sshmgr is out (and why I built it)

Years of patching ~/.ssh/config and writing one-off bash scripts to wrangle hundreds of hosts behind jumphosts, Duo MFA, and chained sudo. Enterprise GUIs (Termius, mRemoteNG) feel heavy and want me to sign in to use my own laptop. Minimal TUIs are nice but mostly stop at “list aliases from ~/.ssh/config”. So I built sshmgr — a modern SSH connection manager that sits between those two extremes.

What it does

• Full CLI + TUI in one Go binary. Default sshmgr <alias> opens the shell. sshmgr ui opens the tree view with live host status.
• Login chains with OS keyring. su - deployer → sudo su - with passwords pulled from libsecret / macOS Keychain, env vars, custom commands, or interactive prompts. Each step its own resolver.
• Port forwarding (-L / -R / -D SOCKS5), X11, agent forwarding, all sharing the same connect chain (proxy_jump, bastions, all auth backends).
• Built-in SCP / SFTP / 2-pane file manager — no separate WinSCP-style app needed, and no separate connect chain to maintain.
• Parallel exec on fleets. sshmgr exec --group fleet 'uptime' — bounded concurrency, prefixed output, pass/fail summary, retries, --diff, --json.
• Ansible integration. export ansible turns the fleet into an inventory (resolving bastion chains and proxy hops for you); playbook runs ansible-playbook against any selector.
• sshmgr lint — finds broken proxy_jump refs, missing key files, snippet collisions, undefined groups before you ever hit them at connect time.

Single Go binary. No external services, no daemons, no accounts, no telemetry.

What it isn’t

• Not a hosted SaaS. Nothing leaves your machine.
• Not a replacement for ssh itself — under the hood it uses golang.org/x/crypto/ssh and, for hosts marked external: true, the system ssh client.
• Not Windows-tested. Works in theory; nobody on the test rig runs Windows.

Where it lives

• Landing: systeam.pl/sshmgr
• Source: github.com/pawel-cygal/sshmgr — MIT
• Issues and pull requests welcome

— Paweł