essh 0.2.5

Enhanced SSH client with concurrent sessions, real-time host diagnostics, and a Netwatch-inspired TUI
essh-0.2.5 is not a library. 
                         ███████╗███████╗███████╗██╗  ██╗
                         ██╔════╝██╔════╝██╔════╝██║  ██║
                         █████╗  ███████╗███████╗███████║
                         ██╔══╝  ╚════██║╚════██║██╔══██║
                         ███████╗███████║███████║██║  ██║
                         ╚══════╝╚══════╝╚══════╝╚═╝  ╚═╝
                           Enhanced SSH for people with fleets

Why ESSH

Most SSH tools stop at "you are connected." ESSH is built for what happens after that.

  • Work across multiple hosts without juggling terminal windows.
  • See CPU, memory, disks, network, and process pressure while you are on the box.
  • Keep connection diagnostics, recordings, file transfer, and port forwarding in the same workflow.
  • Stay in a terminal-first interface that feels fast, dense, and operational.

ESSH is for people who manage real systems and want their SSH client to act like an operations tool, not just a transport.

What Makes It Hit

Pillar What You Get
Fleet-first workflow Browse hosts, filter by tag, jump between sessions, and fan commands across groups from one place.
Live machine awareness Built-in host monitor shows CPU, memory, disk, load, network throughput, and top processes in real time.
Operational depth Port forwarding, file transfer, jump hosts, notifications, recordings, reconnects, and audit logs are part of the product, not bolted on later.
Pure-Rust stack Built on russh, ratatui, and vt100 with no OpenSSH UI dependency.

Demo

ESSH Demo

Install Fast

crates.io

cargo install essh

from source

git clone https://github.com/matthart1983/essh.git
cd essh
cargo build --release
./target/release/essh

First 60 Seconds

# Launch the dashboard
essh

# Direct connect
essh connect user@host

# Use a specific key
essh connect user@host -i ~/.ssh/id_ed25519

# Pull hosts from your existing SSH config
essh hosts import

# Run a command across a tagged group
essh run web-servers -- uptime

On first launch, ESSH creates ~/.essh/ and gives you a working config, SQLite host cache, diagnostics directory, and audit log path.

The Product In One Screen

┌─ ESSH ── [1] web-prod  [2] db-primary  [3] staging ───────────────┐
│ deploy@web-prod:~$                                                │
│                                                                   │
│   journalctl -u api -f                                            │
│                                                                   │
├───────────────────────────────────────────────────────────────────┤
│ RTT 12.3ms   ↑1.2KB/s   ↓48.5KB/s   Loss 0.0%   ● Excellent       │
├───────────────────────────────────────────────────────────────────┤
│ CPU  23%  ▁▂▃▄▅▆▅▃▂▁     MEM  40%  ████████████████░░░░░░░░░       │
│ LOAD 0.82 0.64 0.55      NET  RX 48.5KB/s   TX 1.2KB/s            │
│ DISK / 62%               Top: node, nginx, postgres               │
└───────────────────────────────────────────────────────────────────┘

The idea is simple: terminal fidelity when you need a shell, operational signal when you need context.

Feature Highlights

Multi-Session Without the Mess

  • Up to 9 concurrent SSH sessions.
  • Instant switching with Alt+1-9, Alt+←/→, and Alt+Tab.
  • Split-pane terminal plus host monitor with Alt+s.
  • Scrollback preserved across reconnects.

Remote Insight Without an Agent

  • CPU, memory, load, disk, network, uptime, and top processes.
  • Sparkline history and bar gauges tuned for quick scanning.
  • Collected over SSH exec channels, so there is nothing extra to install remotely.

Fleet Features That Actually Matter

  • Import hosts from ~/.ssh/config.
  • Tag hosts and define groups.
  • Run commands across a group with parallel fan-out.
  • Background fleet probes with latency history and color-coded state.

Built For Real SSH Work

  • Public key, password, and SSH agent auth.
  • TOFU host key verification with strict, prompt, and auto modes.
  • Jump host / ProxyJump support.
  • Local port forwards, live add and remove.
  • Two-pane file browser for upload and download.

Built-In Safety Nets

  • Exponential backoff reconnects.
  • Structured JSON audit log.
  • Session diagnostics written as JSONL.
  • Optional asciicast v2 recording and replay.
  • Regex-based background notifications for important output.

Ease Of Use, Not Ceremony

Import what you already have

essh hosts import

Bring structure to a messy fleet

[[hosts]]
name = "web-prod-1"
hostname = "10.0.1.10"
user = "deploy"
key = "~/.ssh/id_ed25519"

[hosts.tags]
env = "production"
role = "web"

[[host_groups]]
name = "web-servers"

[host_groups.match_tags]
role = "web"

Run a fleet command without leaving the toolchain

essh run web-servers -- sudo systemctl status nginx

Replay what happened later

essh session list
essh session replay <session-id>

Keyboard Flow

Global

Key Action
? / Alt+h Help overlay
Alt+1 - Alt+9 Jump to session
Alt+← / Alt+→ Cycle sessions
Alt+Tab Last-used session
Ctrl+p Command palette
Alt+d Detach to dashboard
Alt+w Close session

Session Ops

Key Action
Alt+m Host monitor
Alt+s Split pane
Alt+[ / Alt+] Resize split
Alt+f File browser
Alt+p Port forwarding
Alt+r Rename tab

Dashboard

Key Action
1 - 4 Switch tabs
j / k / / Navigate hosts
Enter Connect
/ Live filter
a Add host
d Delete host
r Refresh

CLI Cheat Sheet

essh                                  # launch dashboard
essh connect user@host                # direct SSH session
essh hosts list                       # list cached hosts
essh hosts import                     # import from ~/.ssh/config
essh keys list                        # list cached keys
essh diag <session-id>                # inspect diagnostics
essh session list                     # list recordings
essh session replay <session-id>      # replay a recording
essh audit tail --lines 20            # inspect recent audit events
essh config show                      # print active config

Configuration

ESSH stores its state in ~/.essh/.

~/.essh/
├── config.toml      # main configuration
├── cache.db         # host and key cache
├── audit.log        # structured audit trail
├── sessions/        # per-session diagnostics logs
├── recordings/      # asciicast recordings
└── known_cas/       # trusted certificate authorities

Useful commands:

essh config init
essh config edit
essh config show

If you want the full configuration and architecture spec, see SPEC.md.

Security

  • Host keys are verified and cached.
  • TOFU policy is configurable: strict, prompt, or auto.
  • Allowed ciphers and KEX algorithms can be restricted.
  • Audit events are written as structured JSON.
  • Session diagnostics and recordings are explicit, inspectable artifacts.

ESSH is built to give operators more visibility without hiding what the tool is doing on their behalf.

Build And Validate

cargo build
cargo test
cargo clippy --all-targets --all-features -- -D warnings
cargo fmt --check

GitHub Actions runs the same core checks on pushes and pull requests to main.

Contributing

Contributions are welcome.

  1. Fork the repo.
  2. Create a branch.
  3. Make the change.
  4. Run cargo test, cargo clippy --all-targets --all-features -- -D warnings, and cargo fmt --check.
  5. Open a pull request.

License

MIT. See LICENSE.