I'm a freelancer working with different clients with a mix of the technologies you listed (Docker/Kubernetes) and I'm using Tailscale for mostly personal use-cases, so this hits all the right spots.
Up until now I proxied most of my stuff on a macOS client via "SSH Tunnel Manager", which has quite a clunky UI, and whenever I have to reconfigure something there the current feedback of the current connection state isn't always right. I just moved all those settings to XPipe, and it works like a charm.
Previously I also used the same solution for accessing some internal websites via a combination of the SSH tunnels + /etc/hosts entries + header rewrites, which depending on the complexity of the websites sometimes works great and sometimes doesn't at all. With XPipe I was easily able to set up a SOCKS proxy, which I previously gave up on trying to figure out. Paired that with FoxyProxy on Firefox and now all the websites work like a charm!
Great that it works for you. I also struggled a lot with setting up various different types of tunnels initially, especially more complex ones. That was one of the motivations why I started developing it.
Can you expand with more technical explanation how are those two points implemented:
- You can bring your shell environments / init scripts / aliases with you in a noninvasive way. I.e. you don't have to modify the remote system dotfiles, when you connect through xpipe it will set up any scripts you want to have available automatically
- You can link up your password manager with your SSH client and other connection methods that require passwords
Feel free to write here or refer to any url you recommend.
- When XPipe will open a terminal connection and you have specified custom shell environments / init scripts for a certain system, it will first automatically create a temporary init script on the target system in the background, which will be run as the login script only for that terminal launch from XPipe. That way it's noninvasive and doesn't change any existing configuration on the system
- XPipe acts as an askpass program for SSH, meaning that it can listen to any password requests made from the ssh client, forward that your password manager, and reply with the password that the password manager returned. If you password manager supports the SSH-agent, XPipe can also use it to supply keys for ssh as well.
Hey, I just wanted to congratulate you with a very impressive release, the software looks amazing, and I think I will give it a try pretty soon. A question: I see only subscription pricing; is a lifetime licence possible, or a licence like the way jetbrains does it (you pay for version, and maintain the right to keep using the version that was available when the license/subscrition expires, you can re-activate any time).
I'm particularly interested in this "field". I've build something similar many moons ago [1], in the same spirit, but much more primitive. I later started a company around an evolved idea, where the structure you sort of see in your screenshots is effectively a DAG with arbitrary depth (we didn't manage to release it unfortunately, complexity overtook us).
In any case, much congratulations + good luck with the launch!
Thanks! Yes, you can find lifetime licenses on the pricing page further down. A perpetual fallback license model like jetbrains has does not exist yet. But I could look into this in the future.
It's cool to see that there are also other people in that space. And about the complexity, I definitely know what you mean. It took a long while before this approach even worked and also took a while until it was actually stable. One of the main points of consideration whenever I think of adding something is the added complexity, because it's very important for me to keep that as low as possible. Otherwise I will end up with an unmaintainable workload. There were definitely a few interesting features I discarded to keep the application as lean as possible.
Question for the developer: for the Kubernetes integration, I use aws-vault to generate short-lived credentials to authenticate with my clusters (meaning, by default, kubectl doesn't work outside of this context).
Would it be possible to get XPipe to work with this constraint? Couldn't find much in the docs.
Now I don't fully know the details of your setup, but in general XPipe just works on top of your kubectl installation. So it will only work if you could manually connect to your clusters via kubectl in a terminal. But you can always just try it out and see what happens the community version because I can't say that for sure.
Yeah, I'm assuming you're just calling kubectl directly underneath the hood. The way that aws-vault works is that you do something like: `aws-vault exec kubectl ...` or you can just do `aws-vault exec` and drop into a subshell. In both cases, a set of short-lived AWS credentials are exposed via the AWS-defined environment variables to the process (or shell context). The kubeconfig is then configured to handle authentication via AWS (rather than the default certificate method).
So, if you just straight-up call `kubectl` within XPipe without having AWS credentials already available, then it would fail. So, I'm guessing this wouldn't work.
I'm also an aws-vault user and wanted to draw your attention to the fact that kubectl supports exec based credential acquisition (in fact, that's how $(aws eks update-kubeconfig) emits them by default). Now, whether that fits your threat model is a different story, but it's for sure technically possible because I use that setup every day
That is implemented under the assumption that these distros are most of the time used in enterprise contexts. I know that this is not always the case, there is the option to upgrade to a license at no cost to the next tier if you’re only using it for personal use. Just send me an email I can upgrade it for you.
> That is implemented under the assumption that these distros are most of the time used in enterprise contexts.
I've been using OEL since before Rocky was a thing. It was and still is a free alternative to RHEL.
Apart from that, all my planned use of XPipe fits entirely in the Community feature set (maybe apart from Yubikey/GPG agent).
But now I'd need to pay $5 a month just to open a shell? No thanks.
Also, a slight tangent, but charging homelab folks $5/mo is weird. The only profit I'm making with my homelab is negative. And I, as a developer, would much more likely to ask my employer to buy an enterprise license if I actually liked using it at home. Like Tailscale, JetBrains, etc.
Considering the costs of a more serious homelab, I think paying $5 a month for a tool that can save you some time and effort, can be reasonable. Of course only if you see the value for yourself. That value comes from more features than just the shell opener, that is only a part of XPipe.
The community version is pretty extensive in what you can do with it, so I think you can accurately judge whether the homelab plan is worth it for you by using it for a bit.
Where can I find what the "advanced ssh features" are for homelab version? Can't seem to find such details on the website right now..
Thank you for this, it looks amazing. With so many client machines, servers, raspberry pis, tunneling to home, RDP sessions etc etc these days it gets out of hand managing connections. I can't wait to try this. Thank you
On the pricing page, you can find a feature matrix. The advanced SSH features are basically things like smartcard support, custom Pkcs#11 libraries, etc.
Hmm looks interesting but all my servers require openpgp (yubikey with gpg agent support) so I'd have to use the homelab tier. And I'm very adverse to subscriptions.
And I don't think it's available for my os, otherwise I'd try it. But it's ok, I have my own setups for this stuff.
I use BSD. But it's ok, I'm kinda happy with the setup I have. Obviously I'm not really an "out of the box" and "use it like it's meant to be used" kind of person, otherwise I definitely wouldn't have used BSD :)
And the marketshare on desktop is so tiny that there is really no value in supporting it, I understand that.
Yeah I remember that some time ago there was an attempt to make it run on BSD by some BSD users, but that didn't work out as some dependencies like the latest JavaFX version was not available for BSD yet. That is one of the disadvantages when always switching to the latest versions
> Windows enterprise systems are only supported with at least a XPipe Professional license. You can find information about upgrading to a professional license below.
Welp. If I have to choose between XPipe and LTSC, I'm afraid LTSC is gonna win. I have no interest running a version of Windows where Windows Update will randomly decide to brick my install or better yet, add even more Candy Crushes to my start menu.
Are you using the LTSC version on your desktop or also for some of your remote systems? I think if it's only for the desktop, I can fix that as that isn't really intended to be limited to the Professional version. Didn't really test it on an LTSC system so far, so I will look into that
There isn't good support for nested RDP connections, didn't even know that some people used something like this.
But there is very good support for nested shell connections and tunneling RDP over SSH. If your target system isn't reachable directly and require something like a bastion host connection first, you can still connect via RDP if you use SSH tunnels over multiple hops in XPipe.
Hi! Looks like a very interesting tool, as a stubborn cli-only user, I was pleased that there is cli version of this alongside the GUI verison. However, trying to look into the documentation of the cli has left me with a 404 page.
https://docs.xpipe.io/cli/man
Whoops, it seems like some links were not updated yet. That should be just https://docs.xpipe.io/cli
To preface that, the CLI is only very basic. The only real thing you can do with it is launch shell connections. For more advanced usage without the GUI, there is for example the Python API: https://docs.xpipe.io/guide/python-api
The ARM Mac version crashes instantly upon launch with a window reporting a broken pipe error, and attempts to 'report and send diagnostics' gets the same problem.
Well, I tried to try it. I guess I'll just bookmark it and try again at a later date.
On macOS there are still a few reliability problems, mostly caused by misbehaving zsh extensions that I have to work around. I replied to your issue report, I think this should be fixable.
The goal of XPipe is to be connection hub that brings together your tools, not really replace them. For example with RDP and remmina, XPipe has an integration for remmina to launch RDP connections directly, making it easier for you to quickly boot into RDP sessions. Especially when you combine it with the automatic SSH tunneling functionality for RDP that is also included.
For VNC, as the a landscape of tools to integrate is a little bit less populated compared to RDP, XPipe has a built-in VNC client. However, if you still want to use your own VNC client, you can do so using the service tunnel functionality.
Very nice then. I looked through the page and did not saw anywhere mention of any remote desktop technology, but I also did not looked thorough enough.
I fully get that. The reason why it focuses on the subscription model is that is quite difficult to plan ahead with an irregular revenue stream. Everything is financed via bootstrapping, so I can't afford to burn through money or have irregular revenue over time when planning expenses.
I think everyone cares about updates to some degree. Doesn't have to be about big feature updates, just continuous fixes for various small bugs and performance improvements can improve you user experience quite a bit.
If you used XPipe a year ago, it's night and day compared to today in terms of features, stability, and performance.
The homelab and professional editions have lifetime licenses available - I didnt notice them in the pricing section but there’s a link to them in the FAQ
You will own a lifetime license for the software if you choose the lifetime plan.
Everyone has seen it in practice that some companies try to pull a bait and switch by then changing the terms of licenses or simply shutting down the servers when going out of business. Since this is a desktop tool not hosted on any server infrastructure, at least the latter part isn't that much of a risk. You still have to have some trust in me to honor the license terms, but I try my best to build that trust.
There is also an offline license functionality, meaning that if you obtain a lifetime license and request an offline license file, that one will not perform any verification with any online services, so it will work forever without any dependency on some SaaS infra. Anyone interested in that can simply request an offline license, you can find the details on the pricing page. The offline licenses are also often used for usage in air-gapped environments.
Interesting, haven't heard of that before. That is not supported right now, but I can look into it. It also depends how good their CLI works for me to integrate it
There's only one release build which contains all feature implementations, but some of them are locked behind the plans. So to some degree, they are artificial as there isn't currently a separate build for the Homelab and Professional builds.
The only service it relies upon is the licensing server, but if you also don't want to use that to be fully independent, you can request an offline license. You can find the details about that on the pricing page.
Right now, there's no direct import from WinSCP, next best thing where it can import from is Putty
If it worked with Okta ASA (formerly ScaleFT) that would be pretty cool. Be able to auth into Okta and have all the servers registered in ASA presented to you.
Yeah things like Okta are planned to be supported in the long term. Just need to prioritize the different integrations as there are so much tools I can still add support for. And every single integration presents its unique challenges, so these all take some time.
Yeah feel free to open a feature request on GitHub, that way I can keep track easier. You can also make my life much easier if you provide more details on how exactly such an integration could work. Because in practice, many requested integrations are for tools that I have never used before. I have to first figure them out myself and set up proper a testing environment. That part sometimes takes more time than implementing the actual integration itself because some tools are quite difficult to set up (Looking at you, goteleport).
The current KVM integration is actually more formally an integration for libvirt and the virsh command-line tool.
If your hypervisor is supported by libvirt, you should already be able to use it in XPipe.
If it does not support libvirt, then I guess this would need a separate integration. But I would have to look into that first as I have never used these tools you listed.
Well, it would necessitate a dedicated conversation. In my opinion, there are better languages and runtimes available today to create such solutions, such as Go and Rust, to name a couple of the most suitable ones.
I believe Java is no longer an appealing choice for these types of tools, but I still like the project and its development process.
So far I'm happy with the choice. The ecosystem is mature, the build tools (maven/gradle) are solid to build this more complicated project, JavaFX works well enough to realize cross-platform applications, and the performance with modern JIT compilation from GraalVM is good. Currently I'm not missing something important from the tech stack.
Next week, when JDK 24 is released for the general availability, I plan to immediately switch to that as there will be additional performance gains with Project Leyden's AOT compilation and Project Liliput's memory improvements. So I'm positive for the future.
Neither Go nor Rust have a GUI toolkit anywhere close to the capabilities of JavaFX, so in practice such an app would largely be written in JavaScript. If you want to use one language for your desktop app, be portable, and avoid the complexities that come with web development, Java is the best possible choice today (arguably the only choice other than maybe Qt).
That is true, but ideally with XPipe you can do that easier and faster. And with the time and effort you save each month, the few $ per month can be good deal for you.
I'm a freelancer working with different clients with a mix of the technologies you listed (Docker/Kubernetes) and I'm using Tailscale for mostly personal use-cases, so this hits all the right spots.
Up until now I proxied most of my stuff on a macOS client via "SSH Tunnel Manager", which has quite a clunky UI, and whenever I have to reconfigure something there the current feedback of the current connection state isn't always right. I just moved all those settings to XPipe, and it works like a charm.
Previously I also used the same solution for accessing some internal websites via a combination of the SSH tunnels + /etc/hosts entries + header rewrites, which depending on the complexity of the websites sometimes works great and sometimes doesn't at all. With XPipe I was easily able to set up a SOCKS proxy, which I previously gave up on trying to figure out. Paired that with FoxyProxy on Firefox and now all the websites work like a charm!
- You can bring your shell environments / init scripts / aliases with you in a noninvasive way. I.e. you don't have to modify the remote system dotfiles, when you connect through xpipe it will set up any scripts you want to have available automatically
- You can link up your password manager with your SSH client and other connection methods that require passwords
Feel free to write here or refer to any url you recommend.
Thank you, and good luck with your product!
- XPipe acts as an askpass program for SSH, meaning that it can listen to any password requests made from the ssh client, forward that your password manager, and reply with the password that the password manager returned. If you password manager supports the SSH-agent, XPipe can also use it to supply keys for ssh as well.
https://news.ycombinator.com/item?id=40599419 (9 months ago)
https://news.ycombinator.com/item?id=38412162 (2 years ago)
https://news.ycombinator.com/item?id=37186039 (2 years ago)
I'm particularly interested in this "field". I've build something similar many moons ago [1], in the same spirit, but much more primitive. I later started a company around an evolved idea, where the structure you sort of see in your screenshots is effectively a DAG with arbitrary depth (we didn't manage to release it unfortunately, complexity overtook us).
In any case, much congratulations + good luck with the launch!
[1]: https://github.com/raaftech/session
It's cool to see that there are also other people in that space. And about the complexity, I definitely know what you mean. It took a long while before this approach even worked and also took a while until it was actually stable. One of the main points of consideration whenever I think of adding something is the added complexity, because it's very important for me to keep that as low as possible. Otherwise I will end up with an unmaintainable workload. There were definitely a few interesting features I discarded to keep the application as lean as possible.
Would it be possible to get XPipe to work with this constraint? Couldn't find much in the docs.
So, if you just straight-up call `kubectl` within XPipe without having AWS credentials already available, then it would fail. So, I'm guessing this wouldn't work.
By default, it looks like this:
but for us it would look like this:/me blinks. An OS is an OS... so, access to developer licenses for these are Professional use too?
> connections to those systems are only possible starting from the homelab plan: Oracle Linux systems
/me blinks even more ...
I've been using OEL since before Rocky was a thing. It was and still is a free alternative to RHEL.
Apart from that, all my planned use of XPipe fits entirely in the Community feature set (maybe apart from Yubikey/GPG agent).
But now I'd need to pay $5 a month just to open a shell? No thanks.
Also, a slight tangent, but charging homelab folks $5/mo is weird. The only profit I'm making with my homelab is negative. And I, as a developer, would much more likely to ask my employer to buy an enterprise license if I actually liked using it at home. Like Tailscale, JetBrains, etc.
The community version is pretty extensive in what you can do with it, so I think you can accurately judge whether the homelab plan is worth it for you by using it for a bit.
Thank you for this, it looks amazing. With so many client machines, servers, raspberry pis, tunneling to home, RDP sessions etc etc these days it gets out of hand managing connections. I can't wait to try this. Thank you
And I don't think it's available for my os, otherwise I'd try it. But it's ok, I have my own setups for this stuff.
And about adversity to subscriptions, note that you can also obtain lifetime licenses further down the pricing page.
And the marketshare on desktop is so tiny that there is really no value in supporting it, I understand that.
Welp. If I have to choose between XPipe and LTSC, I'm afraid LTSC is gonna win. I have no interest running a version of Windows where Windows Update will randomly decide to brick my install or better yet, add even more Candy Crushes to my start menu.
But there is very good support for nested shell connections and tunneling RDP over SSH. If your target system isn't reachable directly and require something like a bastion host connection first, you can still connect via RDP if you use SSH tunnels over multiple hops in XPipe.
To preface that, the CLI is only very basic. The only real thing you can do with it is launch shell connections. For more advanced usage without the GUI, there is for example the Python API: https://docs.xpipe.io/guide/python-api
Well, I tried to try it. I guess I'll just bookmark it and try again at a later date.
For VNC, as the a landscape of tools to integrate is a little bit less populated compared to RDP, XPipe has a built-in VNC client. However, if you still want to use your own VNC client, you can do so using the service tunnel functionality.
Will try it to see how this work.
Or maybe a license with $70 with two years of updates included and then $10/year afterward.
Or what Jetbrains does and reduce the cost of the subscription over time, but let the users still use their last version after the subscription ends.
If you used XPipe a year ago, it's night and day compared to today in terms of features, stability, and performance.
I'm not really interested in the latter.
Everyone has seen it in practice that some companies try to pull a bait and switch by then changing the terms of licenses or simply shutting down the servers when going out of business. Since this is a desktop tool not hosted on any server infrastructure, at least the latter part isn't that much of a risk. You still have to have some trust in me to honor the license terms, but I try my best to build that trust.
There is also an offline license functionality, meaning that if you obtain a lifetime license and request an offline license file, that one will not perform any verification with any online services, so it will work forever without any dependency on some SaaS infra. Anyone interested in that can simply request an offline license, you can find the details on the pricing page. The offline licenses are also often used for usage in air-gapped environments.
Apptainer?
Can it import my connections from WinSCP?
The only service it relies upon is the licensing server, but if you also don't want to use that to be fully independent, you can request an offline license. You can find the details about that on the pricing page.
Right now, there's no direct import from WinSCP, next best thing where it can import from is Putty
If your hypervisor is supported by libvirt, you should already be able to use it in XPipe.
If it does not support libvirt, then I guess this would need a separate integration. But I would have to look into that first as I have never used these tools you listed.
I believe Java is no longer an appealing choice for these types of tools, but I still like the project and its development process.
Next week, when JDK 24 is released for the general availability, I plan to immediately switch to that as there will be additional performance gains with Project Leyden's AOT compilation and Project Liliput's memory improvements. So I'm positive for the future.
Sure it can be done, but it's not exactly like there are well-established solutions for this.
tbh java is a perfect choice for a tool like this. building it in rust or go would take 10x the time.