Tired of messy ~/.ssh/config and copy‑pasted one‑liners?
ssh-connect is a tiny Bash CLI to create, update and connect to SSH profiles — with encrypted passwords, an optional fzf picker, and a one‑command install.
TL;DR
- Encrypted passwords (OpenSSL AES‑256‑CBC + PBKDF2, master passphrase)
- Key or password auth; auto‑login via
sshpass(optional) - Interactive profile picker via
fzf(optional) - Export/Import profiles to
tar.gz - Works on Linux/macOS; single script; no vendor lock‑in
Repo: https://github.com/bpidperygora/SSH-profile-manager
Why: what’s missing in existing tools
The problem isn’t SSH itself — it’s the glue:
- Plain
~/.ssh/configis great for keys, but doesn’t handle encrypted passwords, CRUD, or export. - Teams often end up with ad‑hoc scripts and scattered secrets.
Concretely, common tools fall short when you need a single CLI that provides: local password encryption + sshpass auto‑login + interactive picker + export + one‑file install.
Alternatives (and gaps)
| Tool | Type | Password encryption | CLI‑first |
fzf picker |
sshpass auto‑login |
Export | One‑file install |
|---|---|---|---|---|---|---|---|
| StormSSH | CLI (Python) | No | Yes | No (relies on ssh_config) | No | No | No |
| assh (Advanced SSH config) | YAML→ssh_config generator | No | Yes | No | No | No | No |
| Termius | GUI w/ E2E sync | Yes (E2E) | No (GUI‑centric) | No | No | Partial | No |
| PuTTY/Plink + Pageant | GUI/CLI (Windows) | No | Mixed | No | No | Sessions (not profiles export) | No |
| OpenSSH config + shell scripts | DIY | No (unless you add pass) |
Yes | Sometimes | Sometimes | No | N/A |
pass + sshpass combo |
Toolkit | Yes (in pass) |
Yes | No | Yes | No | No |
ssh-connect combines the above into one cohesive CLI workflow.
Features
- Create/Update/Delete/List profiles under
~/ssh_profile/profiles - Connect by name:
ssh-connect <name> - Choose auth per profile: SSH key or encrypted password
- Master‑passphrase encryption (OpenSSL AES‑256‑CBC + PBKDF2; stored as base64)
- Optional
fzfpicker for fast interactive selection - Optional
sshpassfor non‑interactive password auth - Export/Import profiles to
tar.gz(with decryption on export)
Install
Linux/macOS (Intel):
curl -fsSL https://raw.githubusercontent.com/bpidperygora/SSH-profile-manager/main/install.sh \
| GITHUB_REPO=bpidperygora/SSH-profile-manager bash -s -- --bin-dir=/usr/local/bin --name=ssh-connect
macOS (Apple Silicon):
curl -fsSL https://raw.githubusercontent.com/bpidperygora/SSH-profile-manager/main/install.sh \
| GITHUB_REPO=bpidperygora/SSH-profile-manager bash -s -- --bin-dir=/opt/homebrew/bin --name=ssh-connect
Dependencies:
- required:
openssl - optional:
sshpass(auto‑login),fzf(picker) - disable auto‑install of deps:
NO_DEPS=1 ./install.sh --bin-dir=/usr/local/bin --name=ssh-connect
Uninstall:
curl -fsSL https://raw.githubusercontent.com/bpidperygora/SSH-profile-manager/main/uninstall.sh \
| bash -s -- --bin-dir=/usr/local/bin --name=ssh-connect
Usage
ssh-connect # interactive selector and connect
ssh-connect <name> # connect to profile by name
ssh-connect create # create a new profile
ssh-connect update [<name>] # update existing profile (prompts)
ssh-connect delete [<name>] # delete a profile
ssh-connect export # export all profiles to tar.gz
ssh-connect list # list profile names
Profiles live in ~/ssh_profile/profiles/*.profile (simple key=value files).
Demo
Security notes
- Passwords are encrypted at rest (AES‑256‑CBC + PBKDF2 via OpenSSL)
- Decryption happens on demand; plaintext stays in memory briefly for
sshpass - Prefer SSH keys where possible; passwords are for legacy hosts and jump boxes
Top comments (0)