Browser SSH/SFTP client. Multi-conn, JWT auth, auto-lock, recording. Single-port.
1.9K
Multi-connection SSH client that runs entirely in your browser with JWT authentication, SFTP file manager, and automatic session recording. Built with Python, Paramiko, WebSockets, and xterm.js.
Perfect for: System administrators, DevOps engineers, developers who need quick SSH access from any browser without installing clients.

linux/amd64, linux/arm/v7 and linux/arm64docker run -d \
-p 8080:8080 \
-e WEBSSH_USERS=admin:admin \
-e MAX_UPLOAD_SIZE=100M \
--name webssh \
--restart unless-stopped \
danaildr/webssh:latest
Then open http://localhost:8080 in your browser.
Default credentials: admin / admin
docker run -d \
-p 8080:8080 \
-v webssh_data:/data \
-e WEBSSH_USERS=user1:pass1,user2:pass2 \
-e JWT_SECRET=your-256-bit-secret-here \
-e MAX_UPLOAD_SIZE=500M \
-e RECORDING_ENABLED=true \
-e RECORDING_RETENTION_DAYS=30 \
--name webssh \
--restart unless-stopped \
danaildr/webssh:latest
Note: Auto-lock and auto-disconnect settings are configured per connection in the connection settings modal.
| Variable | Description | Default | Required |
|---|---|---|---|
WEBSSH_USERS | Comma-separated user:pass pairs | admin:admin | No |
JWT_SECRET | Secret for token signing | Auto-generated | Recommended |
MAX_UPLOAD_SIZE | Max file upload (e.g., 10M, 1G) | 100M | No |
RECORDING_ENABLED | Enable session recording | true | No |
RECORDING_RETENTION_DAYS | Days to keep recordings | 30 | No |
TZ | Timezone | UTC | No |
This container uses nginx as a reverse proxy to route traffic:
8080 - Main entry point/ws → WebSocket SSH server/api/* → HTTP API (login, verify, SFTP operations)Internal services (not exposed):
your-domain.com {
reverse_proxy localhost:8080
}
server {
listen 80;
server_name your-domain.com;
location / {
proxy_pass http://localhost:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
services:
webssh:
image: danaildr/webssh:latest
container_name: webssh
restart: unless-stopped
ports:
- "8080:8080"
environment:
- WEBSSH_USERS=user1:pass1,user2:pass2
- JWT_SECRET=your-secret-key-here
- MAX_UPLOAD_SIZE=100M
⚠️ Important for Production:
WEBSSH_USERSJWT_SECRET - Use at least 32 random charactersAutoAddPolicy() by default; configure strict host key checking for production/data/recordings/ with metadata in SQLite databaseMAX_UPLOAD_SIZE (default 100MB)/data for persistent storage of credentials and recordingsPOST /api/login - Authenticate and get JWT tokenPOST /api/verify - Verify token validityGET /api/connections - List saved connectionsPOST /api/connections - Save a new connectionGET /api/config - Get server configuration/ws?token=<JWT> - SSH terminal connectionlatest - Most recent stable build0.3.1 - Version-specific tag (update session records view)0.3.0 - Previous version first version support arm/v7 ( support linux/amd64, linux/arm64 and linux/arm/v7)0.2.2 - Previous version (only linux/amd64 and linux/arm64)Multi-arch: All tags support linux/amd64, linux/arm/v7 and linux/arm64.
Content type
Image
Digest
sha256:dbebec8e6…
Size
64.1 MB
Last updated
2 months ago
docker pull danaildr/webssh