ManagedSSH

ManagedSSH is a terminal-first SSH connection manager built with Go, Cobra, and Bubble Tea. It helps you organize hosts, store encrypted credentials, and connect quickly from a guided TUI.

Dashboard Preview

Why ManagedSSH

• Keep SSH hosts, users, and auth settings in one place.
• Encrypt secrets at rest with a master key.
• Validate host connectivity and host keys before saving.
• Use a keyboard-driven dashboard for fast daily operations.

Key Features

• Beautiful TUI workflow for setup, unlock, host management, and connection.
• Encrypted vault using Argon2 + AES-GCM for stored credentials.
• Host key verification with known_hosts integration and trust confirmation.
• Host profiles with:
  • Alias, hostname, port, SSH timeout, group, tags
  • Multiple user accounts per host
  • Per-user password or SSH key authentication
• Support for SSH key path or inline encrypted key data.
• Passphrase-aware key handling, including save-on-success for key passphrases.
• Master key rotation that re-encrypts all stored secrets.
• Backup export with atomic writes.
• Backup import with master key verification, validation checks, and overwrite confirmation.
• Search and filtering in dashboard by alias, host, group, tags, and users.

Requirements

• Go 1.26.1
• macOS, Linux, or another environment with terminal SSH access

Quick Start

1. Build:

make build

2. Run:

make run

3. Install:

make install

Arch Linux (AUR) install:

yay -Sy managedssh
# or
paru -Sy managedssh

4. First launch flow:

• Create a master key.
• Add a host and one or more users.
• Confirm host key trust if prompted.
• Connect from the dashboard.

Dashboard Controls

• q: quit
• l: lock vault
• c: change master key
• /: focus search
• esc: clear search or cancel current context
• j / k or arrow keys: move selection
• a: add host
• e: edit selected host
• y: duplicate selected host
• d: delete selected host (with confirmation)
• h: run health check for all saved hosts (green/yellow/red indicators)
• enter: connect to selected host
• x: export backup
• i: import backup

Security Model (Brief)

• Configuration is stored in $XDG_CONFIG_HOME/managedssh/ (or ~/.config/managedssh/ if XDG_CONFIG_HOME is not set).
  • Vault metadata is stored in vault.json.
  • Host data is stored in hosts.json.
• Sensitive data is encrypted and handled as byte slices with explicit zeroing where possible.
• Host trust follows known_hosts behavior and requires explicit trust for unknown keys.

Development

Common commands:

make help
make build
make run
make test
make test-race
make vet
make lint
make fmt
make tidy
make install
make uninstall
make clean

Target summary:

• make help: show available targets
• make build: build the binary as managedssh in the project root
• make run: run the app with go run
• make test: run all tests
• make test-race: run all tests with the race detector
• make vet: run go vet checks
• make lint: run golangci-lint if installed, otherwise skip with a message
• make fmt: format Go files (excluding vendor)
• make tidy: run go mod tidy
• make install: install to GOBIN or GOPATH/bin, with ~/.local/bin fallback
• make uninstall: remove installed binary from GOBIN, GOPATH/bin, or ~/.local/bin fallback
• make clean: remove the local built binary

Install behavior:

• make install uses go install . when GOBIN or GOPATH is set.
• If both are missing, it installs to ~/.local/bin.
• If ~/.local/bin is not in your PATH, install prints: ~/.local/bin is not in path please add it to path.

Project Layout

• main.go: entry point
• cmd/: Cobra command wiring
• internal/tui/: Bubble Tea state machine and views
• internal/host/: host models and JSON persistence
• internal/sshclient/: SSH verify, trust, and session logic
• internal/vault/: master key setup, unlock, and encryption helpers

License

GNU AGPL v3. See LICENSE.