rmt/ssh-workbench
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ssh-workbench/docs/FUTURE.md
jima c4ead07fa4 Version bump, AppSwitch, cloud backend docs, audit files to docs/, gitignore cleanup 
- Bump version 0.0.38 → 0.0.39
- AppSwitch: scaled-down (0.75x) Material3 Switch with full touch target,
  replaces default Switch in KeyboardSettingsDialog for consistent narrow style
- Cloud backend spec: FUTURE.md summary + FUTURE_BACKEND.md full architecture
  (zero-knowledge sync, packs, team sharing, web dashboard, swb CLI) +
  FUTURE_BACKEND_TECH.md implementation details
- Move Audit.md and SecurityAudit.md into docs/ folder
- Add scripts/ to .gitignore (test results, deploy scripts — local only)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-12 11:47:17 +02:00

8.4 KiB
Raw Permalink Blame History

SSH Workbench — Future Features

Ideas and placeholders for future versions. Not planned for v1.0. Updated: 2026-04-03

Features

  • SSH VPN modeEditConnectionScreen.kt:608// TODO PRO v2.0: SSH VPN mode using VpnService + tun2socks. Full device VPN tunneling over SSH.
  • Quick-connect search — typing in the quick-connect bar filters saved connections (match on host, user, nickname, name). Suggestions shown below input. Tap suggestion = connect with saved settings. Press enter = fresh connection with defaults only, no saved lookup.
  • SCP file transfer — simple single-file copy without SFTP overhead.
  • Mosh support — UDP-based mobile shell for high-latency connections.
  • Macro editor UI — Done. QB Customizer (QuickBarCustomizerScreen) allows editing keys + app shortcut macros.
  • Additional language packs — beyond EN/ES/SV/FR/DE.
  • Detect remote OS — run uname after connect to identify Linux/macOS/FreeBSD/etc. Show OS icon on connection cards, auto-set SFTP default paths, tailor shell behavior.
  • Automatic session logging — always-on persistent logging of terminal output to files. Per-connection toggle in settings. Useful for audit trails and reviewing past sessions. We already have manual Save Output (pro) and debug-only SessionRecorder; this would be automatic and user-facing.
  • Send diagnostic data — opt-in anonymous usage analytics and crash reporting beyond Crashlytics. Connection success/failure rates, feature usage, terminal size distributions, keyboard mode preferences. Toggle in Settings → About. Helps prioritize features and catch issues. Must be opt-in, never send session content or credentials.
  • Hardware keyboard hotkeys — configurable shortcut mode for Bluetooth/USB keyboards: Disabled (all keys pass through), Ctrl (Ctrl+C=copy, Ctrl+V=paste), Ctrl+Shift (Linux convention — Ctrl+C=SIGINT, Ctrl+Shift+C=copy). Maps common shortcuts to app actions (copy, paste, new session, close, switch tabs).
  • Remote file push / APK install — TCP file receiver on localhost, exposed via remote port forward through SSH. Dev machine pushes files (e.g., APKs) to duero:<port> → phone receives, saves, and triggers install intent. Eliminates ADB dependency for remote deployment over mobile data. Simple binary protocol (filename + size + data + install flag), ~20-line Linux push script.

Deferred from 2026-04-02 SFTP Standalone

  • SFTP disconnected bar UI — Done. SftpScreen shows error + Reconnect button; SSH state monitored for mid-session disconnects.
  • SFTP auto-reconnect — use connection's autoReconnect setting to auto-retry SFTP when its SSH drops.
  • SFTP tab isConnected in tab barSessionTabBar hardcodes isConnected = true for SFTP tabs. Should reflect actual SFTP connection state for proper disconnected colors.
  • SFTP "Connect to Terminal" — Done. SFTP tab overflow menu opens terminal session for same connection.
  • SFTP remember folder on reconnect — Done. loadInitialDirectory() checks _currentPath.value before defaulting to home.
  • SFTP jump host support — Done. openSftpSession uses buildJumpChain, jump sessions tracked in SftpSessionManager.
  • Extract TerminalService — Done. SshConnectionHelper extracted (auth, TOFU, session factory). TerminalService 1523→1384 lines.

Deferred from 2026-04-02 Audit

  • DECCKM for hardware keyboard — hardware keyboard arrow keys should respect DECCKM (application cursor mode). Currently only the custom keyboard sends application-mode sequences.
  • Italic rendering — Done. Faux italic via textPaint.textSkewX = -0.25f. Hidden text (SGR 8) also fixed to render fg=bg.
  • Clipboard timed clear — auto-clear clipboard N seconds after copy for security. Currently clipboard contents persist indefinitely.
  • Vault crypto unit testslib-vault-crypto JNI (Argon2id + AES-256-GCM) has no unit tests. Requires a test harness that loads the native library.

Research

  • Termius Android changelog — check https://termius.com/changelog for feature ideas and competitive intelligence on what users expect from a mobile SSH client.

Vault Export — Future Options

Option C — Recipient public key (X25519)

  • SSH Workbench generates an X25519 keypair on first install, stored in Android Keystore
  • User can share their .pub from Settings → "My Public Key"
  • Export: user pastes or imports recipient's .pub → app does ECDH with ephemeral keypair → encrypts symmetric key with shared secret → embeds ephemeral public key in .swb header
  • Import: app uses Keystore-backed private key + ephemeral public from header → derives same shared secret → decrypts
  • Zero secrets exchanged between parties. Single file transfer.
  • New mode byte: 0x03

Option D — Biometric (same-device backup)

  • Generate random 256-bit key, store in Android Keystore with biometric binding (setUserAuthenticationRequired)
  • Export: biometric prompt → key retrieved → encrypt → save file
  • Import: same device only, biometric prompt → same key → decrypt
  • Combine with Option A or B for cross-device portability
  • New mode byte: 0x04

Option E — Split secret (Password + QR)

  • Generate two independent 128-bit half-keys
  • Derive final 256-bit key via HKDF(half1 || half2)
  • Half1 delivered as QR, half2 as user-typed password
  • Neither alone is sufficient
  • High-paranoia use case, probably not needed for SSH Workbench
  • New mode byte: 0x05

Cloud Platform (Future Backend)

Full specification: docs/FUTURE_BACKEND.md

A future cloud backend will turn SSH Workbench into a sync + collaboration platform without compromising the local-first, zero-knowledge model. The mobile app remains the core product; the backend is an optional layer that unlocks sync, packs, team sharing, and a web-based keyboard editor.

Core principles

  • Zero-knowledge by construction. Private keys, passwords, and any other secret material are encrypted client-side with a key derived from the user password via Argon2id. The server only ever sees ciphertext. A full database dump must be useless to an attacker — and to us.
  • Local-first. Everything in the current app keeps working without an account. The backend is additive.
  • Reuses existing crypto. AES-256-GCM via lib-vault-crypto is already production-tested. Team key sharing extends the X25519 recipient-public-key model sketched above as "Vault Export — Option C".

Headline features

  • Sync packs — user composes named bundles ("Work servers", "Home lab") of hosts + keys + keyboard layout + QB config on the web dashboard. Devices subscribe to packs; new device login pulls everything down instantly.
  • Team sharing — admin creates an org, invites members by email, assigns packs per role. Revoking a member removes their packs from their devices on next sync.
  • Web dashboard — visual keyboard layout editor (the main pro hook), pack composer, team management, billing, and an in-browser xterm.js terminal so users can SSH from any computer without installing anything.
  • swb CLI — open source single-binary CLI (Go or Rust) for Linux/macOS/Windows. swb sync, swb connect <host>, swb list, swb export. Strong differentiator vs Termius CLI; no full desktop GUI planned.

Tiers

Tier Price (target) What it unlocks
Free €0 Full SSH client, unlimited connections, local vault, all core features. No backend access.
Pro ~€2.99/month Web dashboard, visual KB editor, cloud sync, solo packs, web terminal, swb CLI auth
Teams higher per-seat Everything in Pro + org management, multi-member pack sharing, access control

Release sequence

  1. Ship free app with no visible Pro features and no mention of cloud plans.
  2. Later: add a one-time Pro purchase (~€6.99 lifetime) for power-user local features that need no backend.
  3. Build the backend, launch subscription Pro with sync + web KB editor.
  4. Add the Teams tier once organic demand appears.

What stays local forever

  • All core SSH functionality (connections, terminal, keys, port forwards, SFTP)
  • Local vault (.swb export/import) — backend is never required for backup
  • QuickBar customizer (the in-app editor stays; the web editor is the pro upgrade path)
  • All terminal rendering, parsing, and keyboard logic

See docs/FUTURE_BACKEND.md for the full architecture, data model, sync protocol, threat model, and a backend-developer-ready spec.