DEV Community

Borys Pidperyhora
Borys Pidperyhora

Posted on

ssh-connect — tiny CLI to manage SSH profiles with encrypted passwords

Tired of messy ~/.ssh/config and copy‑pasted one‑liners?

ssh-connect is a tiny Bash CLI to create, update and connect to SSH profiles — with encrypted passwords, an optional fzf picker, and a one‑command install.

TL;DR

  • Encrypted passwords (OpenSSL AES‑256‑CBC + PBKDF2, master passphrase)
  • Key or password auth; auto‑login via sshpass (optional)
  • Interactive profile picker via fzf (optional)
  • Export/Import profiles to tar.gz
  • Works on Linux/macOS; single script; no vendor lock‑in

Repo: https://github.com/bpidperygora/SSH-profile-manager


Why: what’s missing in existing tools

The problem isn’t SSH itself — it’s the glue:

  • Plain ~/.ssh/config is great for keys, but doesn’t handle encrypted passwords, CRUD, or export.
  • Teams often end up with ad‑hoc scripts and scattered secrets.

Concretely, common tools fall short when you need a single CLI that provides: local password encryption + sshpass auto‑login + interactive picker + export + one‑file install.

Alternatives (and gaps)

Tool Type Password encryption CLI‑first fzf picker sshpass auto‑login Export One‑file install
StormSSH CLI (Python) No Yes No (relies on ssh_config) No No No
assh (Advanced SSH config) YAML→ssh_config generator No Yes No No No No
Termius GUI w/ E2E sync Yes (E2E) No (GUI‑centric) No No Partial No
PuTTY/Plink + Pageant GUI/CLI (Windows) No Mixed No No Sessions (not profiles export) No
OpenSSH config + shell scripts DIY No (unless you add pass) Yes Sometimes Sometimes No N/A
pass + sshpass combo Toolkit Yes (in pass) Yes No Yes No No

ssh-connect combines the above into one cohesive CLI workflow.


Features

  • Create/Update/Delete/List profiles under ~/ssh_profile/profiles
  • Connect by name: ssh-connect <name>
  • Choose auth per profile: SSH key or encrypted password
  • Master‑passphrase encryption (OpenSSL AES‑256‑CBC + PBKDF2; stored as base64)
  • Optional fzf picker for fast interactive selection
  • Optional sshpass for non‑interactive password auth
  • Export/Import profiles to tar.gz (with decryption on export)

Install

Linux/macOS (Intel):

curl -fsSL https://raw.githubusercontent.com/bpidperygora/SSH-profile-manager/main/install.sh \
  | GITHUB_REPO=bpidperygora/SSH-profile-manager bash -s -- --bin-dir=/usr/local/bin --name=ssh-connect
Enter fullscreen mode Exit fullscreen mode

macOS (Apple Silicon):

curl -fsSL https://raw.githubusercontent.com/bpidperygora/SSH-profile-manager/main/install.sh \
  | GITHUB_REPO=bpidperygora/SSH-profile-manager bash -s -- --bin-dir=/opt/homebrew/bin --name=ssh-connect
Enter fullscreen mode Exit fullscreen mode

Dependencies:

  • required: openssl
  • optional: sshpass (auto‑login), fzf (picker)
  • disable auto‑install of deps:
NO_DEPS=1 ./install.sh --bin-dir=/usr/local/bin --name=ssh-connect
Enter fullscreen mode Exit fullscreen mode

Uninstall:

curl -fsSL https://raw.githubusercontent.com/bpidperygora/SSH-profile-manager/main/uninstall.sh \
  | bash -s -- --bin-dir=/usr/local/bin --name=ssh-connect
Enter fullscreen mode Exit fullscreen mode

Usage

ssh-connect                   # interactive selector and connect
ssh-connect <name>            # connect to profile by name
ssh-connect create            # create a new profile
ssh-connect update [<name>]   # update existing profile (prompts)
ssh-connect delete [<name>]   # delete a profile
ssh-connect export            # export all profiles to tar.gz
ssh-connect list              # list profile names
Enter fullscreen mode Exit fullscreen mode

Profiles live in ~/ssh_profile/profiles/*.profile (simple key=value files).


Demo

Create
Use


Security notes

  • Passwords are encrypted at rest (AES‑256‑CBC + PBKDF2 via OpenSSL)
  • Decryption happens on demand; plaintext stays in memory briefly for sshpass
  • Prefer SSH keys where possible; passwords are for legacy hosts and jump boxes

Repo: https://github.com/bpidperygora/SSH-profile-manager

Top comments (0)