susshi 0.15.8

A modern terminal-based SSH connection manager with a beautiful Catppuccin TUI
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92

# Advanced SSH Features

## SSH Certificates (`ssh_cert`)

Pass a signed SSH certificate alongside the private key:

```yaml
servers:
  - name: bastion-jump
    host: jump.example.com
    ssh_key: "~/.ssh/id_ed25519"
    ssh_cert: "~/.ssh/id_ed25519-cert.pub"
```

susshi passes both as `-i <ssh_key> -i <ssh_cert>` to the `ssh` binary. Use this when your CA signs short-lived certificates for authentication.

## SSH Agent Socket (`ssh_agent_sock`)

Route a server's connections through a dedicated SSH agent socket instead of the default `SSH_AUTH_SOCK`:

```yaml
servers:
  - name: secure-host
    host: 198.51.100.50
    ssh_agent_sock: "/run/user/1000/gnupg/S.gpg-agent.ssh"
```

susshi sets `SSH_AUTH_SOCK` to the given path and passes `-o IdentityAgent=<path>` to `ssh`. Useful for:

- GPG-based SSH agents (e.g., `gpg-agent` with `enable-ssh-support`)
- Per-server agent isolation (different keys for different environments)

Unix only. Has no effect on Windows.

## Agent Forwarding (`agent_forwarding`)

Enable SSH agent forwarding with the `-A` flag:

```yaml
defaults:
  agent_forwarding: false  # default

groups:
  - name: "Jump Infrastructure"
    agent_forwarding: true
```

Inheritable at any config level. Avoid enabling globally — forward only to hosts you trust.

## SSH ControlMaster

Reuse SSH connections for the same host. Subsequent connections open nearly instantly without a new handshake.

```yaml
defaults:
  control_master: true
  control_path: "~/.ssh/ctl/%h_%p_%r"  # default socket location
  control_persist: "10m"               # keep master alive 10 min after disconnect
```

susshi automatically creates the parent directory of the socket path.

> **Note:** ControlMaster is not supported in Wallix mode and is automatically disabled for those connections.

## Extra SSH Options (`ssh_options`)

Pass arbitrary `ssh -o` options at any config level:

```yaml
defaults:
  ssh_options:
    - "StrictHostKeyChecking=no"
    - "UserKnownHostsFile=/dev/null"

groups:
  - name: "Trusted LAN"
    ssh_options:
      - "StrictHostKeyChecking=yes"
```

Options at a lower level **replace** the inherited list entirely. To extend the parent list, repeat the inherited options alongside the new ones.

## System SSH Config (`use_system_ssh_config`)

Let `ssh` resolve hosts, users, and ports from `~/.ssh/config`:

```yaml
defaults:
  use_system_ssh_config: false  # default
```

When `true`, susshi does not suppress `~/.ssh/config` — the standard SSH config file is applied for all connections. Useful when you already have a rich `~/.ssh/config` and want susshi to complement it rather than replace it.