sshman

command module

v1.2.3 Latest Latest Go to latest Published: Jul 16, 2025 License: GPL-3.0 Imports: 20 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/SpikeTheDragon40k/sshman

Links

Open Source Insights

README ¶

sshman

sshman is a simple command-line SSH key and connection manager that stores your SSH entries securely in an encrypted vault file (vault.vssh). Unlike traditional SSH key managers that save private keys as files (e.g., in ~/.ssh), sshman keeps SSH private keys encrypted inside the vault file and loads them only in memory during use, greatly reducing the risk of key leakage from disk. It supports adding, listing, updating, deleting, and searching SSH entries, generating RSA key pairs, copying SSH commands to the clipboard, sending public keys to remote servers, and launching direct SSH connections.

Features

Encrypted vault storage using AES-GCM and Argon2 for key derivation
SSH private keys securely stored only inside the encrypted vault file and kept in memory during usage (no keys saved as separate files on disk)
Secure password prompt with hidden input
Custom vault file with .vssh extension
Add, update, delete, list, and search SSH entries (name, user, host, key data)
Generate RSA SSH key pairs internally without writing private keys to disk
Send public keys to remote servers for passwordless login setup
Copy SSH command to clipboard for quick use
Direct SSH connection launch from vault entries

Installation

Requires Go 1.18+ to build and system ssh-keygen for key generation.

git clone https://github.com/SpikeTheDragon40k/sshman.git
cd sshman
go build -o sshman main.go

Or download a precompiled binary from releases (when available).

Usage

Initialize the vault and set a password:

./sshman init

Add an SSH entry:

./sshman add --name myserver --user ubuntu --host 1.2.3.4 --key ~/.ssh/myserver.key

List all entries:

./sshman list

Copy the SSH command for an entry to clipboard:

./sshman copy --name myserver

Connect directly to the server:

./sshman connect --name myserver

Generate a new RSA key pair:

./sshman genkey --name mynewkey --bits 2048

Send the key:

sshman sendkey --name myserver

Delete an entry:

./sshman delete --name myserver

Update an entry:

./sshman update --name myserver --user ubuntu2 --host 1.2.3.5

Search entries by keyword:

./sshman search --query my

Vault File

Vault is stored in the current directory as vault.vssh.
The vault file format is binary and structured as follows:
- First 16 bytes: random salt for Argon2 key derivation
- Next 12 bytes: nonce used for AES-GCM encryption
- Remaining bytes: AES-GCM encrypted JSON data containing SSH entries
The vault is encrypted with the password you set during init.
Important: Never lose your vault password or you will not be able to access your stored entries.

Dependencies

urfave/cli/v2 - CLI framework
atotto/clipboard - Clipboard support
golang.org/x/crypto/argon2 - Argon2id password-based key derivation
golang.org/x/term - Terminal password input (hidden input)
System dependency: ssh-keygen command for RSA key generation (must be in PATH)

Notes

The genkey command depends on the system ssh-keygen utility.
Keys generated by genkey are without passphrase for convenience.
Vault encryption uses Argon2id for secure password strengthening and AES-GCM for authenticated encryption.
Vault file permissions are set to 0600 to restrict access.
All commands prompt for the vault password securely.

To-Do

~~Windows and Mac Versions~~
A Gui (?)
Ubikey/TOTP integration

Contribution

Check the CONTRIBUTING.md

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL