OpenSSH_GUI is a graphical user interface for OpenSSH designed to simplify managing SSH connections, keys, and configurations across Windows, Linux, and macOS. This open-source tool, built in C#, provides an intuitive platform for users to handle their SSH operations with ease.
Key Features:
User-Friendly GUI: Simplifies SSH key management with a modern and responsive interface.
Key Conversion: Converts between OpenSSH and PuTTY (PPK) formats seamlessly.
Password Management: Stores passwords securely using AES encryption within an SQLite database.
Quick Connect: Saves frequently used connections for rapid access, enhancing workflow efficiency.
Authorized Keys Editor: Easily edit local or remote authorized_keys files directly from the interface.
Audience & Benefit:
Ideal for developers, system administrators, and users who prefer a graphical approach over command-line tools. OpenSSH_GUI streamlines SSH operations, making it easier to manage connections, keys, and configurations securely across multiple platforms.
README
OpenSSH GUI
A cross-platform desktop application for managing SSH keys, known hosts, and authorized keys — built with Avalonia UI, ReactiveUI, and .NET 10.
The goal of this project is to give users a modern, keyboard-friendly GUI for everything that usually requires ssh-keygen or hand-editing text files. It runs on Windows, Linux, and macOS and works entirely locally — no cloud, no telemetry.
Features
Browse, inspect, and manage all SSH key files in your configured lookup paths
Generate new SSH keys (RSA, ECDSA, ED25519) with configurable bit size, comment, password, and format
Convert keys between OpenSSH and PuTTY v2/v3 formats in one click
Change or clear the passphrase of any key file
Rename key files safely (both private and public halves move together)
Display SHA-256 fingerprints without ever unlocking the private key
Open a FileInfo window per key to inspect, rename, delete, convert, or copy the password
Edit the local known_hosts file; mark individual key entries or whole hosts for deletion
Edit the local authorized_keys file
Connect to a remote SSH server and edit its known_hosts and authorized_keys in the same UI
Quick-connect from pre-configured ~/.ssh/config host blocks
Delete log files older than N days; clear whole application cache
Font Size
Numeric up/down; reset button restores the default
Lookup Paths
Add/remove directories the key crawler searches
Connect to Server
The connection window supports:
Preconfigured connections — populated automatically from ~/.ssh/config host blocks that carry an IdentityFile directive
Manual entry of hostname, username, and either a password or a public key from the recognised key list
Test connection button — attempts a connection and shows a colour-coded status badge (unknown / success / failed)
After a successful test, the Accept button becomes active and establishes the session for the rest of the UI
Edit known_hosts
Displays every known host in a collapsible list. Each host shows its individual key entries (algorithm + fingerprint). Toggle buttons mark individual keys or entire hosts for deletion on save. A Remote tab appears when a server connection is active, allowing the same edits on the server's known_hosts.
SshKeyManager is the central service. It owns the observable collection of SshKeyFile instances and exposes async operations for generate, rename, change-password, change-format, delete, and reload. Every destructive operation backs up the affected files first and restores them on failure.
SshKeyFile is a reactive record. It uses ReactiveUI.SourceGenerators to expose observable properties for fingerprint, comment, key type, format, password state, and file metadata. The fingerprint is extracted without decrypting the private key by parsing the unencrypted public key blob directly (supports OpenSSH .pub, OpenSSH private key header, and PPK v2/v3 headers).
DirectoryCrawler is an IAsyncEnumerable-based crawler that reads ~/.ssh/config identity files first (marking them as config-provided) and then enumerates the configured lookup directories for any remaining key files.
SshConfigParser is a zero-dependency recursive-descent parser for ssh_config(5) syntax. It handles Host, Match, and Include directives, wildcard patterns, quoted values, and inline comments, and exposes the result as an IConfiguration source so the rest of the app can bind directly via IOptions.
ServerConnection wraps SSH.NET's SshClient and adds OS detection, remote known_hosts/authorized_keys read/write, and environment variable resolution on both Unix and Windows remote shells.
Installation
No installer is required. Download the self-contained binary for your platform and run it directly.
The application creates the following paths on first launch if they do not exist:
~/.ssh/ (mode 700 on Unix)
/etc/ssh/ or %PROGRAMDATA%\ssh\ (mode 755 on Unix)
~/.ssh/known_hosts and ~/.ssh/authorized_keys
%APPDATA%\OpenSSH_GUI\ — configuration and log files
Configuration File
Application settings are stored as JSON at:
Linux / macOS:~/.config/OpenSSH_GUI/OpenSSH_GUI.json
Windows:%APPDATA%\OpenSSH_GUI\OpenSSH_GUI.json
The file is created automatically on first run. You can also edit it by hand — changes are picked up at runtime via IOptionsMonitor.
git clone https://github.com/frequency403/OpenSSH-GUI
cd OpenSSH-GUI
dotnet build
dotnet run --project OpenSSH_GUI
Tests:
dotnet test OpenSSH_GUI.Tests
Security Notes
Passphrases are handled as raw byte buffers (SshKeyFilePassword) backed by a ReactiveBufferWriter. The buffer is zeroed via CryptographicOperations.ZeroMemory when cleared or disposed.
The secure password input dialog (SecureInputDialog) intercepts TextInputEvent at tunnel phase to avoid Avalonia's default string accumulation in the TextBox internal buffer.
Private key files are never read unless the user explicitly provides a passphrase. Fingerprints and metadata are always extracted from the unencrypted public portions of the key file.
All destructive file operations (rename, convert, change password) create backups before modifying any file and restore them automatically on failure.
Known Limitations
SSH config editing (local ~/.ssh/config and remote sshd_config) is not yet implemented (placeholder menu items exist).
Remote server operations require the connecting user to have read/write access to ~/.ssh/known_hosts and ~/.ssh/authorized_keys on the remote machine.
