v2.0 — by ILYGO · private beta

Lash your shells
to any server.

Hawser is a native SSH, SFTP, FTP and Telnet client with a local encrypted vault and optional zero-knowledge cloud sync. Heavy-duty connection that stays moored.

macOS Universal Soon See preview

macOS first · Windows & Linux next · 100% local-first · Apache 2.0 core

One client. All your protocols.

No more switching between iTerm + Cyberduck + 1Password. Hawser handles SSH, SFTP, FTP, Telnet, plus your credentials, in one native binary.

SSH that doesn't lag

Native Rust SSH engine. Sub-millisecond keystroke latency, no Electron overhead, no JS bridge. Your terminal feels local even on a transatlantic link.

SFTP, FTP & Telnet

One UI for every transfer protocol. Drag-and-drop file transfers, side-by-side panes, dashboard for Docker and Kubernetes hosts.

Encrypted vault, local-first

SSH keys, passwords, host configs. AES-256-GCM at rest, Argon2id key derivation. No cloud dependency — your secrets stay on your disk.

Zero-knowledge sync

Optional. Off by default. The server stores opaque ciphertext — we cannot decrypt your vault, even if compelled by court order.

Pre-save backups

Every save snapshots the previous version, kept locally. Roll back any corruption (cloud sync collision, disk hiccup) in one click. 5 versions retained.

Session recording

Replay any past terminal session with full ANSI fidelity. Useful for incident postmortems and onboarding new engineers.

A glimpse

Mockups based on the current build — final UI may evolve before public release.

Hawser SSH terminal

SSH terminal

Native xterm-compatible engine, ANSI 256-color theme tuned for readability on dark.

Hawser encrypted vault

Encrypted vault

Hosts, SSH keys, secrets, TOTP codes — all in one .ivault file. Touch ID unlock.

Hawser SFTP browser

SFTP browser

Two-pane local/remote, drag-and-drop transfers with live queue and per-file progress.

Hawser Docker dashboard

Docker & K8s dashboards

Live stack overview from the SSH session: CPU, memory, network, container health.

Built for people who don't trust the cloud.

Hawser is designed under a strict threat model: the server is hostile, your laptop may be lost, and credentials must survive both.

The server can't read your vault.

The master key never leaves your devices. Cloud sync only sees AES-256-GCM ciphertext. Even with full server access, an attacker gets opaque blobs.

Account compromise ≠ vault compromise.

Stealing your sync account password lets an attacker download your ciphertext. Without the (separate) vault password, it stays unreadable.

Versioning as a safety net.

Every save creates a new version, both locally (5 last) and on the cloud (30-day window). Corruption rolls back instantly.

Open format, no lock-in.

The .ivault format is documented and shared across the ILYGO suite. Export, audit, script — your data is portable.

Memory hygiene.

Master keys live in zeroized memory, scrubbed on drop. Auto-lock after configurable idle. No JS heap leaks.

Native code, audited stack.

Rust core, no Electron. Crypto via the RustCrypto org — battle-tested aes-gcm and argon2.

How Hawser compares

Same job, different priorities. Here's where we draw the line.

Hawser Termius Royal TSX iTerm + 1Password
SSH / SFTP / FTP / TelnetAll fourYesYesSSH only
Native (no Electron)RustElectronNativeNative
Zero-knowledge syncYesServer-side encryptionNoVia 1Password
Vault format openYesNoNoNo
Docker & K8s dashboardsBuilt-inNoPluginNo
Cross-platformmacOS first · Win/Linux soonYesmacOS onlymacOS only
Local-firstYesCloud-firstYesYes
Price (single user)Free desktop · Sync from 4€/mo10€/mo99€ one-time2 apps to buy

How the sync works

Three steps. The server learns nothing about your vault contents.

# 1. Open Hawser → Settings → Cloud sync (off by default) # 2. Configure server URL Server: https://hawser.ilygo-app.ch # 3. Register an account (your account password ≠ vault password) Email: alice@example.com Account password: ████████████ # Argon2 hashed server-side # 4. Pair this device with a remote vault. From now on: # - Push: uploads ciphertext blob (server sees no plaintext) # - Pull: downloads latest, atomic write to local file # - Versions: roll back to any of the last N saves

The server's source code is open. Read it on GitLab to verify the zero-knowledge claim yourself.

Hawser is in private beta.

Native binaries are in the works. The desktop app will be free; cloud sync is optional and starts free for 1 vault.

macOS Universal Soon Windows Soon Linux Soon

Want early access? Drop us a line.