Modern SSH client family for Android, Linux, macOS, Windows, and BSD. Open-source and privacy-focused.

Security

Built with security as a foundation. Learn how TabSSH protects your connections and credentials.

🔐 Security Features

Two Clients, Same Stance

The threat model and the user-facing security guarantees are identical across mobile and desktop. The implementation mechanisms differ where the OS provides better primitives.

  • Mobile: Android Keystore + Biometric/PIN + FLAG_SECURE
  • Desktop: OS Keychain + system lock + panic-handler crash capture
  • Both: AES-256-GCM stored credentials, host-key TOFU + MITM detection, OpenSSH user certs (Wave 2.2 / desktop port pending), MIT license, zero telemetry, zero analytics.

Hardware-Backed Encryption

  • Android Keystore: hardware-backed key storage on supported devices
  • Secure Element: keys stored in secure hardware where available
  • AES-256-GCM: all stored credentials encrypted at rest
  • Biometric Protection: fingerprint/face unlock for credential access
  • PIN Code App Lock: separate PIN-only lock if you'd rather skip biometrics
  • Auto-lock: configurable inactivity timeout

SSH Protocol Security

  • Modern algorithms: JSch 2.27 (mwiede fork) — rsa-sha2-256/512, OpenSSH 9.x compatible
  • Host key TOFU: first-connect fingerprint capture, MITM detection on subsequent connects
  • Known-hosts UI: review and revoke trusted host keys
  • Multiple key types: RSA (2048/3072/4096), ECDSA (P-256/384/521), Ed25519, DSA
  • OpenSSH user certificates (Wave 2.2): full *-cert.pub certificate auth — not X.509
  • Custom SSH ciphers/MACs: modern defaults shipped, backend supports overrides

Application Security

  • Screenshot protection: FLAG_SECURE on sensitive activities (passwords, key import, PIN entry)
  • Cloud-import token isolation: DigitalOcean / Hetzner / Linode / Vultr API tokens encrypted in Keystore under cloud_token_${id} — never in the SQLite database
  • Sync encryption: AES-256-GCM with PBKDF2 (100,000 iterations) over the Storage Access Framework — your storage provider only ever sees encrypted blobs
  • Crash + ANR capture: daemon-thread watchdog logs main-thread freezes; uncaught exception handler captures stack traces. Auto-on for debug builds, opt-in for release builds.
  • No telemetry: zero analytics SDKs, zero crash-reporter SaaS, zero remote logging

🛡️ Best Practices

  • Use SSH Keys: Prefer key authentication over passwords
  • Verify Host Keys: Always verify fingerprints on first connection
  • Keep Updated: Update TabSSH regularly for security patches
  • Strong Passphrases: Protect SSH keys with strong passphrases

🚨 Security Issues

Found a security vulnerability? Please report it responsibly:

  • GitHub Security: Use GitHub's private vulnerability reporting
  • No Public Issues: Don't create public issues for security bugs
  • Provide Details: Include reproduction steps and impact assessment

Questions About Security?

Security is complex. If you have questions or concerns, we're here to help.

Community Discussions Documentation