SSH Portal
Securely connect to your servers directly from the browser with encrypted SSH sessions, session recording, and real-time log streaming.
On this page
Connecting to Servers
The SSH Portal lets you create and manage SSH connections to your servers directly from the PulseGuard dashboard. No local SSH client is required.
Creating an SSH Connection
Navigate to SSH Portal > New Connection and fill in the connection details:
| Field | Description |
|---|---|
| name | A friendly name for this connection (e.g., "Production Web Server") |
| host | The server's hostname or IP address |
| port | SSH port number (default: 22) |
| username | The SSH username to authenticate with |
Authentication Methods
Password
Enter your server password directly. The password is encrypted at rest using AES-256-GCM and is never stored in plain text. This is the simplest method but key-based authentication is recommended for better security.
Private Key
Paste your existing private key (PEM format). The key is encrypted at rest. If your key has a passphrase, you will be prompted to enter it when connecting. Supported key types include RSA, Ed25519, and ECDSA.
PulseGuard Key Pair
Use a key pair generated within PulseGuard (see SSH Key Management). Select a key from your key ring and PulseGuard will use it automatically. You will need to add the public key to your server's ~/.ssh/authorized_keys file first.
Shared Connections
Connections can be shared with other members of your organization. Shared connections allow team members to connect to the same servers without needing to configure credentials individually. Go to the connection settings and toggle Share with organization to make it available to all team members. Shared connections respect role-based access controls.
Quantum Shield Encryption
All SSH sessions in PulseGuard are protected by Quantum Shield, a multi-layer encryption system powered by the @quantumshield/qauth SDK that ensures your data is secure both in transit and at rest.
AES-256-GCM Encryption
All data transmitted through the SSH Portal is encrypted using AES-256-GCM (Advanced Encryption Standard with Galois/Counter Mode). This provides both confidentiality and integrity verification, ensuring that data cannot be read or tampered with during transmission.
Data in Transit
All communication between your browser and PulseGuard servers is encrypted via TLS 1.3. The SSH session data is then further encrypted with AES-256-GCM before being forwarded to your target server, providing double-layer encryption for the entire session.
Credentials Encrypted at Rest
Stored credentials (passwords, private keys) are encrypted at rest using HKDF (HMAC-based Key Derivation Function) to derive unique encryption keys for each credential. This means even if the database were compromised, credentials remain encrypted and unusable without the master key derivation material.
Session Recording & Playback
PulseGuard automatically records all SSH sessions for audit trails and troubleshooting. Review exactly what happened during any session with full terminal playback.
Automatic Recording
Every SSH session is automatically recorded from the moment you connect. Recordings capture all terminal input and output, including commands executed, output displayed, and timing information. No configuration is needed — recording is enabled by default for all connections.
Playback from Session History
Navigate to SSH Portal > Session History to view all past sessions. Click on any session to open the playback viewer, which replays the terminal session in real time. You can pause, fast-forward, and rewind through the recording. Session metadata includes the connection name, user, start/end time, and duration.
Storage
Session recordings are stored in a dedicated recording directory associated with your organization. Recordings are retained according to your plan's data retention policy. Files are stored in an efficient binary format that captures terminal sequences with timestamps, minimizing storage overhead while preserving full fidelity playback.
Log Streaming
Stream server logs in real time directly through your SSH connection. PulseGuard supports multiple log sources and provides a clean, filterable log viewer in the browser.
Real-Time Streaming
Log streaming uses your existing SSH connection to tail log files and service journals on your server. Logs are streamed to your browser in real time with syntax highlighting and automatic scrolling. You can pause the stream at any time to inspect specific log entries.
Supported Log Types
| Log Type | Source | Description |
|---|---|---|
| journalctl | systemd journal | System and service logs from systemd. Supports filtering by unit, priority, and time range. |
| nginx | /var/log/nginx/ | Nginx access and error logs. Parsed for request method, URL, status code, and response time. |
| apache | /var/log/apache2/ | Apache access and error logs in combined log format. |
| syslog | /var/log/syslog | General system messages from the syslog daemon. |
SSH Key Management
Generate, manage, and use SSH key pairs directly within PulseGuard. Keys are securely stored and can be used across all your SSH connections.
Generating Key Pairs
Navigate to SSH Portal > Key Management > Generate Key to create a new key pair. PulseGuard supports the following key types:
Ed25519 (Recommended)
The most modern and secure key type. Ed25519 keys are compact (68 characters for the public key), fast to generate, and resistant to side-channel attacks. This is the default and recommended option.
RSA-4096
A widely compatible key type with a 4096-bit key length. Use RSA-4096 when connecting to older servers that do not support Ed25519. RSA keys are larger but have the broadest compatibility.
ECDSA
Elliptic Curve Digital Signature Algorithm keys using the NIST P-256 curve. ECDSA offers a good balance between security, performance, and compatibility. Suitable for environments that require NIST-approved algorithms.
Viewing Public Keys & Fingerprints
Each generated key pair displays the public key in OpenSSH format, ready to copy and paste into your server's ~/.ssh/authorized_keys file. The key fingerprint (SHA-256) is also displayed for verification. You can copy the public key with a single click.
Using Keys for Connections
When creating or editing an SSH connection, select PulseGuard Key Pair as the authentication method and choose a key from your key ring. The private key is used automatically when connecting. Make sure the corresponding public key has been added to the target server's authorized keys before connecting.
Plan Limits
The number of SSH connections you can create depends on your PulseGuard plan. All plans include full access to encryption, session recording, and key management features.
| Plan | SSH Connections | Features |
|---|---|---|
| Free | 2 connections | Full encryption, session recording, key management |
| Pro | 25 connections | Everything in Free plus shared connections and extended recording retention |
| Business | Unlimited | Everything in Pro plus priority support and custom retention policies |
If you reach your connection limit, you can upgrade your plan or remove unused connections to free up slots. Visit Settings > Billing to manage your subscription.