The zero-knowledge SSH manager,
built for DevOps who use AI.
Manage SSH credentials, Docker deployments, and terminal sessions in one place. End-to-end encrypted on your device. The server never sees your secrets.
Free forever · macOS Apple Silicon · Windows & Linux coming soon
Why SSH Control Center
Termius is great. It is also closed. Here is what we do differently.
Zero-knowledge, by design
Your master password never leaves your device. The server stores encrypted blobs it cannot read — even an attacker with full DB access cannot decrypt your vault.
One-click MCP for every AI client
Claude Code, Claude Desktop, Codex, Cursor, Windsurf, VS Code/Copilot, Zed, Cline, OpenCode and Continue.dev — pick them in Settings and let the agent run your SSH.
Auto-logged-in terminal
One click on a server and you're in. A real xterm.js session, talking pure ssh2 from inside the app — no expect scripts, no sshpass, no passwords on the command line.
Dual-pane SFTP, drag & drop
Your Mac on the left, the server on the right. Drag files between them in real time. Upload, download, rename, delete — all through the same SSH connection.
Docker discovery, aggregated
One view for every container across every server. Start, stop, inspect, restart from the same UI. No more SSH-ing into each host to run docker ps.
Backup & Recovery Kit
Export your encrypted vault to a .sccbackup file, and print an A4 recovery kit with a QR code. If you ever forget your master password, the kit is your only — and only possible — way back in.
Audit everything
Every credential access, every command, every SFTP transfer, every MCP hookup. Exportable JSON, ready for your SIEM. Immutable append-only log on disk.
Opt-in cloud sync
Your vault is local by default. Upgrade to Pro to sync it across devices — still zero-knowledge, still your master password. OAuth with Google or GitHub.
Native macOS menus
Command-N for a new server, Command-L to lock the vault, Command-1..5 to jump across sections. SCC behaves like a real Mac app, not a browser tab in disguise.
Works with every AI coding client you already use
One adapter per client, installed in a click from Settings. No manual JSON editing unless you want to.
How it works
Three steps. No cloud account required to get started.
Create a vault, print a kit
Pick a master password. Argon2id derives a key on your Mac. Print the recovery kit so a forgotten password is recoverable — the server never sees either.
Add your servers
Import from ~/.ssh/config, or type them in. One click opens an auto-logged-in terminal; another opens the dual-pane SFTP browser.
Hook your AI clients
Open Settings → AI clients, pick the ones you use (Claude Code, Cursor, VS Code, Zed…), and hit Activate. The agent now runs your SSH with an audit trail.
Free forever for individuals.
The desktop app is free. Pro adds cross-device sync. Team adds shared vaults and audit.
Security is the product.
Argon2id key derivation. AES-256-GCM for every payload. HKDF for key stretching. We document the full threat model and cryptographic primitives.
Try it. It's free.
Download the app, create your vault, and you are up and running in under two minutes.