DEV Community

doctorqp
doctorqp

Posted on • Originally published at dailydeploy.in

I built a terminal SSH manager because I was tired of scrolling bash history

#ssh #python #macos #cli

I manage a handful of servers across client environments. Some use key auth, some use passwords, and most of the time I need root access once I'm in. The workflow was always the same: scroll through terminal history for the right ssh command, type the password, then sudo -i and type it again.

I built SSHM to skip all of that. It's a terminal app that stores server credentials, keeps passwords in macOS Keychain, and optionally elevates to root automatically after login. One keypress to connect.

Install 

pipx install sshm-terminal
Enter fullscreen mode Exit fullscreen mode

If you don't have pipx:

brew install pipx && pipx ensurepath
Enter fullscreen mode Exit fullscreen mode

Or via Homebrew directly:

brew tap dailydeploy365/tap && brew install sshm
Enter fullscreen mode Exit fullscreen mode

Add a server

Launch with sshm, press a to open the add form:

Name:       Production API
Host / IP:  192.168.1.50
Port:       2222
User:       deploy
Group:      production
Password:   ••••••••
SSH Key Path: (leave empty if using password)

☑ Auto sudo (elevate to root)
Enter fullscreen mode Exit fullscreen mode

Press ctrl+s to save. The password goes straight into macOS Keychain. Server metadata is stored in ~/.sshm/servers.json with no secrets in it.

Connect

Select the server with arrow keys and press Enter. That's it.

If you checked "Auto sudo," the app SSHs in, waits for the shell prompt, runs sudo -i, handles the password prompt, and drops you into a root shell. You don't type the password at all.

How the password security works

Passwords never touch disk as plaintext. The macOS security CLI writes them to Keychain with a service tag of sshm. You can verify in Keychain Access.app by searching for "sshm."

During connection: when sshpass is available, the password is passed through an environment variable (SSHPASS), which never hits a file. When falling back to expect, a temp file with 0400 permissions is created, the expect script reads it, deletes it immediately, then handles the SSH prompt. Cleanup happens in a finally block.

Auto-sudo in detail

The auto-sudo feature chains two expect sequences:

  1. SSH into the server and send the password at the login prompt
  2. Wait for the shell prompt (looks for user@host:...$)
  3. Send sudo -i
  4. Send the same password at the sudo prompt
  5. Hand control to you with interact

This assumes the SSH user has sudo privileges and that the sudo password matches the SSH password. That's the common setup for most cloud VMs.

Keyboard shortcuts

  • a Add a new server
  • e Edit selected server
  • d Delete selected server
  • Enter SSH into selected server
  • c Copy SSH command to clipboard
  • / Search and filter servers
  • q Quit

SSH keys

Leave the Password field empty and fill in the SSH Key Path:

SSH Key Path:  ~/.ssh/id_rsa
Enter fullscreen mode Exit fullscreen mode

The app uses ssh -i when connecting. No expect scripts, no sshpass.

Requirements

  • macOS (uses the security CLI for Keychain and expect for password automation)
  • Python 3.10+

This is macOS-only because of the Keychain dependency. Linux support (via secret-tool or pass) isn't built yet.

Links

If you manage multiple servers and want a cleaner workflow, give it a try. Feedback and PRs welcome.

Top comments (0)