Your devices.
Accessible everywhere.
Exposed nowhere.
Reach your computers, servers, terminal, files, and code editor from any browser — through secure direct connections. Nothing listens on the public internet. No VPN to run. No port to forward.
Control, without complexity.
Desktop, terminal, file transfer, and code editing — directly from your browser.
Reach your home PC from anywhere
Pick up exactly where you left off — desktop, terminal, files — from any browser. No tunnels to babysit, no IP to remember.
Share files between your devices
Drag and drop files between your laptop, desktop, and servers. Transfers go directly, encrypted, at full local speed.
Edit code from any browser
Open your projects in a full editor running against the real filesystem. No syncing, no remote IDE, no setup.
Problems we solve
XShell is for the everyday cases where your device is yours, but reaching it still feels harder than it should.
Turn a local computer into private cloud storage
Keep files on your own machine and reach them from anywhere with the browser file manager, upload, download and manage files without exposing a storage service to the internet.
SSH into home machines without network setup
Open a secure shell from work, travel, or mobile networks without port forwarding, static IPs, router changes, or VPN routing rules.
Develop directly on the remote device
Edit files with the browser code editor, build projects, run commands, inspect logs, and restart services against the real filesystem.
Fix real problems from your phone
Handle urgent work from a park bench, airport, or cafe when all you have is a phone and the machine that needs attention is at home.
Watch remote devices in real time
Monitor terminals, logs, processes, files, and service state across machines without opening separate dashboards or tunnels.
Reach small servers and edge devices safely
Manage lab boxes, Raspberry Pis, embedded devices, and private servers behind NAT while keeping inbound ports closed.
Move files without uploading them to a vendor cloud
Transfer data directly between your own devices with end-to-end encryption instead of staging it through a third-party drive.
Features
Built from the ground up for security, performance, and simplicity.
End-to-End Encryption
Your terminal, files, and editor traffic stay encrypted between your devices. The relay server is cryptographically excluded — your terminal data stays private whether routed via P2P or relay fallback.
WebRTC Peer-to-Peer
After authentication, a direct P2P data channel is established via WebRTC data channels. Terminal data bypasses the relay server entirely for minimal latency.
SRP-6a Authentication
Secure Remote Password protocol ensures no password is ever transmitted. Mutual proof exchange verifies both sides without exposing credentials. Ed25519 key auth is also supported for passwordless access.
Lightweight & Fast
Written in C with minimal dependencies. Low memory footprint, instant startup, and efficient binary protocol with sub-millisecond overhead.
Multiplexed Sessions
Multiple concurrent PTY sessions over a single connection. Efficient resource usage with unique session routing and zero extra transport overhead.
Secure File Transfer
Bidirectional chunked file transfer over P2P or relay. Drag files between file managers on different devices, or drop files from a file manager directly into a terminal session.
Layered Security
XShell does not rely on any single layer for protection. Transport, channel, application, and authentication each operate independently — compromising one does not weaken the others. Defense in depth by design.
All WebSocket connections secured with WSS. Server certificate verification and MITM protection.
WebRTC data channels secured with Datagram TLS. Signaling integrity protected by authenticated E2E channel.
Terminal data encrypted end-to-end using AES-256-SIV. Encryption keys are derived via HKDF-SHA256 from the SRP session key, combined with dual nonces (host + client) and host ID context, ensuring mutual freshness and preventing key prediction or replay.
Zero-knowledge password proof. Mutual verification without transmitting credentials in any form. No stored plaintext secrets. Resistant to passive and active interception.
Zero-Knowledge Relay: The relay server is cryptographically incapable of decrypting session data. Every encrypted packet includes a monotonic continuity counter for replay protection and authenticated message framing for tamper detection.
How XShell Compares
XShell is not a VPN, not an access proxy, and not a tunnel service. It is a purpose-built P2P terminal and file access solution with a fundamentally different security model.
| Feature | XShell | Tailscale | Teleport | CF Tunnel | WireGuard |
|---|---|---|---|---|---|
| Primary Model | Direct P2P terminal | Mesh VPN | Access proxy | Reverse tunnel | Layer-3 VPN |
| Requires VPN | No | Yes | No | No | Yes |
| Port Forwarding | Not needed | No | No | No | Depends |
| Direct P2P | Yes (preferred) | Yes | No | No | Yes |
| Relay Fallback | E2E preserved | DERP relay | N/A | Always proxied | No |
| Post-Transport E2E | AES-256-SIV | Transport only | Transport only | Transport only | Transport only |
| Zero-Knowledge Relay | Yes | Yes (DERP cannot decrypt) | No (proxy terminates TLS) | No (terminates at edge) | N/A |
| Zero-Knowledge Auth | SRP-6a | No (OIDC) | No (IdP/cert) | No | No |
| Attack Exposure Model | Single controlled execution channel (PTY) | Network-level access (subnet routing) | Proxy-mediated access control | Edge-proxied service exposure | Network-level access |
| Scope | Terminal / File | Full network | Infra platform | HTTP services | Full network |
Installation
Install XShell in seconds using your system package manager. Add the repository and install with a single command.
Debian / Ubuntu / Raspbian (apt)
# Add the XShell signing keycurl -fsSL https://pkg.xshell.online/keys/xshell.asc \ | sudo gpg --dearmor -o /usr/share/keyrings/xshell.gpg# Add the XShell repositoryecho "deb [signed-by=/usr/share/keyrings/xshell.gpg] https://pkg.xshell.online/apt stable main" \ | sudo tee /etc/apt/sources.list.d/xshell.list# Installsudo apt updatesudo apt install xshellFedora / RHEL / Alma / Rocky (dnf)
# Add the XShell signing keysudo rpm --import https://pkg.xshell.online/keys/xshell.asc# Add the XShell repositorysudo tee /etc/yum.repos.d/xshell.repo >/dev/null <<'EOF'[xshell]name=XShellbaseurl=https://pkg.xshell.online/rpm/el/8/$basearchenabled=1gpgcheck=1repo_gpgcheck=0gpgkey=https://pkg.xshell.online/keys/xshell.ascEOF# Installsudo dnf install xshellmacOS (Homebrew)
# Add the XShell tapbrew tap xshelld/xshell# Installbrew install xshellReady to Get Started?
Sign in to enroll your first device, manage your devices, and start secure remote sessions.
Log In to XShell