>_
RemoteConsoleSSH|Docs
Home

SSH Connections

RemoteConsoleSSH manages your SSH connections as saved profiles. Each connection stores the hostname, port, username, and authentication credentials so you can connect with a single tap.

Adding a New Connection

1

Tap the "+" button on the home screen

The home screen shows all your saved connections. Tap the add button in the top-right corner to open the connection form.

2

Enter connection details

Fill in the following fields:

  • Hostname or IP -- The address of the remote machine. Examples: 192.168.1.100, my-macbook.local, dev-server.example.com, or a Tailscale address like 100.64.0.1.
  • Port -- The SSH port. Defaults to 22. Only change this if your server uses a non-standard port.
  • Username -- Your user account on the remote machine.
3

Choose an authentication method

You have two options:

  • Password -- Enter the password for your user account. The password is encrypted and stored in your device's secure keychain (iOS Keychain or Android EncryptedSharedPreferences). It is never written to disk in plaintext.
  • SSH Key -- Paste your private key content directly into the text field, or tap the import button to select a key file from your device. If your key has a passphrase, you will be prompted to enter it.
💡

Tip

SSH key authentication is more secure and more convenient than passwords. If you have not set up SSH keys yet, see the SSH key guide.

4

Give the connection a name (optional)

Add a friendly label like "My MacBook" or "Production Server". This is purely for your reference and makes it easier to identify connections on the home screen.

5

Save

Tap Save. Your new connection appears as a card on the home screen, ready to use.

Managing Connections

Connections appear as cards on the home screen. Here is how to interact with them:

  • Connect -- Tap a connection card to initiate an SSH session.
  • Edit -- Long-press a connection to open the options menu, then tap Edit. You can change the hostname, port, username, authentication method, or connection name.
  • Delete -- Long-press and tap Delete. This removes the connection profile and permanently deletes all stored credentials (password or SSH key) from secure storage.
⚠️

Warning

Deleting a connection removes its credentials from your device's secure storage. This cannot be undone. Make sure you have your credentials saved elsewhere before deleting.

Connection Status Indicators

Each connection card shows a status indicator so you can see its state at a glance:

ColorStatusMeaning
GreenConnectedActive SSH session in progress
YellowReconnectingConnection dropped, attempting to reconnect
RedDisconnectedNot connected or connection failed

When a connection shows yellow (reconnecting), the app is automatically attempting to re-establish the SSH session. If you have tmux installed on the server, your terminal state will be preserved on successful reconnection. See the tmux sessions guide for details.

Security Details

RemoteConsoleSSH takes connection security seriously at every layer.

Host Key Verification

The first time you connect to a server, the app displays the server's host key fingerprint and asks you to verify it. This follows the trust-on-first-use (TOFU) model:

  1. On first connection, you see the server's fingerprint and choose to accept or reject it.
  2. The fingerprint is saved to your device.
  3. On subsequent connections, the app automatically verifies the server's key matches the saved fingerprint.
  4. If the key changes unexpectedly, the app warns you -- this could indicate a man-in-the-middle attack or a legitimate server reconfiguration.

Credential Storage

All sensitive data is stored in platform-native secure storage:

  • iOS -- Credentials are stored in the iOS Keychain, backed by the device's Secure Enclave hardware.
  • Android -- Credentials are stored in EncryptedSharedPreferences, using AES-256-GCM encryption with keys managed by the Android Keystore.
  • Web -- Credentials are stored in the browser's session storage. For persistent storage, the app uses encrypted local storage.

Supported Ciphers and Key Exchange

RemoteConsoleSSH uses modern cryptographic algorithms for all SSH connections:

CategoryAlgorithms
CiphersAES-256-CTR, ChaCha20-Poly1305
Key ExchangeCurve25519, ECDH-SHA2-NISTP256, ECDH-SHA2-NISTP384
Host Key TypesEd25519, ECDSA, RSA (2048-bit minimum)
MACsHMAC-SHA2-256, HMAC-SHA2-512
ℹ️

Info

These ciphers are negotiated automatically with the server. The app prefers the strongest available option. Legacy algorithms like 3DES and SHA-1 MACs are not supported.

Connecting Over Different Networks

How you connect depends on your network setup. Here are the most common scenarios:

Local Network (Same Wi-Fi)

If your device and the remote machine are on the same local network:

  • Use the machine's local IP address, e.g., 192.168.1.100
  • Or use the .local hostname, e.g., my-macbook.local (uses Bonjour/mDNS)
  • No additional configuration needed
# Find your Mac's local IP
ifconfig | grep "inet " | grep -v 127.0.0.1

Tailscale (Recommended for Remote Access)

Tailscale creates an encrypted peer-to-peer tunnel between your devices with zero port forwarding or firewall configuration:

  • Install Tailscale on both your device and the remote machine
  • Use the Tailscale hostname (e.g., my-macbook) or Tailscale IP (e.g., 100.64.0.1)
  • Works from anywhere -- coffee shops, cellular networks, different countries
💡

Tip

Tailscale is the easiest way to access your machine remotely. It avoids the complexity and security risks of port forwarding. See the Tailscale setup guide for step-by-step instructions.

Port Forwarding

If you have configured port forwarding on your router:

  • Use your public IP address (find it at whatismyip.com)
  • Use the forwarded port (e.g., if you forward external port 2222 to internal port 22, set the port to 2222)
  • Make sure your router's firewall allows the forwarded port
⚠️

Warning

Exposing SSH directly to the internet via port forwarding carries security risks. Use a non-standard port, disable password authentication, and use SSH keys. Consider Tailscale or a VPN as a safer alternative.

What's Next