<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/">
  <channel>
    <title>DEV Community: 释慧利</title>
    <description>The latest articles on DEV Community by 释慧利 (@shihuili1218).</description>
    <link>https://dev.to/shihuili1218</link>
    <image>
      <url>https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F4011549%2F056af9d5-cce2-48bb-a055-9a567cc648c3.jpg</url>
      <title>DEV Community: 释慧利</title>
      <link>https://dev.to/shihuili1218</link>
    </image>
    <atom:link rel="self" type="application/rss+xml" href="https://dev.to/feed/shihuili1218"/>
    <language>en</language>
    <item>
      <title>RSSH — An SSH Client Born to be an AI Ops Assistant</title>
      <dc:creator>释慧利</dc:creator>
      <pubDate>Thu, 02 Jul 2026 02:19:12 +0000</pubDate>
      <link>https://dev.to/shihuili1218/rssh-an-ssh-client-born-to-be-an-ai-ops-assistant-1ig6</link>
      <guid>https://dev.to/shihuili1218/rssh-an-ssh-client-born-to-be-an-ai-ops-assistant-1ig6</guid>
      <description>&lt;p&gt;I can't stand the SSH clients on the market anymore. Every tool wants to grab a piece of my home, take a piss without flushing.&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;They maintain their own host keys — I really don't get why?&lt;/li&gt;
&lt;li&gt;Cloud sync requires a paid subscription. Somewhat understandable, but I'm not in the habit of paying.&lt;/li&gt;
&lt;li&gt;Their own proprietary recording format — why?&lt;/li&gt;
&lt;li&gt;Multi-platform without a mobile version.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;rssh is designed the other way around: blend into your existing Unix toolchain as much as possible.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fj9tusnul1rmbdt6r9zv2.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fj9tusnul1rmbdt6r9zv2.png" alt="img_local.png" width="800" height="533"&gt;&lt;/a&gt;&lt;/p&gt;




&lt;h2&gt;
  
  
  1. Born to Be an AI Ops Assistant
&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;Server environment initialization — still installing it yourself?&lt;/li&gt;
&lt;li&gt;High CPU/MEM? Still opening an AI Chat web page and acting as a manual courier between command input and output?&lt;/li&gt;
&lt;li&gt;Troubleshooting bugs — still reading logs by yourself?&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;An SSH client is a born ops tool. Every command's input/output passes through it. The RSSH GUI exposes multiple tools for the LLM to call, giving the LLM hands and feet.&lt;/p&gt;

&lt;p&gt;Skills live in &lt;code&gt;src-tauri/src/ai/prompts&lt;/code&gt;, audits welcome.&lt;/p&gt;

&lt;p&gt;Of course, security is paramount. Every action by the LLM must go through tools provided by RSSH, and every action passes through RSSH's shape validator + your authorization.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Ftypa6y9tqsyei5mr7qkv.gif" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Ftypa6y9tqsyei5mr7qkv.gif" alt="welcome-ai.gif" width="800" height="500"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  2. The rssh CLI
&lt;/h2&gt;

&lt;p&gt;The &lt;code&gt;rssh&lt;/code&gt; CLI is a special creature. You can use rssh data inside any terminal tool, do &lt;code&gt;rssh open [profile]&lt;/code&gt; anytime anywhere, and it reads &lt;strong&gt;the same&lt;/strong&gt; SQLite (&lt;code&gt;~/.rssh/rssh.db&lt;/code&gt;) as the GUI. A profile added in the GUI is immediately usable from the command line; vice versa.&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;rssh                       &lt;span class="c"&gt;# list all profiles&lt;/span&gt;
rssh &lt;span class="nb"&gt;ls &lt;/span&gt;prod               &lt;span class="c"&gt;# fuzzy search&lt;/span&gt;
rssh open gateway-01       &lt;span class="c"&gt;# connect directly&lt;/span&gt;
rssh open fwd my-tunnel    &lt;span class="c"&gt;# start a named port forward&lt;/span&gt;
rssh add profile           &lt;span class="c"&gt;# interactive create&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;This means you can drop &lt;code&gt;rssh open foo&lt;/code&gt; into any script, alias, or Makefile, with no need to maintain a duplicate SSH config.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F8j3dcsk2ovex69bcoxad.gif" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F8j3dcsk2ovex69bcoxad.gif" alt="welcome-cli.gif" width="800" height="500"&gt;&lt;/a&gt;&lt;/p&gt;




&lt;h2&gt;
  
  
  3. Zero Remote-Config Command Block Stripes
&lt;/h2&gt;

&lt;p&gt;Scrolling back a screen of output in the terminal, finding where the previous command started — that's an old problem.&lt;/p&gt;

&lt;p&gt;Warp is a great tool that solves this beautifully, but it &lt;strong&gt;requires you to modify the shell integration scripts on the server&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;rssh is &lt;strong&gt;fully implemented on the front end&lt;/strong&gt;, with zero server changes:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Each command draws a vertical color bar on the left; input and output share the same color.&lt;/li&gt;
&lt;li&gt;The next command rotates color automatically — a golden-angle HSL algorithm guarantees maximum contrast between adjacent colors.&lt;/li&gt;
&lt;li&gt;When entering full-screen programs like vim/top/less, the bar fades to a translucent gray and stays out of the way.&lt;/li&gt;
&lt;li&gt;One toggle in settings disables it.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;strong&gt;It doesn't know which machine you're on, and it doesn't need to know.&lt;/strong&gt; It works the moment you connect, including someone else's bastion host.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Flsny4p5dte3qywibmvep.gif" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Flsny4p5dte3qywibmvep.gif" alt="welcome-blocks.gif" width="760" height="475"&gt;&lt;/a&gt;&lt;/p&gt;




&lt;h2&gt;
  
  
  4. Security: rssh doesn't keep your secrets, but does multi-device sync
&lt;/h2&gt;

&lt;p&gt;Most similar products' "sync" feature essentially uploads your keys to their servers, and then promises you "end-to-end encryption". The problem is: how do you verify it?&lt;/p&gt;

&lt;p&gt;rssh handles it in three layers:&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;1. Local secrets → System keychain&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Passwords and private-key passphrases all go through macOS Keychain / Windows Credential Manager / Linux Secret Service.&lt;/p&gt;

&lt;p&gt;You trust your own keychain more than any third-party software — that assumption is reasonable.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;2. Remote private keys → not uploaded by default&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Each credential has its own "include in sync" toggle. Private keys rarely change anyway. Copy them between two devices once via USB stick, AirDrop, or &lt;code&gt;scp&lt;/code&gt;, and use them for ten years. Pushing them to the cloud for "convenience" is trading security for laziness.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;3. Configuration data → encrypted, then dropped into your own private repo&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Profiles, forwarding rules, snippets — pure config data — are encrypted and pushed to &lt;strong&gt;your own private GitHub repo&lt;/strong&gt;. Not rssh's servers — rssh has no servers.&lt;/p&gt;

&lt;p&gt;The encryption itself is no magic: salted SHA-256 derived key (1000 rounds) + streaming XOR + HMAC-SHA256 authentication.&lt;/p&gt;

&lt;p&gt;The code is in &lt;code&gt;src-tauri/src/crypto.rs&lt;/code&gt;, a hundred lines you can finish reading. Audit welcome.&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;rssh config &lt;span class="nb"&gt;set&lt;/span&gt;     &lt;span class="c"&gt;# configure token and repo&lt;/span&gt;
rssh config push    &lt;span class="c"&gt;# push&lt;/span&gt;
rssh config pull    &lt;span class="c"&gt;# pull&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Underneath it's just base64 + GitHub API. &lt;strong&gt;Switch tools whenever you want — your data is in your repo.&lt;/strong&gt; No lock-in, no subscription, no "Export to CSV" button.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Ffi39wzrf5ejr0icm6rwp.gif" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Ffi39wzrf5ejr0icm6rwp.gif" alt="welcome-sync.gif" width="760" height="475"&gt;&lt;/a&gt;&lt;/p&gt;




&lt;h2&gt;
  
  
  5. Sharing &lt;code&gt;~/.ssh/known_hosts&lt;/code&gt; with ssh
&lt;/h2&gt;

&lt;p&gt;This is the most fundamental philosophical difference between rssh and other GUI clients.&lt;/p&gt;

&lt;p&gt;Most SSH GUI clients (Termius, Tabby…) maintain their own host key database. The result: hosts you've trusted via &lt;code&gt;ssh&lt;/code&gt; on the command line have to be re-confirmed in the GUI; fingerprints you've removed in the GUI are still in the command line.&lt;/p&gt;

&lt;p&gt;rssh reads and writes the standard &lt;code&gt;~/.ssh/known_hosts&lt;/code&gt; file directly. Entries removed by &lt;code&gt;ssh-keygen -R &amp;lt;host&amp;gt;&lt;/code&gt; are immediately known to rssh; hosts newly trusted in rssh are immediately usable by ssh.&lt;/p&gt;




&lt;h2&gt;
  
  
  6. Other Out-of-the-Box Capabilities
&lt;/h2&gt;

&lt;p&gt;Not given top billing, but each one pulls its weight:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;asciicast v2: a generic &lt;code&gt;NDJSON&lt;/code&gt; format, not proprietary. That means any session you record can be &lt;code&gt;asciinema upload&lt;/code&gt;-ed, embedded in a web page, or consumed by any asciinema tool.&lt;/li&gt;
&lt;li&gt;Keyword highlighting: custom rules, automatic coloring for ERROR / WARN / INFO, 14 presets.&lt;/li&gt;
&lt;li&gt;SFTP browsing: Cmd+O to summon, drag-and-drop upload/download.&lt;/li&gt;
&lt;li&gt;Command snippets: Cmd+S to summon a reusable command library.&lt;/li&gt;
&lt;li&gt;Port forwarding: local / remote, real-time traffic stats.&lt;/li&gt;
&lt;li&gt;Cross-platform: macOS (Intel + Apple Silicon), Windows, Linux (deb/rpm/AppImage), Android.&lt;/li&gt;
&lt;/ul&gt;




&lt;h2&gt;
  
  
  Download
&lt;/h2&gt;

&lt;p&gt;The &lt;a href="https://github.com/shihuili1218/rssh/releases" rel="noopener noreferrer"&gt;Releases&lt;/a&gt; page provides macOS / Windows / Linux / Android installers.&lt;/p&gt;

&lt;p&gt;MIT license. No login, no subscription, no ads, no telemetry toggle — because there's no telemetry at all.&lt;/p&gt;

&lt;p&gt;This isn't a business model, it's an engineering default. An SSH client should be a program running on your machine, not a SaaS.&lt;/p&gt;




&lt;p&gt;&lt;strong&gt;Design philosophy in one line&lt;/strong&gt;: a tool should serve the way you already work, not force you to make way for the tool.&lt;/p&gt;

</description>
      <category>ai</category>
      <category>programming</category>
      <category>rust</category>
      <category>cli</category>
    </item>
  </channel>
</rss>
