A fast, terminal-based SSH tunnel manager with a TUI and background service.
- Interactive TUI — Manage all your tunnels from a single interface
- Background service — Tunnels persist even after closing the TUI
- systemd integration — Optional systemd user service for auto-start on login
- Vim-style navigation —
j/kto navigate,Enterto toggle - Multiple auth methods — SSH agent, public key, and password
- SSH config support — Use hosts from
~/.ssh/configdirectly - Simple configuration — TOML-based config file
- Real-time status — Push-based status updates in the TUI
go install github.com/JoshElias/gurren@latestOr build manually:
git clone https://github.com/JoshElias/gurren.git
cd gurren
go build .Coming soon.
# Stable release
yay -S gurren
# Development version (latest git)
yay -S gurren-git- Create a config file at
~/.config/gurren/config.toml:
[[tunnels]]
name = "my-database"
host = "user@bastion.example.com"
remote = "db.internal:5432"
local = "localhost:5432"- Launch the TUI:
gurren- Use
j/kto navigate,Enterto connect/disconnect,qto quit.
gurrenLaunches the interactive terminal interface. The service starts automatically if not running.
Key bindings:
| Key | Action |
|---|---|
j / ↓ |
Move down |
k / ↑ |
Move up |
Enter |
Toggle connection |
q |
Quit (tunnels keep running) |
# List all tunnels with status
gurren ls
gurren ls --json
# Connect/disconnect via CLI
gurren connect my-database
gurren disconnect my-database
# Direct connection with flags (bypasses config)
# --host accepts user@host:port or a Host from ~/.ssh/config
gurren connect --host user@bastion:22 --remote db:5432 --local localhost:5432
gurren connect --host my-ssh-host --remote db:5432 --local localhost:5432
# Service management
gurren service start # Start service in background
gurren service stop # Stop service and all tunnels
gurren service status # Check if service is running
# systemd integration (Linux only)
gurren service install # Install systemd user service
gurren service uninstall # Remove systemd user service
gurren service enable # Enable auto-start on login
gurren service disable # Disable auto-start
# Shell completion
gurren completion bash # Bash completion script
gurren completion zsh # Zsh completion script
gurren completion fish # Fish completion script
gurren completion powershell # PowerShell completion scriptThese flags work with any command:
| Flag | Description |
|---|---|
--config <path> |
Config file path (default: ~/.config/gurren/config.toml) |
-a, --auth <method> |
Auth method: auto, agent, publickey, password (default: auto) |
Gurren looks for config files in this order:
~/.config/gurren/config.toml~/gurren.toml
[auth]
method = "auto" # "auto", "agent", "publickey", or "password"
[[tunnels]]
name = "production-db"
host = "ec2-user@bastion.example.com"
remote = "db.internal:3306"
local = "127.0.0.1:3306"
[[tunnels]]
name = "staging-db"
host = "ec2-user@bastion-staging.example.com"
remote = "db-staging.internal:3306"
local = "127.0.0.1:3307"
[[tunnels]]
# name is optional - derived from host if omitted (becomes "bastion")
host = "bastion"
remote = "redis.internal:6379"
local = "localhost:6379"Gurren supports three SSH authentication methods:
| Method | Description | Priority |
|---|---|---|
agent |
SSH agent (uses SSH_AUTH_SOCK) |
1 (tried first) |
publickey |
Private key files (~/.ssh/id_ed25519, id_ecdsa, id_rsa) |
2 |
password |
Interactive password prompt | 3 (last resort) |
When method = "auto" (default), Gurren tries each method in priority order until one succeeds.
Gurren reads your ~/.ssh/config file and can use any Host entry directly. This means you can reference hosts by their alias instead of specifying full connection details.
For example, if your SSH config contains:
Host bastion
HostName bastion.example.com
User ec2-user
Port 22
You can connect using just the alias:
gurren connect --host bastion --remote db.internal:5432 --local localhost:5432In your config.toml, you can also reference SSH config hosts:
[[tunnels]]
name = "production-db"
host = "bastion" # Uses Host entry from ~/.ssh/config
remote = "db.internal:5432"
local = "localhost:5432"If you omit the name field, Gurren will automatically use the host value as the tunnel name (stripping the user@ prefix if present). Duplicate names are auto-suffixed (e.g., bastion, bastion-2).
On Linux systems with systemd, you can install Gurren as a user service for automatic startup on login.
# Install the systemd user service
gurren service install
# Enable auto-start on login
gurren service enable
# Start the service now (or just reboot/re-login)
systemctl --user start gurrenOnce installed, you can also manage the service directly with systemctl:
# Check status
systemctl --user status gurren
# View logs
journalctl --user -u gurren
# Restart service
systemctl --user restart gurrengurren service uninstall┌─────────────────┐ ┌─────────────────┐
│ gurren (TUI) │ │ gurren ls │
│ │ │ gurren connect│
└────────┬────────┘ └────────┬────────┘
│ Unix socket (JSON) │
└───────────┬───────────┘
▼
┌───────────────────────┐
│ Service │
│ - Manages tunnels │
│ - Tracks state │
│ - Pushes updates │
└───────────────────────┘
- Service runs in the background and manages SSH tunnel lifecycles
- TUI and CLI are clients that communicate with the service via Unix socket
- Tunnels persist after the TUI exits — the service keeps them running
- Status updates are pushed from service to subscribed clients in real-time
- Homebrew formula
- AUR package
- SSH config file (
~/.ssh/config) parsing - systemd user service support
- Host key verification
- Test coverage
See CONTRIBUTING.md for how to help with these.
Contributions are welcome! Please see CONTRIBUTING.md for guidelines.