SSH access management platform

Every feature your team needs to run SSH access securely

SecurSSH is a complete team SSH access platform. Centralized management, role-based access control, complete audit trails, and RGPD-native compliance - all working with your existing OpenSSH clients.

Team Access Management

Centralize who accesses what. Onboard in minutes, offboard in seconds.

Team vault (E2E)

Shared credential vault encrypted end-to-end with AES-GCM. The team key is wrapped per member client-side, so the server stores only ciphertext. Available on Team and Enterprise.

  • AES-GCM ciphertext at rest
  • Per-member wrapped key
  • Server-blind by design

Multi-vault segmentation

Split credentials by project, client or environment. Each vault has its own membership list. Useful for agencies, consultancies and isolated production environments.

  • One team, many vaults
  • Per-vault membership
  • Project / client / env separation

Three-tier RBAC

Three fixed roles - admin, member, viewer - with granular permissions on vaults, hosts and team settings. Role changes apply instantly and land in the audit log.

  • Admin / member / viewer
  • Instant role changes
  • Audited promotions and revocations

Team console with invitations

Invite teammates by email, manage members, roles and statuses from a single panel. Stripe self-service billing per seat with automatic proration.

  • Email invitations
  • Per-seat Stripe billing
  • Stripe customer portal

Compliance & Audit

24-month trail and EU hosting under GDPR.

24-month audit log

Every sensitive action logged for 24 months on Team, unlimited on Enterprise: host create / edit / delete, role change, invitation, vault edit. Queryable from the team console.

  • 24-month retention (Team)
  • Unlimited (Enterprise)
  • Queryable from team console

EU data residency

All data stored and processed in the European Union. No US transfer. Desktop apps signed and distributed by SecurSSH; backend hosted with EU providers.

  • EU-only processing
  • Signed desktop binaries
  • GDPR-aligned by default

GDPR right-to-erasure

Built-in account-deletion action wipes the user record and all associated data. No support ticket, no waiting period.

  • One-click account deletion
  • Cascaded data wipe
  • GDPR Article 17 ready

GDPR kit (Partial - formalization in progress)

Downloadable DPA, processing register and DPO support - formalizing through 2026 for Team and Enterprise customers. Available today on request.

  • Signed DPA on request
  • Processing register (in progress)
  • DPO assistance for regulated industries

Security & Authentication

Encrypted at rest, encrypted in transit, encrypted on your laptop.

Vault locking with biometric unlock

Master password derived via PBKDF2 with 100,000 iterations. Unlock with Touch ID on macOS, Windows Hello on Windows, or master password on Linux. Configurable auto-lock.

  • PBKDF2 100k iterations
  • Touch ID / Face ID / Windows Hello
  • Configurable auto-lock

End-to-end AES-GCM encryption

Vault content encrypted with AES-GCM using a key derived from the user master password. The key never leaves the device - the server stores only ciphertext.

  • AES-GCM authenticated encryption
  • Client-side key derivation
  • Server never sees the key

GDPR right-to-erasure

Permanent deletion of the account and all associated data - credentials, vaults, audit records tied to the user - through a single account action.

  • Permanent, cascaded delete
  • User-initiated
  • GDPR Article 17 compliant

Productivity & Compatibility

A real SSH client for engineers who use SSH every day.

SSH and SFTP

SSH with password or key authentication (passphrase supported), automatic reading of ~/.ssh/ keys, prompt detection. SFTP with dual-pane local / remote, drag-and-drop, inline edit, multi-select.

  • Password and key auth
  • Automatic ~/.ssh/ key discovery
  • SFTP dual-pane with drag-and-drop

Personal and team snippets

Personal snippet library with command palette (⌘⇧S) and side panel (⌘⇧B). Team snippets sync through the team vault on Team and Enterprise.

  • CRUD library + palette
  • Synced via team vault
  • Keyboard-first invocation

Startup actions per host

Ordered list of snippets and inline commands executed every time a host connection opens. Reduces "what was the first thing I always run here?" to zero.

  • Per-host ordered list
  • Snippet or inline command
  • Runs on every connect

Per-host environment variables

Key=value pairs injected silently as shell exports on connect. Different envs per host, no .env files to forget.

  • Silent shell export
  • Per-host scope
  • No file pollution

Smart reconnect

On disconnect, a countdown triggers exponential backoff retries at 10 / 20 / 45 / 90 seconds, with manual retry available. Keeps long-running sessions alive across flaky networks.

  • Backoff 10 / 20 / 45 / 90 s
  • Manual retry option
  • Countdown indicator

How SecurSSH compares

Not all SSH tools are equal. Here is how SecurSSH stacks up against common alternatives.

vs Termius

Roughly half the cost for teams. EU data residency. Deeper audit logs.

Read comparison

vs Teleport

Simpler deployment. No infrastructure changes. EU-native.

Coming soon

vs DIY SSH keys

Stop managing keys manually. Centralize, audit, automate.

Coming soon

Learn more about each feature

Security

SSH Key Management: 7 Best Practices

Compliance

GDPR & SSH Access: Compliance Guide

Architecture

Zero Trust SSH: Why Adopt It Now

Try every feature, free

Start with the free plan. Upgrade when your team grows. Full feature access, no credit card required.

DownloadRead FAQ

© 2026 SecurSSH. All rights reserved.