Authentication

Three SSH sign-in methods — password, private key, or ask each time. This section shows how they work and where credentials are stored.

Save password

Enter your SSH password once. It is used automatically when mounting drives. In the SSH terminal, automatic password entry is only supported with PuTTY (Settings → "Use PuTTY"). With the native OpenSSH client you must type the password manually — this is a deliberate security restriction.

Where is the password stored?

  • If keyring is available (default): in the Windows Credential Manager, DPAPI-encrypted and tied to the Windows user.
  • config.json then contains no plain-text password — only a marker _has_password.
  • In the multi-user database the password is additionally stored symmetrically encrypted with a key derived from your login password.

SSH key

Provide the path to your private OpenSSH key (e.g. C:\Users\you\.ssh\id_ed25519). The key is used automatically when mounting drives and when using the native SSH terminal. SSH certificates are also supported.

When mounting, the path is passed to sshfs.exe via -oIdentityFile=…. The following options are also set:

-oBatchMode=yes
-oPreferredAuthentications=publickey

This prevents SSH from prompting interactively for a password if the key is missing or incorrect — it aborts instead.

SSH certificates work the same way — the signed public key must be placed next to the private key as <key>-cert.pub; OpenSSH and SSHFS-Win find it automatically.

PuTTY key (.ppk)

PuTTY expects keys in its own PPK format. Enter the path to your .ppk file in the connection editor under "PuTTY key path". OpenSSH keys (id_ed25519, id_rsa) go in the "SSH key path" field and are only used for the native SSH client and SSHFS-Win. You can convert between formats using PuTTYgen.

PuTTY key (.ppk) If a PPK path is set, PuTTY uses it. Otherwise it falls back to the OpenSSH key path — with a log warning if the file does not end in .ppk.

Ask each time

No password is stored — a prompt appears every time you connect. Useful for:

  • Servers where you don't want credentials stored locally.
  • Accounts with rotating passwords.
  • Servers with two-factor authentication.

How are passwords protected?

When you sign in to the app, a key is derived from your profile password and kept only in memory. All SSH credentials are encrypted with this key. When you sign out, the key is immediately discarded.

The key should not have a passphrase so that mounts can run automatically in the background. For unattended use (e.g. auto-mount on startup), use the SSH key method with a key that has no passphrase.