A PuTTY-inspired SSH launcher built specifically for OpenClaw agents.
Connect to, manage, and monitor OpenClaw nodes running on any machine — securely.
ClawTTY lets you save profiles for your OpenClaw hosts (home PC, Mac, VPS, lab machines)
and connect to them in one click. It opens a terminal window with an SSH session running
openclaw tui (or another allowed command) on the remote machine.
Think PuTTY, but purpose-built for OpenClaw — with modern security baked in from the ground up.
- Profile manager — save, group, and organize multiple OpenClaw hosts
- One-click connect — spawns your preferred terminal (konsole/gnome-terminal/kitty/alacritty/xterm)
- Tabbed sessions — manage multiple simultaneous connections
- Broadcast mode — send a command to all open sessions at once
- Quick macros — one-click buttons for common
openclawcommands - OpenClaw-only mode — hardcoded allowlist, no arbitrary shell access possible
- Host key verification — tracks and verifies SSH fingerprints, blocks mismatches
- Keychain integration — passphrases stored via libsecret, never in plaintext
- Full audit log — every connection attempt logged locally
- SSH config import — import hosts from
~/.ssh/configin one click - SSH key generation — generate ed25519/RSA keys and push them with
ssh-copy-id - Dark theme — IxelOS-inspired design
- OS: Linux (Fedora primary; works on any distro with libsecret/GNOME keyring)
- Python: 3.10+
- SSH client:
ssh,ssh-keygen,ssh-copy-idon PATH - Terminal: konsole, gnome-terminal, kitty, alacritty, or xterm
git clone <repo>
cd clawtty-v3
bash install-fedora.shThen run:
clawttypip install --user customtkinter>=5.2.0 secretstorage>=3.3.0 paramiko>=3.4.0
python3 clawtty.py| File | Location |
|---|---|
| Profiles | ~/.config/clawtty/profiles.json |
| Known hosts | ~/.local/share/clawtty/known_hosts |
| Audit log | ~/.local/share/clawtty/audit.log |
| App files | ~/.local/share/clawtty-v3/ |
| Launcher | ~/.local/bin/clawtty |
ClawTTY is designed with security as a first-class concern:
- No arbitrary shell — remote commands are hardcoded to a strict allowlist:
openclaw tui,openclaw status,openclaw sessions,openclaw logs - No plaintext secrets — credentials stored in the system keyring (libsecret) only
- Host key pinning — fingerprints verified and stored per-host; mismatches block the connection
- Fail closed — any validation failure refuses to connect, never silently proceeds
- Audit logging — every connection attempt, block, and key decision is logged locally
- No telemetry — zero network calls except the SSH connection itself
- Profiles are secret-free —
profiles.jsoncontains only hosts, users, and ports
See SECURITY.md for the full threat model.
- Native WebSocket mode — connect directly to OpenClaw gateway (no SSH needed)
- Agent status dashboard — see all agents, online/offline, last active
- Windows/macOS support — Python+Tk build first, Tauri rewrite later
- Per-profile token vault — store OpenClaw API tokens in keychain
- Session log export — save terminal output to file
- SSH tunnel/port forward UI — set up tunnels per profile
MIT — see LICENSE.
Built by IxelAI / OpenIxelAI
