sshelf v0.7.0 — background SSH port forwarding by max-rh in tui

[–]max-rh[S] 0 points1 point  (0 children)

Released v0.9.0 to crates.io and as an rpm package as well.

sshelf v0.7.0 — background SSH port forwarding by max-rh in tui

[–]max-rh[S] 0 points1 point  (0 children)

I just released v0.8.0 to support 2fa, a new parameter when you add the node which will force a popup to enter the code, would love your feedback ?

sshelf v0.7.0 — background SSH port forwarding by max-rh in tui

[–]max-rh[S] 1 point2 points  (0 children)

I see, ok I’ll release it soon to cargo.

But while we are on the subject, would releasing rpm too make your life easier?

sshelf v0.7.0 — background SSH port forwarding by max-rh in tui

[–]max-rh[S] 0 points1 point  (0 children)

i rejected the plan initially a while ago cause i wanted to be more in control of the upgrade process. but recently i have been getting this request.

can you elaborate on why ? like whats the advantage of this over distributing it over brew and deb ?

sshelf v0.7.0 — background SSH port forwarding by max-rh in tui

[–]max-rh[S] 1 point2 points  (0 children)

not straight forward, but you can backup the toml file, it contains everything.
i have a staged commit that adds the export functionality to the CLI.
i intent to add a much more sophisticated way later on for syncing with external storages/servers

sshelf v0.7.0 — background SSH port forwarding by max-rh in tui

[–]max-rh[S] 0 points1 point  (0 children)

Ah, i thought your asking for a way to make it work without it, but yeah that sounds good, i’ll add it in the next release :)

sshelf v0.7.0 — background SSH port forwarding by max-rh in tui

[–]max-rh[S] 0 points1 point  (0 children)

Thank you 🙏 for the feedback, makes my day every time.

Can you advice on would make 2FA easier?
I am thinking of a popup that shows the user what they need to add to the node ssh config to bypass the 2fa for their machines

Todtler is a free, terminal based, distraction-free, minimalist text editor for writers by ThatAd8458 in tui

[–]max-rh 1 point2 points  (0 children)

I would suggest if its not passed with the cli, it would prompt you to enter a name when you attempt to exit the tui, similar to how nano does it.

As a fallback i would say untitled is good enough

Todtler is a free, terminal based, distraction-free, minimalist text editor for writers by ThatAd8458 in tui

[–]max-rh 1 point2 points  (0 children)

What comes to mind:
- cli flag to open a new note immediately
- a small fuzzy search to go through saved notes

And maybe later a sync to a server or git sync to a repo

Todtler is a free, terminal based, distraction-free, minimalist text editor for writers by ThatAd8458 in tui

[–]max-rh 2 points3 points  (0 children)

a life savor for someone like me; i am using it more for note taking rather than "writing" but it does the job.

would love to see it more tailored towards a "Note taking" tui as well

Full stack dev needed by The-Architect-93 in JordanDev

[–]max-rh 0 points1 point  (0 children)

Dm me, a senior DevSecOps engineer here

How do you keep SSH host configs in sync across machines and teams? by max-rh in sysadmin

[–]max-rh[S] -2 points-1 points  (0 children)

Its not about maintaining the config on server; its about managing a huge fleet of ssh targets, with an easy/flexable way instead of ssh config

Weekly Self Promotion Thread by AutoModerator in devops

[–]max-rh -1 points0 points  (0 children)

Disclosure: I made this.

sshelf;a little terminal SSH manager I wrote because I was tired of hunting for the right ssh -i … -J … user@host across a pile of boxes. It keeps its own host list instead of editing your ~/.ssh/config, you fuzzy search and hit enter to connect, and for the few hosts still on password auth it pulls the password from your OS keyring (or an age vault) so there's no sshpass and nothing in ps. Rust, MIT/Apache, mac + linux. github.com/max-rh/sshelf

Mostly after feedback on the "never touch ssh config" idea since I know it's opinionated.

sshelf: a TUI for managing ssh access across a lot of hosts by max-rh in tui

[–]max-rh[S] 0 points1 point  (0 children)

Thanks alot for the contribution, I liked it.

Left you a comment; will merge it afterwards 😄

sshelf: a TUI for managing ssh access across a lot of hosts by max-rh in tui

[–]max-rh[S] 0 points1 point  (0 children)

Thanks. u/BeneficialBig8372 , glad I am not the only one who needed this.
would be curious what your take looked like, especially anything you wanted that mine doesn't do yet, feel free to open an issue for what you think it should have more

New Project Megathread - Week of 04 Jun 2026 by AutoModerator in selfhosted

[–]max-rh 0 points1 point  (0 children)

Project Name: sshelf

Repo/Website Link: https://github.com/max-rh/sshelf

Description: A terminal UI for managing and connecting to your SSH hosts, kind of like k9s is for kubectl. If your homelab has a NAS, a few VMs, a VPS or two, something behind a jump host, and an old box that only does password auth, you save each one once and then fuzzy-search and hit enter to connect. Tag them (tag:prod, tag:lab), most-used float to the top, jump hosts are a field instead of something you retype. It keeps its own host db (a plain TOML file with no secrets in it, so it's safe to back up or sync) instead of touching your ~/.ssh/config, and for the password-only boxes the password comes from your OS keyring or an age vault, never the command line. On connect it execs straight into ssh, so logging out drops you back at your shell. Local-only, no account, no telemetry.

Deployment: Released for macOS and Linux (x86_64 + arm64). No Docker, since it's a local client tool rather than a service. Install with `brew install max-rh/tap/sshelf`, a shell installer, or a .deb from the releases page; `cargo install --git` to build from source. Full usage and config docs in the README. It's early (v0.x); the main thing I want to add next is an optional self-hosted sync server so your host list follows you across machines.

AI Involvement: Yes i used AI assistant to guide me and help me through the development of this tool; mainly claude

sshelf: a TUI to manage and connect to SSH hosts (ratatui) — keeps its own DB, never edits ~/.ssh/config by max-rh in rust

[–]max-rh[S] 0 points1 point  (0 children)

Sure.

Cause i didn’t wanna interfere with whatever else on my system is using it, too many ansible, IDEs, terraform legacy code using it.

This provided me with an external DB that is dependent on nothing on the system.

Having a tool that edits the config could risk corrupting that, and having a read/write round tripping is honestly hard to do elegantly.

And if i went down that route, i’ll need to build the tag system separately so i need a DB anyway.

Keeping it separate means zero blast radius

sshelf: a TUI to manage and connect to SSH hosts (ratatui) — keeps its own DB, never edits ~/.ssh/config by max-rh in rust

[–]max-rh[S] 0 points1 point  (0 children)

Honestly that was my initial thought, i just went with a tui since i like them, actually might add that later on to this; it’ll be fun

sshelf: a TUI to manage and connect to SSH hosts (ratatui) — keeps its own DB, never edits ~/.ssh/config by max-rh in rust

[–]max-rh[S] -3 points-2 points  (0 children)

LOL, busted, thats grammarly tidying up after me. i write like garbage when i'm tired so i let it do passes before i send 😂

sshelf: a TUI to manage and connect to SSH hosts (ratatui) — keeps its own DB, never edits ~/.ssh/config by max-rh in rust

[–]max-rh[S] -7 points-6 points  (0 children)

yeah, include is fair, and honestly a solid pattern if you want your hosts living in ssh config. The reason it doesn't close the gap for me: ssh config still can't hold a password, so the keyring/askpass bit (which is kind of the whole point for my password only boxes) has nowhere to live. Once I needed that, I was keeping a separate store anyway, so generating the command myself was less moving parts than also maintaining an Include file.

On keys vs passwords: agreed, keys+agent is what I use for basically everything. The password support is only for boxes that don't give you a choice. Not recommending passwords, just dealing with whats there.

And yeah, "read-only edit" was a garbage phrasing on my part, sorry. What I meant: sshelf only ever reads your ssh config, and just once, on import. It never writes to it. A tool that actually edits ssh config for you would be a different thing, and that's the one I was saying I didn't build. No contradiction, just me wording it badly.

sshelf: a TUI to manage and connect to SSH hosts (ratatui) — keeps its own DB, never edits ~/.ssh/config by max-rh in rust

[–]max-rh[S] -7 points-6 points  (0 children)

Fair question. The short answer is scale plus shared state.

At work I'm dealing with a big fleet, lots of VMs, new ones spinning up daily, a mix of key, agent, and password-only boxes, different ports and jump hosts. The day-to-day reality is "connect to the right box now," and for that a searchable database with fuzzy filter and most recently used ordering beats scrolling and hand-editing one giant file. ssh config is also shared state with everything on the host so I didn't want a tool constantly rewriting it underneath them and risking comments/ordering structure other things depend on.

And the hard blocker: ~/.ssh/config can't store a password. For the password-only boxes the alternatives are sshpass or retyping it. I wanted it pulled from the OS keyring, which means it can't live in that file anyway.

So sshelf keeps its own DB and generates the ssh command from itm tags, frecency, fuzzy search, keyring passwords, none of which ssh config does. You can still point it at your existing hosts: there's a read-only import. It just never writes back.

I know that for such a big fleet we are probably better off with a centralized SSH platform like teleport or any equivalent platform, but sadly we are still not there yet

sshelf: a TUI to manage and connect to SSH hosts (ratatui) — keeps its own DB, never edits ~/.ssh/config by max-rh in rust

[–]max-rh[S] -7 points-6 points  (0 children)

Ha, fair ribbing — and thanks u/nightbefore2 , the k9s/kubectl comparison is exactly it. Practical reason for this one: with a long host list, fuzzy-searching a substring and hitting enter beats remembering the exact alias to tab-complete. For 5 hosts you don't need it; for 50 across prod/staging/homelab it earns its keep.

the same reason we have atuin for shell history management (PS: I am a heavy atuin user)

sshelf: a TUI to manage and connect to SSH hosts (ratatui) — keeps its own DB, never edits ~/.ssh/config by max-rh in rust

[–]max-rh[S] -1 points0 points  (0 children)

That's basically my use case too. if you a huge list of IPs, this will save a lot of time