Reach your computers, servers, terminal, files, and code editor from any browser — through secure direct connections. Nothing listens on the public internet. No VPN to run. No port to forward.
Desktop, terminal, file transfer, and code editing — directly from your browser.
Pick up exactly where you left off — desktop, terminal, files — from any browser. No tunnels to babysit, no IP to remember.
Drag and drop files between your laptop, desktop, and servers. Transfers go directly, encrypted, at full local speed.
Open your projects in a full editor running against the real filesystem. No syncing, no remote IDE, no setup.
XShell is for the everyday cases where the machine is yours, but reaching it still feels harder than it should.
Keep your files on your own machine and reach them from any browser. No third-party drive, no upload, no quota.
Open a shell on a home or office computer from work, travel, or your phone — no static IP, no router changes, no VPN.
Edit code in the browser against the actual filesystem. Build, run, restart services — without syncing or remote IDEs.
When something is wrong and the machine that needs attention is at home, your phone is enough.
Drag and drop directly between your laptop, desktop, and servers. Transfers go peer-to-peer, encrypted, at full speed.
Manage lab boxes, Raspberry Pis, and private servers while keeping every inbound port closed.
Three steps from a fresh machine to a working session in your browser.
Install on the machine you want to reach. One command for Debian, Fedora, or macOS. Open source, runs as you, no daemon listening on the internet.
Log in in the browser, click Add device, then run the generated pairing command in the agent terminal. The device appears in your workspace.
Pick the device, get a terminal, file manager, or code editor — over a direct, end-to-end encrypted connection.
Every machine you've paired shows up in one place — laptops, home PCs, hosting boxes, Raspberry Pis. You can see what's online, share a device with someone you trust, rename it, rotate its credentials, or revoke access entirely.
XShell is built so that even the service operating it can't see what you do with it.
Every keystroke, file transfer, and editor action is encrypted between your device and your browser. The relay we run is cryptographically excluded — it can route traffic, but it can't see inside it.
Your machine doesn't open ports, doesn't forward, doesn't accept inbound connections. The agent reaches out — attackers have no surface to scan.
Authentication uses a zero-knowledge proof. Your password is never sent to the server in any form — not encrypted, not hashed in transit. The server can't impersonate you either.
What runs on your machine is GPLv3-licensed and auditable. You can read the code, build it yourself, and verify exactly what's connecting where.
XShell is purpose-built for one job: secure remote access to your devices. Here's how it lines up against common alternatives.
No port forwarding, no static IP, no key files to manage. Works from any browser including mobile, with a file manager and code editor built in.
A VPN puts your whole network on the line and asks you to install a client, configure routing, and manage keys on every device. XShell is a one-command install on the machine you want to reach — no network config, no client app, no headaches. One controlled channel instead of full network access.
Files stay on your machine. Transfers go directly between your devices — no third-party storage, no upload quota, no provider that can read your data.
Start free, upgrade when you need more devices or relay-backed fallback for trickier networks.
For trying it out and personal use
For people with more than one machine
P2P traffic is always free. Only TURN-relayed bytes count toward your quota.
View pricingAdd the repository and install with a single command. The agent is open source — you can read it before you run it.
# Add the XShell signing keycurl -fsSL https://pkg.xshell.online/keys/xshell.asc \ | sudo gpg --dearmor -o /usr/share/keyrings/xshell.gpg# Add the XShell repositoryecho "deb [signed-by=/usr/share/keyrings/xshell.gpg] https://pkg.xshell.online/apt stable main" \ | sudo tee /etc/apt/sources.list.d/xshell.list# Installsudo apt updatesudo apt install xshell# Add the XShell signing keysudo rpm --import https://pkg.xshell.online/keys/xshell.asc# Add the XShell repositorysudo tee /etc/yum.repos.d/xshell.repo >/dev/null <<'EOF'[xshell]name=XShellbaseurl=https://pkg.xshell.online/rpm/el/8/$basearchenabled=1gpgcheck=1repo_gpgcheck=0gpgkey=https://pkg.xshell.online/keys/xshell.ascEOF# Installsudo dnf install xshell# Add the XShell tapbrew tap xshelld/xshell# Installbrew install xshellIf your platform is not listed here, clone the agent and build it from source. XShell has a small dependency set and should build on most Unix-like systems. The project README will carry the build and install steps for source installs.
GitHub repositoryNo. The agent on your device opens an outbound connection to our relay. Nothing on your network needs to be reachable from the public internet.
No. Session data is end-to-end encrypted between your device and your browser. Our relay forwards encrypted bytes and cannot decrypt them. Even file transfers stay encrypted end-to-end.
Connections fall back through three layers so sessions stay reliable. First we try direct P2P. If a symmetric NAT or strict firewall blocks it, traffic moves to a TURN-assisted WebRTC path. If even that doesn't work, the session keeps running over our WebSocket relay. End-to-end encryption is preserved at every layer.
Direct peer-to-peer traffic is always free and never counted. Only TURN-assisted fallback bytes count toward your monthly quota. Pro users who don't want to use our TURN at all can configure their own TURN server in workspace settings — fallback then goes to it instead.
The agent — the code that runs on your machine — is open source under GPLv3. You can audit, build, and verify it yourself. The hosted service and control plane are operated by us.
Linux (Debian, Ubuntu, Raspbian, Fedora, RHEL, Alma, Rocky) on x86_64 and ARM, macOS via Homebrew, and Raspberry Pi. Windows support is in progress — see the roadmap for status.
Any modern browser with WebRTC support — Chrome, Firefox, Safari, Edge. No extensions, no native client to install.
Sign in, install the agent on one machine, and you'll be in a session from your browser in under five minutes.