Your one-stop solution for managing SSH access with ease and security. This application combines a powerful backend using Pocketbase & Go with a sleek and responsive frontend built with Sveltekit, delivering a user-friendly experience for both administrators and users.
User Authentication
Admin Capabilities
User Access Control
SSH Certificate Management
Automatic Updates and Clean-up
# For the latest server release
curl -sSL https://raw.githubusercontent.com/MizuchiLabs/ssh-nexus/refs/heads/main/install.sh | bash
# For the agent
curl -sSL https://raw.githubusercontent.com/MizuchiLabs/ssh-nexus/refs/heads/main/install.sh | bash -s agent
To uninstall:curl -sSL https://raw.githubusercontent.com/MizuchiLabs/ssh-nexus/refs/heads/main/uninstall.sh | bash -s uninstall
nexus serve
# or
PB_ADMIN_PASSWORD="password" PB_ENCRYPTION_KEY="some-random-key" nexus serve
nexus-agent --server <your-server-address>
Use the docker compose file or manually below
Pull the Docker image:
docker pull ghcr.io/mizuchilabs/ssh-nexus:latest
Run the Docker container:
docker run --name ssh-nexus -d -p 8090:8090 -p 8091:8091 \
--env PB_ADMIN_PASSWORD="password" --env PB_ENCRYPTION_KEY="some-random-key" \
ghcr.io/mizuchilabs/ssh-nexus:latest
The admin panel will be available at http://localhost:8090/_/ which uses pocketbase as the backend. You will rarely need to interact with it since everything can be done via the frontend. Be careful though when interacting with the generated collections!
The web ui will be available at http://localhost:8090
We welcome contributions to improve SSH Nexus. To get started, fork the repository and create a new branch for your feature or bug fix.
git checkout -b feature-name
git commit -m 'Add some feature'
git push origin feature-name
# General settings
export PB_APP_URL=""
export PB_LOG_MAX_DAYS="30"
export PB_ADMIN_EMAIL="[email protected]"
export PB_ADMIN_PASSWORD="required!"
export PB_SENDER_NAME="SSH Nexus"
export PB_SENDER_EMAIL="[email protected]"
export PB_SMTP_ENABLED="false"
export PB_SMTP_HOST=""
export PB_SMTP_PORT="587"
export PB_SMTP_USER=""
export PB_SMTP_PASSWORD=""
export PB_SMTP_TLS="true"
export PB_S3_ENABLED="false"
export PB_S3_ENDPOINT=""
export PB_S3_REGION=""
export PB_S3_BUCKET=""
export PB_S3_SECRET=""
export PB_S3_ACCESS_KEY=""
export PB_S3_FORCE_PATH_STYLE=""
export PB_OIDC_URL="" # Custom oidc endpoint
export PB_OIDC_NAME=""
export PB_OIDC_REALM="master" # Only used for Keycloak
export PB_OIDC_CLIENT_ID=""
export PB_OIDC_CLIENT_SECRET=""
export PB_ENCRYPTION_KEY="required!"
# Custom Repo (for private repos and forks)
export PB_REPO_URL=""
export PB_REPO_OWNER=""
export PB_REPO_NAME="ssh-nexus"
export PB_REPO_TOKEN=""
Contributions are welcome! Please feel free to submit issues, fork the repository, and create pull requests.
SSH Nexus is released under the Apache 2.0 License. See the LICENSE file for more details.