Effortlessly manage remote shell access for your team

checkpoint

Features

access-control
block

Flexible access control without SSH keys

access-control

Every team member receives SSO access with two-factor authentication to access multiple remote servers according to access rights (RBAC).

PAM compatible (LDAP/Kerberos etc)

book

Users activity record

All team activity within the shell is recorded. Encrypted session logs are stored securely and viewable in the GUI app.

synced-data
data-sync

Synced data on any device

synced-data

A single TUI start page displays on all devices, providing seamless access to all your hosts, current connections, and session logs. Users simply connect to a single host and quickly resume work from any device.

See how it works
gui-app

GUI app

  • Manage user list
  • Manage team’s host/service list
  • Set access rights (RBAC)
  • View user session logs
  • View user terminal screens in real time
  • Use built-in terminal
  • Access built-in file manager

How it works

how-it-works
Stack

Central server and Nodes: Golang

Administrator’s app: Qt (C++)

how-it-works
cluster

Install to your host in 15 minutes (k8s cluster)

agent

Agentless (no third-party endpoint software)

cloud

Cloud version with E2EE — easiest way to try right now

FAQ

Yes. We created TeamShell for strongly secure using shell. The data between client <-> central server and node <-> central server is end-to-end encrypted. It's no matter you're running cloud or hosted version plaintext session data never hits central server. Thus, if you prefer to be self-hosted, it is safe to install TeamShell to the public cloud.
From the client side, extra security is provided by 2-factor authentication.

We use gRPC as control protocol and NATS for session streaming. The local communication is built on HTTP/Websockets.

Keys are generated indepedently on client side and nodes. Losing a client's key will have no impact, but node keys must be stored safely, as they are used to encrypt and decrypt session data. Losing a node key will result in lost session history. Node keys may be generated beforehand, or the node can automatically generate the key.

Node service configurations can be stored either in a file or the database. If you choose the database, you can edit the config directly from GUI. For better security, the config itself is stored in an encrypted format within the database. Hence, only the node can read the config using its key.

If you edit the node config using the database GUI, graceful reload is performed. Otherwise, you can send the USR1 signal to process, which will lead to a graceful reload.

Traditionally connection to host means connection via SSH and running default interpreter (i.e., Bash). In TeamShell, this default behavior is preserved, but users are not limited to it. You may define any other command as an entry point (e.g., psql, htop, tail, etc.) Once you exit this command, the session ends, acting as an additional limitation measure, while providing access to sensitive hosts.

The GUI supports Linux, MacOS, and Windows. TUI can run on Linux, MacOS, and WSL on Windows. Node can run on Linux (including Docker/k8s).
Do you have a question?

Pricing

Options Startup Business Enterprise
Straight SSH access No Yes Yes
Session logs 3 last sessions All team sessions All team sessions
Users 5 30 No limits
Nodes 1 5 No limits
Hosts 10 200 No limits
2FA Yes Yes Yes
LDAP integration No No Yes
Cluster Central cerver No No Yes

Straight SSH access

Startup

No

Business

Yes

Enterprise

Yes

Session logs

Startup

3 last sessions

Business

All team sessions

Enterprise

All team sessions

Users

Startup

5

Business

30

Enterprise

No limits

Nodes

Startup

1

Business

5

Enterprise

No limits

Hosts

Startup

10

Business

20

Enterprise

No limits

2FA

Startup

Yes

Business

Yes

Enterprise

Yes

LDAP integration

Startup

No

Business

No

Enterprise

Yes

Cluster Central cerver

Startup

No

Business

No

Enterprise

Yes

Download beta

You can use easily download cloud version right now. Simply download the app and review the Quick start guide

To receive a hosted version please tell us a bit more about your business, and we will promptly send you a docker registry key.

Your name *
Your email *
Company name *