Authentication
Three SSH sign-in methods — password, private key, or ask each time. This section shows how they work and where credentials are stored.
Save password
Enter your SSH password once. It is used automatically when mounting drives. In the SSH terminal, automatic password entry is only supported with PuTTY (Settings → "Use PuTTY"). With the native OpenSSH client you must type the password manually — this is a deliberate security restriction.
Where is the password stored?
- If
keyringis available (default): in the Windows Credential Manager, DPAPI-encrypted and tied to the Windows user. config.jsonthen contains no plain-text password — only a marker_has_password.- In the multi-user database the password is additionally stored symmetrically encrypted with a key derived from your login password.
SSH key
Provide the path to your private OpenSSH key (e.g. C:\Users\you\.ssh\id_ed25519). The key is used automatically when mounting drives and when using the native SSH terminal. SSH certificates are also supported.
When mounting, the path is passed to sshfs.exe via -oIdentityFile=…. The following options are also set:
-oBatchMode=yes
-oPreferredAuthentications=publickey
This prevents SSH from prompting interactively for a password if the key is missing or incorrect — it aborts instead.
SSH certificates work the same way — the signed public key must be placed next to the private key as <key>-cert.pub; OpenSSH and SSHFS-Win find it automatically.
PuTTY key (.ppk)
PuTTY expects keys in its own PPK format. Enter the path to your .ppk file in the connection editor under "PuTTY key path". OpenSSH keys (id_ed25519, id_rsa) go in the "SSH key path" field and are only used for the native SSH client and SSHFS-Win. You can convert between formats using PuTTYgen.
Ask each time
No password is stored — a prompt appears every time you connect. Useful for:
- Servers where you don't want credentials stored locally.
- Accounts with rotating passwords.
- Servers with two-factor authentication.
How are passwords protected?
When you sign in to the app, a key is derived from your profile password and kept only in memory. All SSH credentials are encrypted with this key. When you sign out, the key is immediately discarded.