SSH Manager
- CATEGORYInfrastructure · DevOps
- INTERFACEWeb + sshcon CLI
- SECURITYAES-256 · RBAC · TOTP 2FA
- BEST FORDevOps, sysadmins, MSPs
SSH terminals, password vaults, DevOps automation, and API access — unified in one platform with AES-256 encryption, across both a web and a CLI interface. No more juggling tools; one console for the whole infrastructure workflow.
One platform for every server, secret, and pipeline.
Infrastructure teams juggle a handful of tools where they could run one. SSH Manager consolidates server access, credentials, DevOps provisioning, and API management into a single platform — production-ready, v2.0, every module live. It fits naturally alongside our infra & DevOps engineering and DevOps practice.
A browser-based SSH terminal on xterm.js and WebSocket — connect to any server with no client software. An AES-256-CBC vault with team sharing, tags, and import/export. A DevOps platform wiring ISPConfig provisioning to GitLab CI/CD. A versioned REST API with permission-scoped keys and usage analytics. RBAC, TOTP 2FA, device fingerprinting, geolocation, and a complete audit trail underneath it all.
The whole infrastructure workflow in one place — no more juggling tools, and white-label ready to deploy under your own brand.
Six tools, folded into one console.
Terminal, vault, DevOps, API, security, and CLI — each a full module, all live in production today.
Web SSH terminal
- xterm.js terminal emulator
- WebSocket real-time I/O
- SSH2 protocol support
- Session management & timeout
- Password & key auth
- Full audit logging
Password manager
- AES-256-CBC encryption
- Team password sharing
- Categories & tags
- Custom fields per entry
- CSV / JSON import & export
- Built-in password generator
DevOps platform
- 4-step provisioning wizard
- ISPConfig server management
- SSL & PHP configuration
- Shell user + database creation
- GitLab project sync
- CI/CD pipeline tracking
REST API platform
- v1 & v2 versioned APIs
- ssh_-prefixed API keys
- Per-scope permissions
- Expiration management
- Usage analytics & logs
- Server + password CRUD coverage
Access & security
- TOTP 2FA with trusted-device bypass
- Role-based access control (RBAC)
- JWT session management
- Device fingerprinting
- Login geolocation tracking
- Complete audit trail
sshcon CLI
- Machine authentication
- Server list & connect
- Encrypted local credential storage
- Team package distribution
- Auto-update mechanism
- Debug & verbose mode
Four layers, from the tab to the target VM.
Client, gateway, service, and data — the path every command travels, with the ports and protocols technical buyers want to see up front.
- Web Terminal
xterm.js, streaming over WebSocket
- Admin UI
Next.js 15 App Router dashboard
- sshcon CLI
Node.js binary, talks over HTTPS
- SSH2 Proxy
Express.js · port 3016 · terminal stream
- API Routes
App Router · port 3017
- REST API v1 / v2
Secured by scoped API keys
- Auth
JWT sessions + TOTP 2FA
- Encrypt
AES-256-CBC for vault data
- DevOps
PHP Bridge to ISPConfig
- SSH Servers
Target VMs over SSH2
- MySQL
c1_sshcon data store
- ISPConfig & GitLab
Provisioning triggers CI/CD
The web terminal streams to the Express.js SSH2 proxy over WebSocket; the admin UI and CLI reach the API routes and REST API over HTTPS. Auth, encryption, and the DevOps bridge sit between the gateway and your servers, MySQL, ISPConfig, and GitLab.
Zero to live in four steps.
The domain-provisioning wizard runs the full path — and applying it automatically creates the matching GitLab CI/CD pipeline. Infrastructure as a single workflow.
- 01
Select server
Pick a target server and its ISP client to provision against.
- 02
Domain + SSL
Add the domain, request SSL, and set PHP and IP configuration.
- 03
Shell user + DB
Create the shell user and database the site needs to run.
- 04
Review & go live
Apply the plan — and provisioning automatically spins up the GitLab CI/CD pipeline.
Once a pipeline runs through build, test, and deploy, the domain is live with SSL active and auto-deploy running — provisioning and delivery handled in one pass. It pairs well with our broader automation work.
Secure by design, down to the audit line.
Anyone granting server access needs these as table stakes — so they are built in, specific, and on by default.
AES-256-CBC encryption
Vault credentials are encrypted at rest with AES-256-CBC.
TOTP 2FA + trusted devices
Time-based one-time passwords, with a trusted-device bypass for known machines.
Role-based access control
RBAC governs who can reach which servers, secrets, and API scopes.
JWT session management
Stateless, signed session tokens across the web and API surfaces.
Device fingerprinting & geolocation
Logins are fingerprinted and geotagged so anomalies surface fast.
Complete audit trail
Every access event is recorded — the record regulated reviews expect.
Built on rails your engineers already trust.
Open protocols and a modern platform stack — the foundations behind the terminal, the vault, the API, and the DevOps bridge.
Resell it under your own brand.
Deploy SSH Manager as your own product — built for MSPs, hosting providers, and enterprise teams that want a branded infrastructure console for their clients.
Custom branding
Your logo, colours, domain, and company name throughout the platform.
All six modules
Full platform access — terminal, vault, DevOps, API, security, and CLI.
Your own API namespace
The full REST API with your own API-key namespace for client integrations.
Multi-tenant user management
Teams, RBAC, and access control across separate client tenants.
Custom domain, no vendor name
Deploy on your domain with SSL — no SSH Manager branding shown to your users.
Priority support
A dedicated channel, SLA guarantees, and custom feature development.
Engagement is quote-based: tell us your requirements, branding, and scale; we configure and deploy a branded instance; you go live and onboard your users. Browse the rest of the product portfolio or ask about a rapid POC for an adjacent idea.
Explore the platform, on its own site.
SSH Manager runs as a live product — open it to see the modules, the architecture, and the API docs in full.
What infra teams ask first.
Weighing build versus buy for your server tooling? Start a conversation with our web engineering team.
Do my engineers need to install an SSH client?
No. The terminal runs in the browser on xterm.js with WebSocket streaming over the SSH2 protocol, so anyone can connect to a server from a tab — with password or key auth and full audit logging.
How are stored credentials protected?
The password vault encrypts entries with AES-256-CBC. Access is governed by RBAC, sessions use JWT, sign-in is protected by TOTP 2FA with a trusted-device bypass, and every event lands in the audit trail.
What does the DevOps automation actually do?
A four-step wizard provisions a domain through ISPConfig — server, domain and SSL, shell user and database, then review and go live. Applying the plan automatically creates the matching GitLab CI/CD pipeline, so provisioning and delivery are one workflow.
Can it be automated or scripted?
Yes. There is a versioned REST API (v1 and v2) with ssh_-prefixed, permission-scoped keys, expiration management, and usage analytics — plus the sshcon CLI for machine auth, server connect, and team package distribution.
Can we run it under our own brand?
Yes. SSH Manager is white-label: your logo, colours, and custom domain with SSL, multi-tenant RBAC, all six modules, and your own API-key namespace — built for MSPs, hosting providers, and enterprise teams.
One platform, every server.
Tell us how your team runs its servers, and we’ll stand up SSH Manager — six modules, AES-256, web and CLI — under your own brand.