The key-only SSH replacement
for fleets & AI agents

A mesh-native remote-execution daemon and MCP server. Per-node Ed25519 authentication, TLS 1.3 with raw-key pinning, per-key policy and hash-chained audit — no shared secret anywhere.

curl -fsSL https://raw.githubusercontent.com/zeus-kim/vssh/main/install.sh | bash
or pip install vssh  ·  checksum-verified  ·  Linux (x86-64, arm64, arm, 386, riscv64, ppc64le, s390x) & macOS

Why vssh

Key-only auth

Per-node Ed25519 challenge–response (VAUTH1) over TLS 1.3 with raw-public-key pinning. No shared secret, no HMAC, no PKI — authorization is your authorized_keys.

MCP-native

First-class tools for AI operators: exec, facts, capability routing, multi-target fan-out, and tunnels — every call policy-checked and audited.

Policy & audit

Per-key capabilities, command allow/deny with anchored matching, path scoping, rate limits, and a tamper-evident hash-chained audit log.

Tunnels

Local (-L), reverse (-R) and dynamic SOCKS (-D) forwards, each individually authenticated and audited — managed straight from the MCP layer.

Zero-touch onboarding

Host-identity verification self-provisions on first use, so a fresh controller is ready with no manual setup step.

Mesh & cross-platform

Built for WireGuard/Tailscale meshes. Single static binary across seven Linux architectures and macOS.

Quick start

1
curl -fsSL https://raw.githubusercontent.com/zeus-kim/vssh/main/install.sh | bash
Install the checksum-verified binary to $HOME/bin.
2
vssh server
Run the daemon on a target node — key-only auth, nothing to configure.
3
echo "ssh-ed25519 AAAA… operator" >> ~/.vssh/authorized_keys
Authorize an operator key (optionally with caps= / policy= tags).
4
vssh run node1 'uptime'
Execute — or wire vssh mcp into your AI client for tools.

Under the hood

TLS 1.3 (stdlib)Ed25519 raw-key pinning VAUTH1 challenge–responsedeny-first policy hash-chained auditFMUX multiplexing host-identity verificationsingle static binary