FOR DEVOPS ENGINEERS

Every file you deploy, verified.
Every change on your server, detected.

SHA-256 verified file transfers, deploy manifests with cryptographic snapshots, and infrastructure drift detection that catches unauthorized changes before they become incidents.

Try Free — No Credit CardView Features

The deployment integrity gap

Standard SFTP and SCP provide transport encryption but zero artifact integrity. Files can be corrupted during transfer, partially uploaded, or silently modified after landing. There is no built-in mechanism to verify that what you deployed is what ended up on disk.

Once deployed, production servers drift. Someone SSH-es in for a “quick fix.” A compromised CI/CD pipeline injects modified artifacts. A rogue process modifies a config. Without active integrity monitoring, these changes go undetected until something breaks.

sshDCommander bridges the gap.

File transfer integrity, built in

SHA-256 verified every byte

Streaming checksums computed during transfer — not after. No second pass. If a single byte is corrupted, you know immediately.

Deploy manifests

JSON snapshot of every deployed file with checksums, sizes, and timestamps. A cryptographic record of what was deployed, when, and by whom.

Drift detection

Verify server state against the manifest at any time. Modified files, unexpected additions, missing files — all flagged in seconds.

Atomic .part file pattern

Interrupted uploads never go live. Files are written to .part first and atomically swapped only after checksum verification.

Resume interrupted transfers

Large deployments resume from where they stopped. No re-uploading 500 MB because the last 2 MB failed.

Source code protection

SHA-256 manifests of your entire codebase. Detect tampering, supply chain attacks, or unauthorized modifications.

Deploy with confidence

deployment with manifest verification
# Deploy with manifest
$ sshdcp --server prod --client-id deploy upload ./dist/ /opt/app/dist/ --manifest deploy-2026-04.json
12 files uploaded SHA-256 verified, manifest saved
# Later: verify nothing changed
$ sshdcp --server prod --client-id monitor verify deploy-2026-04.json
11/12 files match manifest
MODIFIED: /opt/app/dist/config.json (checksum mismatch)
# Drift detected. Someone changed config.json after deployment.

Multi-server fleet management

✓
Session pool
One persistent SSH connection per server. Up to 10+ concurrent. Auto-connect on first request.
✓
Server groups
Define groups (web, db, staging) and execute across all members with a single command.
✓
Per-server locks
Parallel operations across different servers. Same-server access serialized with SESSION_BUSY.
✓
Auto-reconnect
Dead connection detection via keepalive. Exponential backoff with jitter. Mid-command recovery.
fleet operations
$ sshdcmd --servers web1,web2,web3 --client-id deploy "systemctl status nginx"
[web1] nginx.service - active (running)
[web2] nginx.service - active (running)
[web3] nginx.service - active (running)
$ sshdcmd --group production --client-id deploy "df -h /opt/app"

Enterprise governance without enterprise pricing

Need policy control? sshDCommander Enterprise adds everything Teleport and CyberArk have — plus verified transfers and drift detection they don't.

✓Command allowlists and blocklists (regex)
✓RBAC with role templates
✓SSO/OIDC Device Authorization
✓Ephemeral short-lived SSH certificates
✓External secrets (Vault, AWS, Azure, GCP)
✓Pre-change backup with automatic rollback

Teleport starts at €1,500/year. CyberArk starts at €50,000/year.
sshDCommander Enterprise: €449/year.
Same policy control. Plus verified transfers and drift detection they do not have.

Deploy with cryptographic confidence

Base: €99/year. Enterprise: €449/year. 14-day free trial, no credit card required.

View PricingDownload v4.0.0