Skip to content
🌱 Web based ssh client
Branch: master
Clone or download
Latest commit 7ddce5a Apr 18, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
preview Update README Aug 29, 2018
tests Made tests compatible with tornado 4.5.3 Feb 21, 2019
webssh Updated version Apr 18, 2019
.coveragerc Prepare to write unit tests Apr 22, 2018
.travis.yml Updated .travis.yml Jan 15, 2019
LICENSE Initialize Nov 8, 2017 Updated Apr 27, 2018 Updated README Apr 18, 2019
README.rst Updated README Apr 18, 2019
docker-compose.yml Added docker support Apr 18, 2019
requirements.txt Updated requirements.txt Apr 18, 2019 Added docker support Apr 18, 2019
setup.cfg Removed a blank line May 30, 2018


Build Status codecov PyPI - Python Version PyPI


A simple web application to be used as an ssh client to connect to your ssh servers. It is written in Python, base on tornado, paramiko and xterm.js.


  • SSH password authentication supported, including empty password.
  • SSH public-key authentication supported, including DSA RSA ECDSA Ed25519 keys.
  • Encrypted keys supported.
  • Fullscreen terminal supported.
  • Terminal window resizable.
  • Auto detect the ssh server's default encoding.
  • Modern browsers including Chrome, Firefox, Safari, Edge, Opera supported.


Login Terminal

How it works

+---------+     http     +--------+    ssh    +-----------+
| browser | <==========> | webssh | <=======> | ssh server|
+---------+   websocket  +--------+    ssh    +-----------+


  • Python 2.7/3.4+


  1. Install this app, run command pip install webssh
  2. Start a webserver, run command wssh
  3. Open your browser, navigate to
  4. Input your data, submit the form.

Server options

# start a http server with specified listen address and listen port
wssh --address='' --port=8000

# start a https server, certfile and keyfile must be passed
wssh --certfile='/path/to/cert.crt' --keyfile='/path/to/cert.key'

# missing host key policy
wssh --policy=reject

# logging level
wssh --logging=debug

# log to file
wssh --log-file-prefix=main.log

# more options
wssh --help

Browser console

// connect to your ssh server
wssh.connect(hostname, port, username, password, privatekey);

// pass an object to wssh.connect
var opts = {
  hostname: 'hostname',
  port: 'port',
  username: 'username',
  password: 'password',
  privatekey: 'the private key text'

// without an argument, wssh will use the form data to connect

// set a new encoding for client to use

// reset encoding to use the default one

// send a command to the server
wssh.send('ls -l');

Use Docker

Start up the app

docker-compose up

Tear down the app

docker-compose down


Use unittest to run all tests

python -m unittest discover tests

Use pytest to run all tests

python -m pytest tests


Running behind an Nginx server

wssh --address='' --port=8888 --policy=reject
# Nginx config example
location / {
    proxy_http_version 1.1;
    proxy_read_timeout 300;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Real-PORT $remote_port;

Running as a standalone server

wssh --port=8080 --sslport=4433 --certfile='cert.crt' --keyfile='cert.key' --xheaders=False --policy=reject


  • For whatever deployment choice you choose, don't forget to enable SSL.
  • By default plain http requests from a public network will be either redirected or blocked and being redirected takes precedence over being blocked.
  • Try to use reject policy as the missing host key policy along with your verified known_hosts, this will prevent man-in-the-middle attacks. The idea is that it checks the system host keys file("~/.ssh/known_hosts") and the application host keys file("./known_hosts") in order, if the ssh server's hostname is not found or the key is not matched, the connection will be aborted.
You can’t perform that action at this time.