purple is a free, open-source terminal SSH client for managing SSH servers. It reads your ~/.ssh/config and keeps it in sync with your cloud infra across 16 cloud providers, so new VMs appear in your host list and decommissioned hosts dim without manual edits. Plus instant search, visual file transfer, command snippets and automatic password management. Single Rust binary for macOS and Linux.

How does purple show live SSH tunnel activity?

Press Tab from the host list to switch to the dedicated Tunnels page. Every SSH forward across all your hosts shows up in one sortable, searchable list with current throughput, uptime and a green dot when active. The detail panel on the right opens automatically for active tunnels and shows: a per-client process roster (PID, source port, age, current bytes per second, sparkline of recent throughput, responsible app reported by the OS), a 60-second swimlane of channel opens and closes (Direct channels for LocalForward and RemoteForward, Dynamic channels for SOCKS), and uptime, peak concurrent and total opens counters. Sort with s (most recent / alphabetical), search with /, add a tunnel with a (host picker filters as you type) or use T from the host list for the per-host tunnel overlay.

Is purple an SSH bookmark manager?

Yes. purple stores every SSH host in ~/.ssh/config as a named bookmark, fuzzy-searches them by alias, hostname or tag, and connects on Enter. Frecency sorting keeps your most-used bookmarks on top. purple also keeps your bookmarks in sync with 16 cloud providers and signs short-lived Vault SSH certificates.

Can I transfer files between local and remote servers with purple?

Yes. Press F on any host to open the remote file explorer. It shows local files on the left and the remote server on the right. Navigate directories, select files and copy them between machines via scp. Works through ProxyJump chains, password sources and active tunnels.

What cloud providers does purple support?

purple keeps ~/.ssh/config in sync with 16 cloud providers: AWS EC2, Azure, DigitalOcean, GCP (Compute Engine), Hetzner, i3D.net, Leaseweb, Linode (Akamai), Oracle Cloud Infrastructure (OCI), OVHcloud, Proxmox VE, Scaleway, Tailscale, TransIP, UpCloud and Vultr. Drop in one API token per provider. New VMs appear in your host list automatically. Decommissioned hosts dim. No manual ssh config edits.

How do command snippets work in purple?

Save commands and run them on remote hosts via SSH. In the TUI, press r to run on the selected host, Ctrl+Space to multi-select hosts then r, or R to run on all visible hosts. The CLI alternative supports tag-based targeting (--tag prod) and parallel execution (--parallel). Snippets are stored locally in ~/.purple/snippets.

How does SSH password management work in purple?

Set a password source per host via the TUI or a global default. When you connect, purple acts as SSH_ASKPASS and retrieves the password automatically. Supported sources: OS Keychain, 1Password, Bitwarden, pass, HashiCorp Vault KV secrets engine and custom commands. For short-lived SSH certificates purple also integrates with the HashiCorp Vault SSH secrets engine (a separate engine).

Does purple modify my existing SSH config?

Only when you add, edit, delete or sync. All writes are atomic with automatic backups. Auto-sync runs on startup for providers that have it enabled (configurable per provider).

Will purple break my SSH config comments or formatting?

No. purple preserves comments, indentation and unknown directives through every read-write cycle. Consecutive blank lines are collapsed to one.

Does purple need a daemon or background process?

No. purple is a single Rust binary. Run it, use it, close it. No runtime, no daemon, no async framework.

Can I use purple with SSH Include files?

Yes. Hosts from Include files are displayed in the TUI but never modified. purple resolves Include directives recursively (up to depth 16) with tilde and glob expansion.

How do I sync Google Cloud (GCP) instances with purple?

In the TUI, press S to open the provider list, then add GCP. Fill in your service account JSON key file path, project ID and optionally specific zones. Purple reads the key, creates a JWT and exchanges it for an access token automatically. The CLI alternative is purple provider add gcp --token /path/to/sa-key.json --project my-project.

How do I sync Azure VMs with purple?

In the TUI, press S to open the provider list, then add Azure. Fill in your service principal JSON file path and subscription IDs. Supports both az CLI and portal credential formats. The CLI alternative is purple provider add azure --token /path/to/sp.json --regions SUBSCRIPTION_ID.

How do I sync Oracle Cloud Infrastructure (OCI) instances with purple?

In the TUI, press S to open the provider list, then add Oracle. Fill in your OCI config file path, compartment OCID and regions. The CLI alternative is purple provider add oracle --token ~/.oci/config --compartment OCID --regions eu-amsterdam-1. Requires IAM policies: read instance-family and read virtual-network-family.

How do I sync AWS EC2 instances with purple?

In the TUI, press S to open the provider list, then add AWS. Select your regions from the region picker and fill in your credentials profile or access key. The CLI alternative is purple provider add aws --profile default --regions us-east-1,eu-west-1. EC2 tags are synced (excluding internal aws:* tags). AMI names are resolved for OS metadata.

Is purple a Portainer alternative?

For container visibility and lifecycle control (shell, logs, restart, stop, exec, stack restart) over SSH, yes. The Containers tab lists every container across every host, grouped per host. No agent to install, no web UI to host, no ports to open. Works with Docker and Podman. Purple does not provide container creation, registry management or role-based access control.

purple - Terminal SSH, Tunnel and Container Manager in Rust

I had a perfectly good SSH config. Clean, well-organized, no complaints. That part worked.

What didn't work was the six other things I needed to do every day. Every container check was ssh, docker ps, scroll, repeat. Every file transfer was remembering scp flags. Every new cloud VM meant opening a console, copying an IP, editing my config by hand. And running the same command across a dozen hosts? That was either a bash loop or a whole Ansible setup for a one-liner.

So I put all of it in one terminal.

🔍 Find anything with one keystroke. Press : for Jump, a universal fuzzy search bar across hosts, tunnels, containers, snippets and actions. Searches the SSH User, ProxyJump and Vault SSH role too, so typing your username finds every server you log in as. Field prefixes user:, proxy:, vault: and tag: scope to a single SSH directive. Recent picks persist across sessions. Like Linear's Cmd+K, but in your terminal.

☁️ Your ssh config tracks your infra. Spin up a VM on AWS, Azure, GCP, Hetzner, Proxmox VE, Tailscale or 10 other cloud providers and it shows up in your host list. Destroy it and the entry dims. No more hand-editing after every Terraform run.

🐳 Manage every container in your fleet from one tab. Dedicated Containers page. Every Docker and Podman container grouped per host. Shell in, stream logs, restart, stop, exec or cycle a whole compose stack member by member. Tab from the Hosts page.

🚇 Watch your SSH tunnels in real time. Dedicated Tunnels page with live throughput, channel events and the apps moving bytes. Local, Remote and Dynamic SOCKS, all in one sortable view. Tab from the Hosts page.

📂 Browse and copy files between machines. Dual-pane file explorer. Local filesystem on one side, remote on the other. Handles ProxyJump chains and tunnels.

⚡ Run one command on many hosts. Pick a snippet, select your targets, execute. Results stream in per host.

🔑 Passwords handled for you. Plugs into OS Keychain, 1Password, Bitwarden, pass, the HashiCorp Vault KV secrets engine or a custom script. Credentials are fetched at connect time.

📜 Short-lived SSH certificates. Integrates with the HashiCorp Vault SSH secrets engine. Configure a role per host or per provider, press V to bulk-sign. Cached under ~/.purple/certs with automatic renewal.

🤖 Let AI agents manage your servers. Built-in MCP server with one-click .mcpb install for Claude Desktop. Works with Claude Code, Cursor, Windsurf and any MCP-compatible agent. Read-only mode and a JSON Lines audit log are built in.

📬 What's new overlay. Sticky toast and overlay summarizing releases since you last opened. Press n to reopen.

Cloud providers

AWS EC2
Azure
DigitalOcean
GCP
Hetzner
i3D.net
Leaseweb
Linode
Oracle Cloud
OVHcloud
Proxmox VE
Scaleway
Tailscale
TransIP
UpCloud
Vultr

FAQ

PURPLE(1)General Commands ManualPURPLE(1)

Does purple modify my SSH config?

Only when you explicitly add, edit, delete or sync. All writes are atomic with automatic backups. Comments, indentation and unknown directives are preserved.

Does it need a daemon or background process?

No. Single binary. Run it, use it, close it.

Does it send my config anywhere?

No. Your config never leaves your machine. Provider sync calls cloud APIs to fetch server lists. The TUI checks GitHub for new releases on startup (cached 24 hours). That's it.

How do I manage Docker containers across multiple servers from one terminal?

Press Tab from the Hosts page until you reach the dedicated Containers page. Every Docker and Podman container across your fleet appears in one list, grouped per host. The detail panel summarises engine version, runtime, sync age and running counts when the cursor sits on a divider. Enter shells in. l tails the last 200 log lines. K restarts. S stops. e runs a one-off command. Ctrl-K cycles a compose stack member by member. R refreshes every host in parallel. No agent, no web UI, no extra ports. Auto-detects Docker or Podman.

Can purple replace Lazydocker for multi-host workflows?

Yes. Lazydocker is built for one local host. purple's Containers page lists every container across every cached SSH host in one view: shell in, stream logs, restart, stop, exec or cycle a whole compose stack. R refreshes the whole fleet in parallel. K or S on a host divider sweeps every running container on that host at once. The detail panel reads docker inspect once and remembers, so image digest, restart policy, mounts, network and healthcheck render instantly as you arrow through.

Can AI assistants use purple?

Yes. Run curl -fsSL getpurple.sh | sh, then purple mcp to start the MCP server. Claude Code, Cursor, Windsurf and other agents get five tools: list_hosts, get_host, run_command, list_containers and container_action. Pass --read-only to restrict it to list_hosts, get_host and list_containers. Every call is logged to ~/.purple/mcp-audit.log by default (JSON Lines, mode 0o600, run_command body redacted). Claude Desktop users can install the .mcpb bundle from GitHub releases for a one-click setup. Full setup guide on the wiki.

How do I troubleshoot connection problems?

Run with --verbose to enable debug logging, then purple logs --tail in another terminal. Logs are written to ~/.purple/purple.log with fault domain prefixes: [external] for remote/tool errors, [config] for local config issues. Set PURPLE_LOG=trace for maximum detail.

purple v3.12.32026-05-12PURPLE(1)

$ curl -fsSL getpurple.sh | sh

One terminal. All your servers.

Open-source terminal SSH manager for macOS and Linux that keeps ~/.ssh/config in sync with your cloud infra. Spin up a VM, it shows up. Destroy it, it dims. Across 16 cloud providers.