and route a client’s traffic through your server—handy for inventory checks or testing behind restricted networks.
Inline SFTP for quick transfers
Sometimes you just need to drop a config, fetch a small dump, or inspect permissions. Having SFTP one click away removes friction.
Auto-run on login
Attach to tmux, tail critical logs, or set environment on every login—habitual workflows become second nature.
How it compares to veteran tools
Many users arrive from PuTTY, SecureCRT, or minimal launchers. sshPilot doesn’t try to be an IDE; it’s a purpose-built SSH manager that ships the essentials:
- Open source (GPLv3) and auditable.
- Understands OpenSSH config (no reinvention of the wheel).
- Tabs, groups, SFTP/SCP, broadcast, port forwarding—the “power user minimum.”
- Easy installs via Flathub/AUR/DEB/RPM/DMG.
If you need advanced tiling/pane management inside the terminal itself, pair sshPilot with tmux/zellij—sshPilot will happily launch your favorite terminal or keep you inside its own.
Performance & dependencies (Linux teams take note)
Under the hood: GTK4 + libadwaita with VTE for the terminal. Install system packages (not pip) for GI bindings, and ensure minimum versions: GTK4 ≥ 4.6, libadwaita ≥ 1.4, VTE ≥ 0.70. Python modules paramiko and cryptography handle SSH; sshpass and ssh-askpass cover traditional auth paths.
Productivity: small touches that add up
- Keyboard-driven navigation between tabs/hosts.
- Hide IP/hostnames from the main view in one click (perfect for screen captures).
- Customizable themes and fonts in the terminal.
- Read/write to standard
~/.ssh/config; optionally, use a dedicated file to keep sshPilot entries separate.
Roadmap & community
Active on GitHub with regular releases, a blog and wiki (productivity tips, grouping strategies, automation ideas). Listed on Flathub and AUR, and cited by Linux outlets as “a modern alternative to PuTTY and SecureCRT with built-in terminals and smart management tools.” The GPLv3 license means you can audit, fork, and contribute.
Who it’s for (and who it isn’t)
- Yes: sysadmins, DevOps, SREs, developers, and support teams who live in SSH and need order and safety without bloat.
- Yes: anyone who wants to centralize sessions, forwarding, and file transfers in a single lightweight app.
- Less so: users who expect a full IDE, advanced tiling inside the terminal, or complex plugin ecosystems (stick with your terminal + tmux for that).
5-minute setup (Linux)
- Install from Flathub (
flatpak install flathub io.github.mfat.sshpilot) or grab the .deb/.rpm from releases and satisfy deps (gtk4,libadwaita,vte-gtk4,libsecret,python3-paramiko, etc.). - Launch and import your
~/.ssh/config(or point to a dedicated one). - Create groups (prod, staging, lab) and add hosts.
- Configure keys, on-login commands, and port forwarding where needed.
- Work in tabs and use broadcast judiciously for repeatable fleet tasks.
Conclusion
sshPilot validates a simple idea: SSH management can be friendlier without sacrificing technical control. With tabs, groups, SFTP/SCP, port forwarding, two-click key setup, and secure storage, it turns many daily chores into repeatable habits. It doesn’t try to dazzle with novelty—it focuses on doing the essentials right with a clear UI and good security defaults. In a world where SSH is the admin highway, having a reliable—and free—pilot is not a luxury; it’s a necessity.
Frequently Asked Questions
Can sshPilot use my existing ~/.ssh/config?
Yes. sshPilot can load/save standard OpenSSH entries. If you already have aliases, ProxyJump, keys, or Match rules, you’re not starting from zero. You can also keep a separate config dedicated to sshPilot.
How are passwords and key passphrases stored? Is it safe?
On Linux, sshPilot uses libsecret (Secret Service API). On macOS, it integrates with the native keychain. It avoids clipboard usage and never saves secrets in plaintext. That said, best practice is to move to keys and avoid passwords where possible.
What’s the difference between SFTP and SCP in the app?
SFTP gives you file-manager-style browsing and operations (list, move, permissions). SCP is fast and direct for uploading/downloading specific files. sshPilot supports both to cover everyday scenarios.
Can I run the same command across multiple sessions?
Yes—broadcast mode lets you send a command to all open tabs. It’s powerful; use it with care (great for idempotent checks or simple state queries).
Does sshPilot support local, remote, and dynamic (SOCKS) port forwarding?
Yes. You can set up local (-L), remote (-R), and dynamic (-D) forwarding, including SOCKS5 proxies for client traffic routed through a server.
Is there a macOS build for Intel, or only Apple Silicon?
Releases currently provide DMG for Apple Silicon (aarch64). On Intel Macs, you can run from source if you satisfy dependencies; check the releases page for any future binaries.
What do I need to run from source on Linux?
Install system GTK/libadwaita/VTE GI bindings (not via pip), plus python3-paramiko, python3-cryptography, sshpass, and ssh-askpass. Then run python3 run.py (add --verbose for debug logs).
