[DEPRECATED - Use Go version] Secure SSH/SCP tool
Project description
vssh
⚠️ DEPRECATED: This Python package is no longer maintained. Please use the Go version instead:
# macOS brew install meshpop/tap/vssh # Linux curl -sSL https://github.com/meshpop/vssh/releases/latest/download/vssh-linux-amd64 -o /usr/local/bin/vssh && chmod +x /usr/local/bin/vsshGitHub: https://github.com/meshpop/vssh
Fast SSH alternative for server fleets. One shared secret. No key management.
pip install vssh
Pure Python standard library. No external packages. Linux and macOS.
Why vssh?
| SSH | vssh | |
|---|---|---|
| Authentication | Per-server public keys | One shared HMAC secret |
| Add a new server | Generate + copy key | Just set the same secret |
| Revoke access | Remove key from every server | Rotate secret once |
| Connection setup | Full handshake (~200–400ms) | Token check (~1ms) |
| Server discovery | IPs / DNS | wire mesh auto-discovery |
| Fleet health | None | vssh status — all nodes |
| AI management | ✗ | ✓ MCP integration |
How it works
Each server runs a persistent daemon on TCP port 48291. Every request includes an HMAC-SHA256 time-based token derived from the shared secret — no public key cryptography, no handshake overhead.
┌──────────────────────────────────────┐
│ Fleet │
│ ┌──────┐ ┌──────┐ ┌──────┐ │
│ │ web1 │ │ web2 │ │ db1 │ ... │
│ │:48291│ │:48291│ │:48291│ │
│ └──┬───┘ └──┬───┘ └──┬───┘ │
│ └─────────┴─────────┘ │
│ wire / VPN │
└─────────────────┬────────────────────┘
│ TCP :48291
┌──────┴──────┐
│ vssh client │
└─────────────┘
Setup
1. Install and start the daemon on each server
export VSSH_SECRET=your-shared-secret
vssh server
# Or install as a systemd service:
vssh install
Generate a strong secret:
python3 -c "import secrets; print(secrets.token_hex(32))"
2. Configure the client
With wire mesh VPN, vssh auto-discovers all nodes — no client config needed.
For standalone use, create ~/.vssh/config:
web1=192.168.1.10
web2=192.168.1.11
db1=192.168.1.20
SECRET=your-shared-secret
CLI Reference
Fleet status
vssh status # All nodes — online/offline, latency
vssh status --full # Status + disk, memory, load
Remote execution
vssh web1 "df -h" # Run command
vssh web1 # Interactive shell
vssh web1 "df -h && free -h" # Chained commands
File transfer
vssh put ./nginx.conf web1:/etc/nginx/ # Upload
vssh get web1:/var/log/app.log ./ # Download
vssh sync ./config/ web1:/etc/app/ # Sync directory
vssh rsync <local> <host>:<remote> # Delta sync (changed blocks only)
Auto-compresses text files. Skips upload if remote file is identical (MD5 check).
RPC — typed JSON data
vssh rpc web1 get_disk
vssh rpc web1 get_processes '{"n": 5, "sort": "mem"}'
vssh rpc-list web1 # List all available methods
| Method | Returns |
|---|---|
get_disk |
Disk usage |
get_memory |
Memory stats |
get_load |
Load averages |
get_processes |
Top processes |
get_gpu |
GPU VRAM, utilization, temp |
get_logs |
Log file or journalctl |
list_services |
Running systemd services |
restart_service |
Restart nginx / docker / postgresql / redis |
docker_containers |
Docker container list |
file_read / file_write |
File operations |
Other
vssh speed-test web1 # Measure transfer speed
vssh history [count] [filter] # Command history
vssh stats [days] # Transfer stats
vssh pipe-up web1:/path # Pipe stdin to remote file
vssh pipe-down web1:"cmd" # Pipe remote output to stdout
Tailscale Failover
If a node's primary VPN IP is unreachable, vssh automatically tries the Tailscale IP:
- Try wire VPN IP (1.5s timeout)
- Fall back to Tailscale IP, cache for 60s
- After 60s: retry wire — if recovered, clear failover
The failover map is built automatically by cross-referencing tailscale status with wire peers.
AI Management via MCP
{
"mcpServers": {
"vssh": { "command": "vssh-mcp" }
}
}
"Check which servers are online and show me disk usage" "Deploy the new config to all web servers and reload nginx" "What's using the most memory on db1?"
MCP Tools
| Tool | Description |
|---|---|
vssh_status |
Fleet status — all nodes, latency |
vssh_exec |
Run command on remote server |
vssh_put / vssh_get |
Upload / download file |
vssh_sync |
Sync directory |
vssh_speed_test |
Transfer speed |
vssh_tunnel |
Port-forward tunnel |
vssh_keys |
Show secret and server list |
MeshPOP Stack
mpop Fleet orchestration — monitor, manage, automate
vssh Authenticated transport — remote exec, file transfer ← this
wire Encrypted mesh VPN — connects all nodes
License
MIT — MeshPOP
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file vssh-4.0.0.tar.gz.
File metadata
- Download URL: vssh-4.0.0.tar.gz
- Upload date:
- Size: 45.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
4be3d2066a6dccfe954c1e2db3c0c8e0c4a53269c9cd8227e0b9c205e8dbae63
|
|
| MD5 |
322b00715a3f1364e3a142c91cdb59e4
|
|
| BLAKE2b-256 |
327bcc8b510947402d40f5d3368a51d529b21111ea2e3ada1e283a91e390203f
|
File details
Details for the file vssh-4.0.0-py3-none-any.whl.
File metadata
- Download URL: vssh-4.0.0-py3-none-any.whl
- Upload date:
- Size: 47.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
52a83742ee04dbeed239194b6d24d60574182ecbbb1a2528c630a868bf860123
|
|
| MD5 |
c22a1a156a8ca8faef9ccc6cc128d783
|
|
| BLAKE2b-256 |
772d5f9993dd4b9123fc5eda3c55b89f654c802bbf7d423b7738c73c901d15ae
|
