terminalben-fischer.dev CLI

Security And Storage

Security and storage

Encrypted storage

Connections are stored in ~/.config/go-ssh/connections.enc. Each save generates a new salt and nonce. The encryption key is derived from the master password using scrypt (N=32768, r=8, p=1) with a 32-byte key length, and the data is encrypted with AES-GCM. The vault file is written with 0600 permissions.

Master password

The master password is required to decrypt the vault at startup. If the password is lost, the current implementation has no recovery mechanism and the vault cannot be decrypted.

Credentials in use

Go-SSH supports password-based authentication only. It supplies the password to ssh via sshpass using the SSHPASS environment variable.

Host key verification

The SFTP client uses ssh.InsecureIgnoreHostKey, so host keys are not verified in the current implementation.

Dependency checks

On startup, Go-SSH checks that both ssh and sshpass are available in the PATH and exits with an error if either is missing.

warning
Host key verification

Host keys are not verified in the current SFTP implementation. Use trusted networks and hosts.