sshoosh runs as a self-hosted server that provides a text-based user interface (TUI) chat workspace accessible over SSH. Built in Rust, the project from GitHub user puemos has 64 stars. It targets small teams and operators who need real-time collaboration directly through SSH connections, without relying on web interfaces or external services. Users connect via standard SSH clients, entering tokens at a masked prompt for authentication.
The tool emphasizes security and simplicity: SSH keys register on first use, tokens stay out of logs or history due to keyboard-interactive auth, and subsequent logins skip prompts. A demo video in the README shows the TUI in action, with message threads, user lists, and scrolling chat.
Core features
sshoosh centers on a shared TUI workspace for chat. Key elements include:
- Token-based onboarding: Generate bootstrap tokens for owners, invite tokens for users, or device link tokens for existing accounts. Paste at the
Token:prompt on SSH connect; choose username in TUI for new users. - SSH-native access: Listens on a TCP port (default 2222). No web server—pure SSH with TUI rendering.
- Persistent storage: Uses SQLite (
sshoosh.sqlite) for data, with backup and export commands. - Admin tools:
sshoosh doctorchecks/repairs issues;daemonmode for systemd integration as a dedicatedsshooshuser. - Search and audit: Repair search indexes; export JSON with audit logs.
The TUI handles real-time messaging, likely with user presence and threading, as shown in the demo. Environment variables control DB path, server key generation, and bind address.
Getting it running
Start with the release binary via the install script:
curl -fsSL https://raw.githubusercontent.com/puemos/sshoosh/main/install.sh | sh
Homebrew users run:
brew install puemos/tap/sshoosh
Generate a bootstrap token:
sshoosh bootstrap-token
Launch the server, setting paths for DB and Ed25519 key:
SSHOOSH_DB=./sshoosh.sqlite \
SSHOOSH_SERVER_KEY=./sshoosh_server_ed25519 \
sshoosh serve --host 0.0.0.0 --port 2222
Connect locally:
ssh -p 2222 127.0.0.1
Paste the token at the prompt. Your SSH key binds to the account; pick a username if new.
For VPS deployment:
curl -fsSL https://raw.githubusercontent.com/puemos/sshoosh/main/install.sh | sudo sh -s -- --dir /usr/local/bin
sudo /usr/local/bin/sshoosh daemon install --binary /usr/local/bin/sshoosh
sudo sh -c 'set -a; . /etc/sshoosh/sshoosh.env; set +a; exec sudo -E -u sshoosh /usr/local/bin/sshoosh bootstrap-token'
ssh -p 2222 sshoosh.example.com
Update releases by replacing the binary and restarting:
curl -fsSL https://raw.githubusercontent.com/puemos/sshoosh/main/install.sh \
| sudo sh -s -- --dir /usr/local/bin --version vX.Y.Z
sudo /usr/local/bin/sshoosh daemon restart --backup
Docker setup uses GHCR:
docker volume create sshoosh-data
docker run --rm -v sshoosh-data:/data ghcr.io/puemos/sshoosh:latest bootstrap-token
docker run -d --name sshoosh --restart unless-stopped \
--cap-drop=ALL \
--security-opt no-new-privileges \
-p 2222:2222 \
-v sshoosh-data:/data \
ghcr.io/puemos/sshoosh:latest
Persist /data volume; run as non-root with dropped capabilities.
Deployment options
The README provides a summary table for setups:
| Setup path | Recommendation | Notes |
|---|---|---|
| Local or LAN | 0.0.0.0:2222 on private network |
Bind to your host IP and keep firewall rules tight. |
| Temporary sharing | Tunnel sshoosh TCP port |
Works with ngrok, Cloudflare Tunnel, Tailscale, or SSH reverse tunnels. |
| Production | VPS + systemd | Use sudo sshoosh daemon install so the service runs as the locked-down sshoosh user. |
| Docker | GHCR image + persistent volume | Run as the image's non-root user, persist /data, and drop container capabilities. |
| PaaS/container hosts | Use only raw TCP paths | Avoid HTTP-only hosts. |
Local or LAN suits testing; tunnel for quick shares. Production favors VPS with daemon for the sshoosh user isolation.
Core commands
Beyond serve and tokens, use:
sshoosh doctororsshoosh doctor --repair-searchfor diagnostics.sshoosh backup /var/backups/sshoosh.sqlitefor DB snapshots.sshoosh export --format json --out /var/backups/sshoosh.json --include-auditfor full exports.
Full CLI/TUI reference lives in the docs.
Who this is for
Operators and small teams handling SSH-based workflows benefit most. Think sysadmins collaborating on a server incident: connect from terminals, chat in real-time without switching apps. The TUI workspace supports threaded discussions over SSH, ideal for ops centers or remote pairs.
It fits private networks, where firewall rules limit port 2222 access. Temporary tunnels extend reach via Tailscale or ngrok. Self-hosting appeals to those avoiding SaaS chat tools, keeping data in SQLite on their hardware.
Not suited for HTTP-only PaaS, per notes. Larger teams might outgrow the "tiny" scope; no mention of scaling to hundreds of users.
How it compares
sshoosh stands apart by sticking to SSH/TUI—no browsers, no WebSocket fallbacks. Heavier tools like Mattermost or Rocket.Chat demand HTTP setups and browsers. Lighter SSH multiplexers (tmux + SSH sharing) lack built-in chat persistence or tokens. At 64 stars, it's niche but focused, written in Rust for reliability.
Full docs cover config tweaks: https://puemos.github.io/sshoosh/. Source at https://github.com/puemos/sshoosh. Teams needing web UIs or massive scale look elsewhere; this targets SSH purists.
Comments