惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

L
LINUX DO - 最新话题
C
Cyber Attacks, Cyber Crime and Cyber Security
G
GRAHAM CLULEY
T
Tenable Blog
T
Threatpost
C
CXSECURITY Database RSS Feed - CXSecurity.com
I
Intezer
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
D
Darknet – Hacking Tools, Hacker News & Cyber Security
K
Kaspersky official blog
Security Latest
Security Latest
P
Privacy & Cybersecurity Law Blog
Google Online Security Blog
Google Online Security Blog
SecWiki News
SecWiki News
P
Palo Alto Networks Blog
TaoSecurity Blog
TaoSecurity Blog
Webroot Blog
Webroot Blog
Spread Privacy
Spread Privacy
O
OpenAI News
The Last Watchdog
The Last Watchdog
P
Proofpoint News Feed
C
Check Point Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
人人都是产品经理
人人都是产品经理
S
Security @ Cisco Blogs
Scott Helme
Scott Helme
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
月光博客
月光博客
S
Securelist
酷 壳 – CoolShell
酷 壳 – CoolShell
V
V2EX
T
Troy Hunt's Blog
W
WeLiveSecurity
GbyAI
GbyAI
N
News | PayPal Newsroom
Y
Y Combinator Blog
C
Cisco Blogs
H
Help Net Security
The GitHub Blog
The GitHub Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
博客园 - 【当耐特】
Jina AI
Jina AI
MongoDB | Blog
MongoDB | Blog
P
Proofpoint News Feed
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
云风的 BLOG
云风的 BLOG
小众软件
小众软件
N
News and Events Feed by Topic

Show HN

GitHub - steveking-gh/firmion: Firmion is DSL and engine for firmware image generation. GitHub - villagesql/villagesql-skills: Agent skills for VillageSQL - gemini-cli-extension; claude-code-plugin GitHub - flightdeckhq/flightdeck: Observability and control plane for AI agents. CSP Radar GitHub - Light-Heart-Labs/DreamServer: Turn your PC, Mac, or Linux box into an AI server. LLM inference, chat UI, voice, agents, workflows, RAG, and image generation. GitHub - Diplomat-ai/diplomat-agent-ts: What can your TypeScript AI agent do to the real world? Scan your code. See which tool calls have zero checks Code Block Selector - Visual Studio Marketplace Prometheus dependency graph — interactive showcase | Riftmap Show HN: I made a vi-like modal keyboard plugin for Figma GitHub - run-llama/liteparse: A fast, helpful, and open-source document parser GitHub - dalemyers/Roar: A macOS CLI tool for notifications GitHub - district-solutions/open-agent-tools-coder: Enables small-to-large self-hosted ai models to use local source code when running tool-calling agentic workloads. We actively data mine 20,900+ (2+ TB) popular github repos using large and small ai models to create reuseable: json, markdown and parquet files for local-first tool-calling models. GitHub - progapandist/stripeek: A local TUI proxy for real-time Stripe API debugging, built for navigating complex payloads fast. GitHub - sir1st/hermes-desktop: All-in-one cross-platform desktop app for Hermes Agent — bundles Python + hermes-agent + hermes-web-ui GitHub - astefanutti/shaderbang: Shebang for Shaders Show HN: Generate Claude Code Workflows using Spec Driven Development approach GitHub - nixys/nxs-universal-chart: The Helm chart you can use to install any of your applications into Kubernetes/OpenShift Show HN: AI agents for UK GDAD PCF roles and their skills The Two Pillars: Mixer Mode and Meta-Software in the Reorganization of Software Work After AI GitHub - JaiCode08/teleport-env What 1,000+ Harness Experiments Taught Me About Self-Improving Agents Show HN: Liiists, a Markdown-first, iOS and CLI list app SwiperTab – Get this Extension for 🦊 Firefox (en-US) GitHub - kouhxp/fftext: Summarize, explain, fact-check, or translate any text, URL, or file. No GPU. No cloud. One command GitHub - sweetpad-dev/sweetpad: Develop Swift/iOS projects using VSCode GitHub - dogmaticdev/IRON: IRON a.k.a. Intermediate Representation Object Notation is a Interpreter/Database that is used to create Programming Languages. GitHub - sjhalani7/vaen: Package your AI coding harness into a portable .agent file, and share it across repos, teams, & the community without ever having to copy-paste instructions, skills, MCP config, or secrets. Show HN: Gandalf the Grader Show HN: Citadeld – replay any CI failure locally from a single file GitHub - tdortman/cuSBF: High-Performance GPU Super Bloom Filter coral-ai/claude-code-token-xray at main · Coral-Bricks-AI/coral-ai GitHub - ulyssestenn/funes: Funes is a Git-based framework for LLM-managed knowledge work: an AI Librarian ingests raw sources, builds an interlinked Markdown knowledge base, and uses it to produce cited reports, analyses, and other outputs. GitHub - ThatXliner/gah: Git Add Hunk, built for agents to use GitHub - harmont-dev/harmont-cli: Command-line client for the Harmont CI platform GitHub - brooksmcmillin/mcp-authflow: OAuth 2.0 Authorization Server framework for MCP servers GitHub - javaid-codes/audit-supply-chain-agents GitHub - amorey/gochan: A small library of common channel architectures for Go, inspired by Rust GitHub - arifozgun/OpenGem: Free, Open-Source AI API Gateway with Gemini, OpenAI & Anthropic Compatibility in 1 file GitHub - Pranesh950/BioPetals: 🌸 Run BIOxAI models at home, BitTorrent-style. Fine-tuning and inference up to 10x faster than offloading GitHub - cnguyen14/bounty-doctor: Diagnose a GitHub bounty issue before you waste hours: detects honeypot scam repos, AI-bot attempt swarms, and stale contests. Show HN: CoreMCP – MCP Server for On-Prem DBs Show HN: KittyHTML – Render HTML/CSS as an inline image in your terminal GitHub - bingud/filemat: Web-based file manager Show HN: TruthLens – Free multi-signal deepfake image detector GitHub - apexlocal-jz/claude-usage-tray: Windows system-tray app showing your Claude Code rate-limit usage at a glance. Zero deps, ~300 lines of PowerShell. Cross-IDE (works regardless of VS Code, Cursor, plain terminal). Release v0.1.2.1 · kouhxp/yapsnap GitHub - noopolis/moltnet: Self-hostable chat network for AI agents. Pre-built bridges for Claude Code, Codex, and the Claws. Rooms, DMs, history. No Slack bots, no Matrix, no glue code. GitHub - tamerh/enju: Coordinating Humans, AI Agents, and Compute as Peers on a Shared Workflow Graph Show HN: Continuity-auth – Respect-weighted rate limits for the open web GitHub - luml-ai/luml: AI lifecycle platform where engineers and agents track experiments, train models, and ship to production. GitHub - mrdanielcasper/CoreTex: A UNIX-inspired, biomimetic, flat-file AI harness and knowledge engine. GitHub - clemg/pierre-github: Pierre's diffs.com and trees.software for Github GitHub - lyriks-io/unspaghettit: Behavior-driven AI development without prompt spaghetti. GitHub - sofumel/claude-handoff-revive: Resume Claude Code work after rate/usage/context limits without replaying the prior transcript. Auto-saves at 90%/95% usage. Plugin-installable, 10 languages. GitHub - dotexorg/saferpc: Typed, end-to-end encrypted RPC over any bidirectional channel. GitHub - BeeZeeAgent/beezee: Agent harness orchestration Legato Next.js Boilerplate for Internal Tools · CoreUI GitHub - clark-labs-inc/clark-hash: Clark Hash, 32x smaller searchable sketches for embeddings GitHub - ZeroPointRepo/youtube-mcp: The fastest YouTube transcript + YouTube search MCP for AI agents. Try for free. Typing Mastery — climb toward 100+ WPM, deliberately GitHub - Andebugulin/Awareen GitHub - fayzan123/claude-workflow-composer: Visual desktop app for composing multi-agent coding workflows. Drag agents, attach skills and MCPs, wire handoffs, export to .claude/ GitHub - harshaneel/humanize: Best static AI text humanizer. Two research-grounded skills that work in any LLM (Claude, ChatGPT, Gemini, Codex): humanize beats perplexity-based detectors, ai-check produces forensic scoring with evidence-quoted flags. Nine levers, 50+ peer-reviewed sources, 2024-2026 detection literature. GitHub - StackOneHQ/stack-nudge GitHub - nodes-app/swift-markdown-engine: A native AppKit Markdown editor for macOS, built on TextKit 2 and bridged to SwiftUI. We hardened an LLM agent. Each defense we added made it more exploitable. GitHub - alkait/WhatsKept: Agent-queryable WhatsApp history from an iOS backup — a single Go binary. GitHub - octelium/cordium: Open-source, general-purpose sandbox platform for devs and AI agents that provides identity-based secure access to infrastructure without credentials. WAR.GOV/UFO Microfilm5 GitHub - scosman/videowright: Build animated explainer videos with your coding agent GitHub - dipankar/dscode: The code editor you can take apart. GitHub - zoharbabin/web-researcher-mcp: MCP server (Go) for AI assistants: web search, content extraction, academic/patent/news research. Multi-provider routing, 4-tier scraping, search lenses. Works with Claude, Cursor, and any MCP client. GitHub - ruvnet/RuView: π RuView turns commodity WiFi signals into real-time spatial intelligence, vital sign monitoring, and presence detection — all without a single pixel of video. GitHub - scanaislop/aislop: Catch the slop AI coding agents leave in your code: narrative comments, swallowed exceptions, as-any casts, dead code, oversized functions. 50+ rules across 7 languages (TypeScript, JavaScript, Python, Go, Rust, Ruby, PHP). Sub-second, deterministic, no LLM at runtime. MIT-licensed. GitHub - kouhxp/cheap-im: CPU-only voice agent approximating Thinking Machines' Interaction Models demo GitHub - unprovable/OrchidMantis: Orchid Mantis — standalone framework for Zero-Knowledge Proofs of eXploit (ZKPoX). GitHub - MarcellM01/TinySearch: Shrink the web for your local LLMs! GitHub - TangibleResearch/Halgorithem: A Algo designed to detect AI Hallucitions GitHub - DO-SAY-GO/freelang: I love freelang GitHub - CarpseDeam/Aura-IDE: An AI coding harness that shaped itself - Planner/Worker agents, repo awareness, surgical edits, validation, recovery, and safe diff approvals. GitHub - chojs23/concord: A feature-rich TUI client for Discord GitHub - tommyjepsen/awesome-ux-skills: UX & AI Product designs skills you can use today in Claude Code GitHub - aerf-spec/aerf: Agent Evidence Receipt Format (AERF) — an open specification for tamper-evident, independently verifiable records of AI agent actions. GitHub - kklimuk/docx-cli: CLI for AI agents (Claude, Codex) to read, edit, and comment on .docx files with full format fidelity. GitHub - Jwrede/tokentoll: Catch LLM cost changes in code review. Infracost for LLM spend. GitHub - samchon/ttsc: A `typescript-go` toolchain for compiler-powered plugins and type-safe execution + 500x faster lint integrated into compiler GitHub - Higangssh/homebutler: 🏠 Manage your homelab from chat. Single binary, zero dependencies. GitHub - olalie/tapmap: See where your computer connects and what stands out on a live world map. GitHub - Diplomat-ai/diplomat-agent: What can your AI agent do to the real world? Scan your code. See which tool calls have zero checks GitHub - Bajusz15/beacon: Open-source agent for secure remote access, monitoring, and deploys across home-lab and self-hosted machines like Raspberry Pi, N100, or any Linux server. Open web based TTY or tunnel Home Assistant and other local services securely without opening ports. BigTech AI News - Chrome 应用商店 GitHub - vinhnx/VTCode: VT Code is an open-source coding agent with LLM-native code understanding and robust shell safety. Supports multiple LLM providers with automatic failover and efficient context management. GitHub - michaelaz774/decision-engine: A decision operating system for startup founders, powered by Claude Code. Synthesizes wisdom from 25+ legendary founders and investors into interactive AI-driven decision frameworks. GitHub - Chrilleweb/dotenv-diff: Validate environment variable usage in your codebase GitHub - Lumen-Labs/brainapi2: BrainAPI is a knowledge graph–powered AI memory layer that transforms unstructured data into structured knowledge, enabling intelligent search, recommendations, and contextual memory for AI agents and applications. GitHub - familiar-software/familiar: Let AI watch you work. Familiar lets your AI update its memory, skills, and knowledge by watching your screen. GitHub - skorotkiewicz/rudo: A small, elegant dock for Wayland GitHub - muxshed/shed: One stream in, or many. Every destination, simultaneously. No cloud middleman, no per-channel fees, no limits. make sidebar/address bar rounded corner toggleable
How to Share Temporary Server Access Securely (2026)
Oğuz Yeşil · 2026-06-14 · via Show HN

Last Updated on 18 hours ago by

Every developer, agency, and system administrator faces the same dilemma sooner or later: how do you share temporary server access securely without handing over your own credentials, creating permanent security holes, or losing track of what they did?

Whether you are onboarding a freelancer, letting a colleague debug an issue, or giving a client limited access to their own environment, the risks are identical. Share your personal SSH key and you lose control. Create a permanent user account and you forget to delete it. Use a shared password and you have no idea who ran rm -rf at 3 AM.

That is exactly why we built Safe Share – a new feature inside Local Panel that lets you grant temporary, restricted server access in under 30 seconds. No credential sharing. No permanent accounts. No guesswork.

In this guide, we compare the best SSH tools for temporary server access, examine how they handle auditability, and show you why the old ways are no longer good enough.


Why Temporary Server Access Is a Security Nightmare

The traditional methods for sharing server access are broken:

MethodProblem
Sharing your own SSH keyIf it leaks, your entire infrastructure is compromised.
Creating a permanent userYou forget to delete it. It sits there for months.
Shared team passwordsZero accountability. Anyone can blame “someone else.”
Manual firewall rulesTime-consuming, error-prone, and rarely reversed.

The real question is not how to share access. It is how to share access that automatically expires, restricts what the recipient can actually do, and does not require you to remember to clean up afterwards.


How Existing SSH Tools Handle Temporary Access

1. PuTTY / OpenSSH

The standard. You can manually create a user, set a password, and email it. But:

  • No automatic expiry
  • No audit logging by default
  • No command restrictions without complex sudoers or chroot configuration
  • You must remember to delete the user afterwards

Auditability: Poor. You get system logs if you configure them manually, but nothing native.

2. Termius

A modern SSH client with team sharing. You can share connections via its cloud vault.

  • Requires the recipient to use Termius
  • Shared credentials live in someone else’s app
  • No fine-grained command restrictions
  • No automatic user expiry on the server itself

Auditability: Moderate. Team activity logs exist, but they are client-side, not server-side.

3. Teleport

An enterprise-grade access plane. Supports temporary certificates, session recording, and role-based access.

  • Excellent auditability and temporary access
  • Requires server-side installation (agent)
  • Complex setup for small teams
  • Overkill for a single VPS or small agency

Auditability: Excellent. But the complexity and cost are prohibitive for many users.

4. AWS Session Manager / Azure Bastion

Cloud-native solutions. Great if you live entirely inside AWS or Azure.

  • Works only within their ecosystems
  • Requires cloud infrastructure configuration
  • Useless for on-premise servers, DigitalOcean droplets, or Hetzner boxes

Auditability: Excellent within their platforms. Non-existent outside them.


Local Panel Safe Share: A Different Approach

Safe Share is built into Local Panel — the native desktop server management app for macOS, Windows, and Linux (via Snapcraft). It does not require installing agents on your server. It does not need cloud infrastructure. It uses your existing SSH connection and adds a secure, temporary access layer on top.

Here is what makes it different: you choose the method, set the duration, define the restrictions, and walk away. Everything else is automatic.


The Three Safe Share Methods

Method 1: Local User — Auto-Expiring SSH Credentials

Best for: External contractors, temporary team members, or anyone who needs a standard SSH connection.

How it works:

  1. Open Local Panel and select your server
  2. Choose Safe Share → Local User
  3. Set the duration: 1 hour, 3 hours, 1 day, 3 days, 1 week, 1 month, or 3 months
  4. Local Panel creates a temporary SSH user on your server with a random username and password
  5. The credentials are displayed to you — share them securely with the recipient
  6. When the timer expires, the user is automatically deleted from the server and any active sessions are terminated

What the recipient sees: A standard SSH login. They can use any terminal client (PuTTY, Terminal, Termius) to connect.

What you get: No permanent accounts. No forgotten users. No credential reuse.


Method 2: Web Terminal — Browser-Based Access via Email Code

Best for: Non-technical clients, quick debugging sessions, or situations where you do not want to share SSH credentials at all.

How it works:

  1. Choose Safe Share → Web Terminal
  2. Enter the recipient’s email address
  3. Set the duration and security restrictions
  4. Local Panel sends the recipient a unique access code and a web terminal link
  5. The recipient opens the link in their browser, enters their email and the code
  6. They get a fully functional terminal session inside the browser — no SSH client required

What the recipient sees: A web page with a terminal. They type commands, run scripts, and inspect logs exactly as they would in a native terminal.

What you get: Zero credential exposure. The recipient never touches your server directly. The session is ephemeral.


Method 3: Share Code — Local Panel to Local Panel

Best for: Team members, other developers, or anyone who already uses Local Panel or Local Panel Lite.

How it works:

  1. Choose Safe Share → Share Code
  2. Local Panel generates a unique share code
  3. Send the code to another Local Panel user
  4. They enter the code in their app and connect directly to your server
  5. The connection expires automatically when the duration ends, and any active sessions are terminated

What the recipient sees: The server appears in their Local Panel sidebar, ready to manage with the same visual interface you use.

What you get: Seamless team collaboration with the same native desktop experience.


Security Controls: What You Can Restrict

Safe Share is not just about temporary access. It is about correctly scoped temporary access. Every method supports the following restrictions:

1. Starting Directory

Set the initial folder the recipient sees when they connect. For example, lock them into /var/www/client-site so they land there immediately. Note: this sets the starting directory — the user can still navigate elsewhere using cd unless you specifically block the cd command in Security Mode.

2. Welcome Banner

Display a custom message when the recipient connects (up to 500 characters). Use it for:

  • Legal disclaimers
  • Scope reminders (“You are authorised to restart Nginx only”)
  • Contact information

Note: Welcome Banner is available in Local Panel. In Local Panel Lite, this feature is not available.

3. Security Mode — Command and Permission Restrictions

This is where Safe Share moves from “convenient” to “enterprise-grade.”

RestrictionWhat It Does
Allowed sudo commandsWhitelist exactly which commands can run with sudo. For example: sudo systemctl restart nginx, sudo ufw status.
Blocked commandsBlacklist any command you want. Type ls and the user gets “Permission denied.” Type cd and it is blocked. Type rm and it is stopped.
SFTP read/write permissionsControl file transfer access. Read-only prevents the user from downloading files to their own machine via SFTP. Write-only prevents them from uploading files from their machine. Note: these restrictions apply to SFTP file transfers, not to shell-based file editing. If the user has shell access, they can still modify files using editors like Nano or Vim inside the terminal.

Example scenario: You hire a junior developer to fix a CSS bug. You give them:

  • Web Terminal access for 3 hours
  • Starting directory: /var/www/html
  • Blocked commands: rm, sudo, chmod, chown
  • SFTP: read-only

They can view files, edit CSS inside the terminal, and test changes. They cannot delete anything, escalate privileges, or download source files to their local machine. When the 3 hours expire, their access vanishes.


What You See as the Owner

Safe Share gives you a clear overview of active shares:

FeatureWhat You See
Remaining timeA live countdown showing exactly how much time is left on each share
Active sessionsWhich shares are currently in use
Auto-deletionWhen the timer hits zero, the user is deleted and all sessions are terminated automatically

Unlike complex enterprise setups, you do not need a separate logging infrastructure. Safe Share handles the lifecycle automatically.


Comparison Table: Temporary Access Tools at a Glance

FeaturePuTTYTermiusTeleportAWS SSMLocal Panel Safe Share
Setup time10+ min5 minHours30+ minUnder 30 seconds
Automatic expiry❌ Manual❌ No✅ Yes✅ Yes✅ Yes
No credential sharing❌ No❌ No✅ Yes✅ Yes✅ Yes
Web terminal❌ No❌ No✅ Yes✅ Yes✅ Yes
Command restrictions❌ Complex❌ No✅ Yes✅ Yes✅ Yes
SFTP controls❌ Manual❌ No✅ Yes✅ Yes✅ Yes
Agentless✅ Yes✅ Yes❌ No❌ Cloud only✅ Yes
Cross-platformWindowsAllLinux/CloudAWS onlymacOS/Win/Linux

Safe Share Availability

Local Panel (full version) includes all Safe Share features:

  • All durations: 1 hour, 3 hours, 1 day, 3 days, 1 week, 1 month, 3 months
  • Welcome Banner
  • Full Security Mode restrictions

Local Panel Lite (free version, available via Snapcraft on Linux) includes Safe Share with limited durations:

  • Available durations: 1 hour, 3 hours, 1 day, 3 days
  • Longer durations (1 week, 1 month, 3 months) require Local Panel
  • Welcome Banner is not available in Lite

When to Use Which Safe Share Method

SituationRecommended Method
Freelancer needs SSH for a dayLocal User — 1 day, restricted directory, blocked sudo
Client wants to check their logsWeb Terminal — 3 hours, read-only, no credentials shared
Team member needs to deploy a fixShare Code — 1 week, limited sudo commands
Emergency access for on-call engineerLocal User — 1 hour, full access, auto-destructs
Non-technical stakeholder needs to verify dataWeb Terminal — 1 hour, single directory, custom banner

Frequently Asked Questions

Can the recipient use their own SSH client with Safe Share?

Yes, if you use Method 1 (Local User). They receive standard SSH credentials and can connect via PuTTY, Terminal, or any SSH client. Methods 2 and 3 use Local Panel’s native interfaces.

What happens when the Safe Share time expires?

For all three methods, the temporary user is automatically deleted from the server and any active sessions are terminated immediately. No manual cleanup required.

Is Safe Share available in Local Panel Lite?

Yes, Safe Share is available in Local Panel Lite with limited duration options: 1 hour, 3 hours, 1 day, and 3 days. Longer durations (1 week, 1 month, 3 months) and the Welcome Banner feature require the full Local Panel.

Does Safe Share work on Linux?

Yes. Local Panel Lite is available via Snapcraft and supports Safe Share functionality.

Can I see what commands a temporary user ran?

Safe Share focuses on access control and automatic expiry rather than session recording. Command history is captured in standard server logs where available. For full session recording, you would need to pair Safe Share with your server’s existing logging infrastructure.

Can I block the user from changing directories?

You can set a Starting Directory, but the user can still cd elsewhere unless you specifically add cd to the Blocked Commands list in Security Mode.


Final Thoughts

Sharing server access does not have to mean sharing trust. The best SSH tools for temporary access are the ones that assume the user will eventually become a risk — and plan for it.

Safe Share treats every temporary access grant as a potential security event. It limits scope, sets hard deadlines, and cleans up after itself. Whether you are managing one server or fifty, giving access to a colleague or a client, the workflow is identical: open Local Panel, set the rules, share the access, and let it self-destruct.

No more forgotten user accounts. No more shared passwords. No more wondering who still has access.

Ready to secure your temporary access workflow?

Local Panel


Local Panel Lite