FOR SECURITY & COMPLIANCE

SSH policy & compliance
at 1/10th the cost.

Policy engine, RBAC, SSO/OIDC, session recording with HMAC integrity seals, and SIEM export. Everything Teleport and CyberArk offer for SSH governance — plus verified file transfers and drift detection they don't.

Try Free — 30-Day Enterprise TrialCompare Features

Enterprise SSH pricing, compared

Teleport
€1,500+
per year (Team tier)
sshDCommander
€449
per year (Enterprise)
+ verified transfers & drift detection
CyberArk
€50,000+
per year (PAM suite)

Policy engine & access control

✓
Command allowlists & blocklists
Regex-based patterns. Define exactly which commands each role can execute.
✓
SFTP path access control
Restrict file transfer paths and enforce transfer size limits per client.
✓
RBAC with role templates
Define roles with granular permissions. Assign roles to users and groups.
✓
SSO/OIDC Device Authorization
Integrate with your identity provider. Group-to-role mapping. No separate credentials.
✓
Connection rate limiting
Per-client rate limits, time-of-day restrictions, and session quotas.
✓
Ephemeral SSH certificates
Short-lived certificates issued on-demand. No long-lived SSH keys to manage or rotate.
✓
Encrypted policy files
Ed25519 + AES-256-GCM encrypted configuration. Policy signing and verification.
✓
External secrets managers
Integrate with Vault, AWS Secrets Manager, Azure Key Vault, or GCP Secret Manager.

Compliance-grade session recording

The Audit add-on provides tamper-proof session recording suitable for SOC2, ISO 27001, and PCI-DSS audits.

HMAC-SHA-256 sealed recordings

Every session is cryptographically sealed at capture time. If anyone modifies the recording after the fact, the seal breaks. Tamper-evident by design.

Full session replay

Search, filter, and replay any recorded session. See exactly what was executed, when, and by which client-id.

SIEM / syslog / webhook export

Stream events to your SIEM, syslog server, or webhook endpoint. Integrate with Splunk, Elastic, Datadog, or any log aggregator.

Credential masking

Passwords, tokens, and secrets are automatically masked in recorded output. No sensitive data in your audit logs.

SOC2 Ready
ISO 27001 Ready
PCI-DSS Ready

Change management & rollback

Pre-change backup

Every file modification is automatically backed up before the change is applied. If something goes wrong, automatic rollback restores the previous state.

Post-change verification

After every change, the new state is verified against the expected outcome. Integrity checks confirm the modification was applied correctly.

Enterprise SSH governance, accessible pricing

Enterprise: €449/year (€37/month). Enterprise + Audit: €649/year (€54/month).

30-day free trial, no credit card required.

View PricingCompare All Features