Built for Security & Speed

Sshelf isn't just a wrapper. It's a purpose-built platform for modern infrastructure management. Explore the tech that keeps your servers safe and accessible.

Security First

The Sshelf Vault Architecture

We use Laravel's native encryption layer to secure every sensitive byte. Unlike desktop clients that store keys in plaintext or easily guessable folders, Sshelf implements a zero-trust storage model on your server.

  • AES-256-GCM Encryption: Industry standard authenticated encryption for passwords and private keys.
  • Isolated Environment: Credentials never leave the application unencrypted except during the actual SSH handshake.
  • EncryptedNullable Casts: Custom Eloquent casts handle encryption seamlessly at the model layer. 
// app/Models/Server.php

protected $casts = [
    'password' => EncryptedNullable::class,
    'private_key' => EncryptedNullable::class,
];

// Data is automatically encrypted before 
// hitting the database and decrypted on read.
Architecture: Reverb + Worker
[BROWSER] <--> [REVERB WEBSOCKET]
                |
           [SSH WORKER]
                |
           [REMOTE SERVER]
// Real-time, low-latency execution
Live Terminal

Real-time Stream Engine

Sshelf uses a unique combination of **Laravel Reverb** and background artisan workers to deliver a high-performance terminal experience without blocking your web server.

  • Xterm.js: The same engine that powers VS Code's terminal, right in your browser.
  • Reverb WebSockets: Ultra-fast, bi-directional communication with zero overhead.
  • Output Buffering: Sshelf maintains a 2000-char buffer so you can refresh the page without losing context.
Compliance & Transparency

Unrivaled Audit Trails

In a shared environment, knowing "who connected when" is critical. Sshelf logs every session request and termination, giving you a full paper trail of infrastructure access.

IP Tracking
Origin Captured
Durations
Session Timing
Server IP Status
prod-api-01 192.168.1.1 Success
staging-db 10.0.0.45 Failed
CPU
12.4%
Memory
45.8%
Disk
72.0%
Live Reverb WebSocket Stream
Monitoring

Live Health Telemetry

Sshelf doesn't just manage connections; it monitors your server vitals without requiring complex agent installations on your target machines.

  • Agentless Checks: Utilizes standard SSH commands like `top` and `free` to grab data, leaving a zero-install footprint.
  • Live Dashboard: Laravel Reverb pushes new metrics to your Livewire dashboard in real-time.
Access Management

RBAC & API Bridge

Built for teams and automation. Sshelf implements Role-Based Access Control and secure API tokens so you can safely distribute access and script operations.

  • Admin & Viewer Roles: Restrict team members to read/connect access without allowing them to modify servers or credentials.
  • Sanctum API Tokens: Generate revocable API keys to integrate Sshelf with your external CLI tools or CI/CD pipelines. 
# Use your Sshelf token from the CLI
curl -X POST https://sshelf.app/api/v1/servers/1/execute \
  -H "Authorization: Bearer 1|abcdef..." \
  -H "Content-Type: application/json" \
  -d '{"command": "tail -n 50 /var/log/syslog"}'

Ready to secure your shelf?

Join developers who trust Sshelf for their emergency fixes, maintenance, and multi-server management.

Get Started Now View GitHub

Support Sshelf

Sshelf is a labor of love, built to provide a secure and accessible SSH management experience for everyone. Your support helps keep the lights on and the code flowing.

Ko-fi International
Trakteer Indonesia

Thank you for being part of the journey!