Documentation: https://tiangong-dev.github.io/onessh/ (English · 简体中文)
OneSSH is a CLI SSH manager built around a single master password. Hosts, credentials, and config are encrypted at rest (Argon2id + AES-256-GCM); you unlock once, then connect, run commands, and copy files without retyping secrets. The data directory is safe to push to a public Git repository — only ENC[...] ciphertext is stored; use a strong master password (12+ characters, mixed case, digits, symbols).
Full user guide: command tables, configuration, architecture, and security are covered in the documentation site. This README keeps build/install/release and a minimal quick start; for long examples (batch ops, hooks, store layout), see the docs or the historical sections still in README.zh-CN if needed.
onessh init
onessh add web1
onessh ls
onessh web1make buildRelease-style build (version ldflags):
make build-release VERSION=v0.0.0make test # includes e2e
make test-short # skips e2e
make test-e2e # e2e onlybrew tap tiangong-dev/onessh https://github.com/tiangong-dev/onessh
brew install tiangong-dev/onessh/onessh- Architecture — modules and execution flow
- Security — threat model and mitigations
Push a tag v* (e.g. v0.2.0) to build binaries, create a GitHub Release, and update the Homebrew formula. Before the first release, set Actions → Workflow permissions to Read and write.
git tag v0.2.0
git push origin v0.2.0