Skip to main content
Security

Secure by design. Private by default.

DataraSSH takes security seriously at every layer — encrypted credential storage, explicit host key verification, and an optional app lock with inactivity timeout. Your servers are in safe hands.

Download Free
Secure by design. Private by default.

Security built into every layer

Encrypted Credentials

Passwords and SSH key passphrases are encrypted at rest in the local SQLite database. Your credentials are never stored in plain text — not in a file, not in memory longer than necessary.

Host Key Verification

On first connection to a new host, DataraSSH shows you the server's full cryptographic fingerprint and asks you to explicitly trust it before proceeding. No silent TOFU surprises.

Separate known_hosts

Trusted host keys are written to ~/.datassh/known_hosts — completely separate from your system OpenSSH known_hosts. DataraSSH's trust list never interferes with your other tools.

Secure Mode — App Lock

Optional app-level lock protected by a bcrypt-hashed password. Lock manually, set an inactivity timeout, or configure it to lock the moment the window loses focus.

SSH Agent Forwarding

Integrate with your system's SSH agent. Use keys you've already configured without duplicating credentials inside DataraSSH — works with 1Password SSH Agent, ssh-agent, and more.

Multiple Auth Methods

Password, private key files (with optional passphrase), SSH certificates, and SSH agent forwarding all supported. Use the right authentication method for every host.
Host Key Verification

Know exactly who you're connecting to — every time

DataraSSH displays the remote server's full cryptographic fingerprint the first time you connect to any host. You make an explicit, informed decision to trust it. On every subsequent connection, DataraSSH verifies the key matches — any change is flagged immediately with a prominent warning.

  • Full fingerprint shown before the very first connection
  • Explicit trust required — no silent acceptance
  • Keys stored in ~/.datassh/known_hosts (separate from system OpenSSH)
  • Changed host keys trigger an immediate, prominent warning
  • Protects against man-in-the-middle attacks on every session
Know exactly who you're connecting to — every time
Secure Mode

Lock the app when you step away

Enable Secure Mode to protect your saved hosts, credentials, and active sessions behind a bcrypt-hashed password. Set an inactivity timeout so the app locks itself. Or configure lock-on-focus-loss — for the most security-conscious workflows where leaving a screen unattended is not an option.

  • App-level lock with bcrypt-hashed password
  • Configurable inactivity auto-lock (timeout in seconds)
  • Lock-on-focus-loss for maximum protection
  • Active sessions and credentials protected behind the lock screen
  • One-click manual lock from anywhere in the app
Lock the app when you step away

Security you can measure

AES
Credential encryption
bcrypt
App lock hashing
0
Credentials transmitted

The secure SSH client for professionals.

DataraSSH is free forever. Download it now and set up your first secure connection in minutes.

Download DataraSSH — Free