Local-first SSH host and credential manager for humans and AI agents — OS-keychain vault, loopback web UI, agent-safe by design
Project description
SSH Server Manager
A local-first SSH host and credential manager for humans and AI agents.
One CLI (serverctl) and a loopback-only web UI to add, import, test, and
connect to your servers — with every password and passphrase stored in your
operating system's native credential vault, never in a plaintext file.
简体中文说明 · Documentation · Security model · Website
🤖 Using an AI agent? The skill deploys to every agent on your machine in one line — dependencies, links, and health check included. See the agent deployment guide.
Why this exists
Most SSH managers make you choose between convenience and custody:
- Cloud-synced clients (subscription GUIs) keep your credentials on someone else's infrastructure.
- Plain
~/.ssh/configkeeps you in control but handles no passwords, no vault, and gives AI coding agents an easy way to leak secrets. sshpass-style wrappers put passwords in files, env vars, or shell history.
SSH Server Manager is different by construction:
| Property | How |
|---|---|
| Secrets never touch disk in plaintext | macOS Keychain / Windows Credential Locker / Linux Secret Service via keyring; unsafe backends are rejected as a hard error |
Your ~/.ssh/config is never modified |
A separate managed config is rendered and included alongside it |
| The web UI is unreachable from the network | Loopback-only bind, one-time launch token, CSRF + Origin checks, strict CSP |
| Revealing a stored secret requires re-auth | WebAuthn passkey (Touch ID / Windows Hello) or an Argon2id master password; grants are single-use and expire in 30 s |
| AI agents can drive it without seeing secrets | Every command has --json; SSH authentication happens through AskPass so secrets never appear in argv, env, logs, or model context |
| Host keys are always verified | StrictHostKeyChecking is never weakened, by policy and by code |
Quick start
git clone https://github.com/xiayh0107/servers-connect.git
cd servers-connect/ssh-server-manager
./scripts/bootstrap # Windows: scripts\bootstrap.cmd
./scripts/serverctl doctor # verify ssh, vault backend, and dependencies
Add a server and connect:
./scripts/serverctl credential add-password work-password # prompts locally, stores in OS vault
./scripts/serverctl server add web1 --hostname web1.example.com --username deploy --credential work-password
./scripts/serverctl server test web1
./scripts/serverctl connect web1
Or import everything you already have:
./scripts/serverctl server import # preview only
./scripts/serverctl server import --apply
Prefer a GUI? ./scripts/serverctl ui opens the local web interface in your
browser with a one-time tokenized URL.
Features
- Connection profiles — alias, host, port, user, project/scenario tags, notes, ordered ProxyJump chains (with cycle detection).
- Three credential kinds — vault-backed passwords, private keys with optional vault-backed passphrases, and ssh-agent/OpenSSH defaults. Credentials are reusable across servers and protected against deletion while referenced.
- OpenSSH import — parses your
~/.ssh/config(followingInclude), resolves each literal alias withssh -G, previews before applying. - Managed config rendering — atomic, user-only-permission writes to
~/.ssh/ssh-server-manager.conf; your original config always loads last so unrelated defaults keep working. - Connection testing —
server testreports latency and a classified error code (authentication-failed,host-key-untrusted,timeout,dns-failed, …) and records history. - Remote execution —
serverctl exec alias -- cmd args, with--shellfor pipelines,--stdin/--stdin-binaryfor streaming files,--reuse Nfor ControlMaster connection sharing (macOS/Linux), and--jsonfor machine-readable results. - Local web UI — manage servers and credentials, test connections,
create/rename/delete tags and bulk-assign searchable hosts, choose
system/light/dark themes, import config, browse remote directories read-only
over SFTP, copy file references for an agent, and reveal a stored secret
after passkey or master-password re-authentication. Connection status expires
instead of staying green. Inspect or shut down a background instance with
serverctl ui --status/--stop— no pid bookkeeping. - Diagnostics —
serverctl doctorchecks ssh availability and version, SFTP availability, vault backend safety, database and config paths, and Python dependencies.
Platform support
| macOS | Linux | Windows | |
|---|---|---|---|
| CLI + web UI | ✅ | ✅ | ✅ |
| Credential vault | Keychain | Secret Service (gnome-keyring / KWallet / KeePassXC) | Credential Locker |
| Secret reveal re-auth | Touch ID passkey or master password | passkey or master password | Windows Hello passkey or master password |
Connection reuse (--reuse) |
✅ | ✅ | — (OpenSSH ControlMaster needs Unix sockets; a warning is printed) |
Details and headless-server notes: docs/platforms.md. CI runs the full test suite on all three platforms.
For AI agents
This project ships as an Agent Skill (SKILL.md) so Claude Code, Codex, and other agents can manage servers safely: agents get structured JSON output and connection error classification, while the AskPass architecture keeps secrets out of the model's context by design.
The skill also encodes conversation UX, not just commands: agents answer
inventory questions from a single --json call, hand interactive shells to
your terminal and proxy follow-up commands through exec (connect
refuses to run without a TTY instead of hanging), and clean up a background
UI with serverctl ui --stop.
Deploy the skill with one line:
curl -fsSL https://raw.githubusercontent.com/xiayh0107/servers-connect/main/install.sh | sh
It links the skill into every detected agent (~/.claude/skills,
~/.codex/skills, …), installs dependencies, and runs doctor. Windows
uses install.ps1. See docs/ai-agents.md.
Documentation
| Doc | Contents |
|---|---|
| docs/installation.md | Per-platform install, requirements, bootstrap |
| docs/quickstart.md | First 10 minutes, common workflows |
| docs/cli.md | Complete serverctl reference |
| docs/web-ui.md | Web UI walkthrough and its security gates |
| docs/security.md | Threat model and security invariants |
| docs/platforms.md | Platform-specific behavior, headless Linux |
| docs/ai-agents.md | Using with Claude Code / Codex / MCP |
| docs/faq.md | Troubleshooting and common questions |
License
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file ssh_server_manager-0.4.1.tar.gz.
File metadata
- Download URL: ssh_server_manager-0.4.1.tar.gz
- Upload date:
- Size: 82.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
98d065ce9ec4cf498c3394ad9677b71a5f70c0123f5accfd43b8f7ea5b5009b3
|
|
| MD5 |
8970c6f934a4f0422f570afd26301caa
|
|
| BLAKE2b-256 |
57e615c65ec886ff6808cf53cb144123feeb1cfca8968c7571e126565d1157ea
|
Provenance
The following attestation bundles were made for ssh_server_manager-0.4.1.tar.gz:
Publisher:
publish.yml on xiayh0107/servers-connect
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
ssh_server_manager-0.4.1.tar.gz -
Subject digest:
98d065ce9ec4cf498c3394ad9677b71a5f70c0123f5accfd43b8f7ea5b5009b3 - Sigstore transparency entry: 2191366047
- Sigstore integration time:
-
Permalink:
xiayh0107/servers-connect@ad54a0a8ce28295f6a42c30e4b5e89fb2a7f3a07 -
Branch / Tag:
refs/tags/v0.4.1 - Owner: https://github.com/xiayh0107
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@ad54a0a8ce28295f6a42c30e4b5e89fb2a7f3a07 -
Trigger Event:
release
-
Statement type:
File details
Details for the file ssh_server_manager-0.4.1-py3-none-any.whl.
File metadata
- Download URL: ssh_server_manager-0.4.1-py3-none-any.whl
- Upload date:
- Size: 75.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c0cbe1093dfed79ad3a09de7bbc9da5b930b15686f7f4dbcae039c4ecad9c3af
|
|
| MD5 |
f4b6d62b22c63a2f03faea285fadba7c
|
|
| BLAKE2b-256 |
47a3c259bbc1ef455e913b5fa831bab60279e4fa9dadc9822c23e836b1b8c78b
|
Provenance
The following attestation bundles were made for ssh_server_manager-0.4.1-py3-none-any.whl:
Publisher:
publish.yml on xiayh0107/servers-connect
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
ssh_server_manager-0.4.1-py3-none-any.whl -
Subject digest:
c0cbe1093dfed79ad3a09de7bbc9da5b930b15686f7f4dbcae039c4ecad9c3af - Sigstore transparency entry: 2191366083
- Sigstore integration time:
-
Permalink:
xiayh0107/servers-connect@ad54a0a8ce28295f6a42c30e4b5e89fb2a7f3a07 -
Branch / Tag:
refs/tags/v0.4.1 - Owner: https://github.com/xiayh0107
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@ad54a0a8ce28295f6a42c30e4b5e89fb2a7f3a07 -
Trigger Event:
release
-
Statement type: