Two months ago we laid out a three-phase rollout plan: ship the new React UI on MongoDB, introduce migration tooling, then switch to PostgreSQL. All three phases shipped. v0.22.0, v0.23.0, and v0.24.0 are out — the React frontend is the default interface, PostgreSQL is the default database, and the enterprise architecture was unified along the way. Here's a closer look at what happened.

Highlights

• The rollout plan is complete. Three releases in two months: v0.22.0 (React UI), v0.23.0 (migration tooling), v0.24.0 (PostgreSQL default). Each earned its way to the next.
• Enterprise architecture was unified. Cloud and Enterprise features now build as extensions of the core API binary, not separate services. Deployment is simpler, routing is simpler, and transactions work end-to-end.
• The new UI grew far beyond CE parity. Session recording playback, an encrypted SSH key vault, a migration status dashboard, and a welcome wizard all shipped.

UI: From parity to product

Status: The React UI is now the default at /. The legacy Vue frontend is still available at /v1 but is no longer maintained.

The first edition of this post described a UI that had reached Community Edition feature parity. Since then, the frontend evolved from "everything Vue had" to "things Vue never had."

Secure Vault is a client-side encrypted SSH key store. Keys are encrypted in the browser before they reach the server, and decrypted only at connection time. This means the server never sees your private keys in plaintext — a capability the old UI never offered.

Session recording playback lets you review past terminal sessions as recorded video, with full scrollback and timing preserved. This was an Enterprise feature that existed only as raw data before; now it has a proper player.

Other additions include a welcome onboarding wizard for first-time setups, a migration status page with live progress feedback during the MongoDB-to-PostgreSQL transition, and a namespace creation dialog for Community Edition users.

Under the hood, the entire data-fetching layer was rebuilt. Hand-written API wrappers were replaced with a generated OpenAPI SDK (via hey-api/openapi-ts), and all data fetching now goes through TanStack Query with proper caching, invalidation, and loading states. This alone eliminated entire categories of bugs around stale data and race conditions.

Up next: Now that the major migration is behind us, the focus shifts to polish: fixing rough edges found in production, improving test coverage, and starting work on features that were deferred during the rewrite.

Database: PostgreSQL is the default

Status: PostgreSQL ships as the default database in v0.24.0. The MongoDB-to-PostgreSQL migration pipeline is production-ready with deep validation. Cloud-specific migration is also complete.

The migration story matured significantly. Beyond the store-layer completeness we reported last time, the pipeline now includes:

• Deep field-by-field validation. After migrating data, the system reads from both MongoDB and PostgreSQL, converts to the same entity structs, and compares every field. Eleven comparators cover all tables including junction tables, processing records in batches of a thousand.
• Cloud extension points. The migration framework now supports extension hooks so Cloud and Enterprise editions can register their own migration logic. Cloud-specific data (firewall rules, announcements, licenses, tunnels, billing, invitations, web endpoints) migrates through the same pipeline.
• Live migration status UI. A dedicated page in the new frontend shows real-time progress as data moves from MongoDB to PostgreSQL.
• Edge case handling. Orphaned MongoDB records, BSON type inconsistencies, and schema mismatches are detected and handled rather than silently dropped.

On the store testing side, a new storetest package with YAML fixtures enables the same tests to run against both MongoDB and PostgreSQL. Coverage now includes sessions, tunnels, public keys, namespace cascading deletes, device cascading deletes, and more.

All PostgreSQL migrations (nine for core, nine for cloud) were squashed into single SQL files per edition, making fresh installs clean and fast.

Up next: Performance benchmarking under production workloads, monitoring the migration path for early adopters, and continuing to expand storetest coverage.

Enterprise architecture: one binary

The most significant architectural change this cycle happened on the enterprise side. Previously, Cloud and Enterprise features ran as a separate service alongside the core API. This meant separate containers, separate routing, and the transaction coordination problem we described in the first edition.

Now, enterprise features build as extensions of the core API binary. The API server was extracted into an importable app package. Enterprise code registers additional routes, billing logic, and background workers through an extension system. At runtime, it's a single container serving everything.

This change simplifies deployment (one fewer container to manage), eliminates the routing complexity of having two services behind a gateway, and — most importantly — makes the transaction wrapping we built for PostgreSQL actually work end-to-end. When enterprise code extends a community operation inside a transaction, it's the same connection, the same transaction, the same atomic guarantee.

Releases

Three releases shipped, each with multiple release candidates:

• v0.22.0 — New React UI on MongoDB. The Vue frontend moves to /v1.
• v0.23.0 — Migration tooling: the MongoDB-to-PostgreSQL pipeline with deep validation and live status UI. Four release candidates.
• v0.24.0 — PostgreSQL as the default database. Fresh installs skip MongoDB entirely.

Other updates

• Go 1.25. The entire backend was bumped from Go 1.24 to 1.25.8, and golangci-lint from v2.1.6 to v2.11.3.
• Agent improvements. Keepalive handling was fixed (agent now sets WantReply=true), PTY window change deadlocks were resolved with a drain pattern, and the standalone runc dependency was replaced with a native static binary.
• WebSocket stability. Race conditions in the WebSocket adapter were fixed with sync.Once and concurrency-safe ping handling.
• OpenAPI spec. Missing fields, required annotations, and the X-Total-Count header were added to all paginated endpoints. The spec is now served dynamically based on edition (community vs. enterprise).
• License enforcement at SSH connection time. Device limits are now checked when an SSH connection is established, not just at registration.
• CI improvements. A multi-agent PR review workflow, cross-repo enterprise validation, and a verify-fix workflow for TDD-style PRs were added.

AI as a force multiplier

Last edition we described AI-assisted development in general terms. Two months in, some patterns have sharpened.

The storetest package is a good example. Writing YAML fixture files, comparator functions, and test cases across eleven entity types is precisely the kind of work where AI shines: repetitive enough to benefit from generation, specific enough to need human review. The pattern was designed by hand, the first comparator was written by hand, and then AI helped replicate it across the remaining ten — each one reviewed and adjusted.

The OpenAPI SDK migration followed a similar pattern. Replacing dozens of hand-written API wrappers with generated code required touching nearly every data-fetching call in the frontend. AI handled the mechanical translation while we focused on the TanStack Query integration patterns and cache invalidation strategy.

The enterprise unification was the opposite: almost entirely human-driven. Architectural decisions about how extensions register, how billing is injected, and how routing is simplified required understanding the full system. AI contributed to code review and catching inconsistencies, but the design was human.

The takeaway: AI is most valuable when the pattern is clear and the volume is high. It's least valuable when the work is fundamentally about design decisions. Knowing where each tool fits is what makes a small team productive.

Get involved

ShellHub is open source and we welcome contributions at any level: code, bug reports, documentation, or just feedback.

• Join the discussion
• Star us on GitHub

Would you trust remote access to your device fleet to a tool that doesn’t adapt to your operational reality?

Most technical leaders face a difficult choice: accept the rigidity of an off-the-shelf solution that doesn’t meet compliance requirements, or build something from scratch and drown in complexity. ShellHub breaks this false dichotomy.

With Community, Cloud, and Enterprise (Managed or Self-Hosted), you don’t choose between capability and control. You choose the operational model that best aligns with your security, compliance, and scalability needs.

Understanding this distinction is what separates a fragile remote access setup from a resilient, modern, secure architecture.

Community: The Open Source Foundation for Teams with Technical Control

ShellHub Community is the open-source foundation of the platform. By design, it is self-hosted and delivers the essential capabilities for secure SSH access to distributed devices.

It’s ideal for small teams or development environments where you have the in-house expertise to independently manage infrastructure. Support comes from the community and official documentation. You are responsible for deployment, maintenance, availability, and scalability.

Community delivers essential remote access, with full technical autonomy.

Enterprise: Advanced Capabilities with Deployment Flexibility

Enterprise introduces advanced security, compliance, and fleet management capabilities.

The Enterprise line delivers real flexibility: Self-Hosted or Managed.

The advanced feature set is identical in both models. The difference lies in who operates the infrastructure.

This means you choose the deployment model based on compliance requirements, operational capacity, and business strategy, without sacrificing any critical capabilities. The tool adapts to your reality, not the other way around.

ShellHub Cloud: Secure SaaS Without Infrastructure Overhead

ShellHub Cloud completely eliminates the need to provision, configure, or maintain servers. It’s the right choice for teams that want to get started in minutes or for those looking for a proof-of-concept validation.

You create an account, connect your devices, and immediately gain access to the full power of the Enterprise resources, fully operated by the ShellHub team.

It’s ideal for organizations that prioritize time-to-value and prefer to offload operational complexity so they can focus on their core business. The infrastructure is transparently managed, monitored, and scaled. You simply consume the service.

Architectural Difference: Basic Remote Access vs. Hermetic Access Tunnels

The architectural foundation of ShellHub Enterprise — whether Self-Hosted or Cloud — is built on a secure access model with Hermetic Access Tunnels.

Devices:

• Do not expose inbound ports
• Do not require VPN concentrators
• Establish outbound, mutually authenticated connections

Every access request is authenticated and authorized before a session is established.

This architecture is consistent across Community, Enterprise, and Cloud.

The difference is not in how access works. It’s in who operates and maintains the control plane.

Community provides secure remote access.

Enterprise and Cloud delivers a hardened, compliance-ready secure architecture designed for production fleets.

The Main Difference Is in the Operating Model

Community provides the essentials for teams with full technical autonomy.

Enterprise delivers advanced features with absolute control over infrastructure and data residency.

Cloud is the fastest entry point into Enterprise-grade capabilities, operated entirely as a service.

The progression is natural:

• Start with the Community or Cloud to validate
• Move to Enterprise Managed to scale quickly
• Adopt Enterprise Self-Hosted if compliance or sovereignty requirements demand full control from day one

The core technology remains the same across all models.

Choosing Based on Three Variables: Control, Speed, and Capacity

The right choice depends on three variables:

1. Control

If you require strict data sovereignty, internal hosting policies, or regulatory compliance that mandates on-prem infrastructure, Enterprise Self-Hosted is the logical path.

2. Speed

If rapid deployment and immediate operational readiness are priorities, Cloud provides the fastest route to production.

3. Operational Capacity

If you have a strong infrastructure team and want full lifecycle control, an Enterprise Self-Hosted license makes sense.

If you prefer to delegate availability, scaling, and monitoring, the Enterprise Managed license reduces operational overhead.

If you’re validating the solution in a controlled environment with internal expertise, Community is the natural starting point.

If you're looking for a Self-Service SaaS for a small fleet of devices, Cloud is the best choice.

Note: the decision is not permanent! The architecture supports migration between models as your maturity and requirements evolve.

Advanced Security and Governance (Enterprise & Cloud)

Enterprise capabilities — available in both Self-Hosted and Cloud — include:

• Multi-Factor Authentication (MFA)
• Single Sign-On (SSO) integration
• Role-Based Access Control (RBAC)
• Advanced firewall rules
• Full session recording
• Immutable audit trails
• REST API and webhooks
• LDAP / Active Directory synchronization
• SIEM integration

These capabilities support compliance initiatives such as SOC 2 and ISO 27001 and enable incident investigation, traceability, and governance at scale.

Cost Model and ROI Perspective

• Community: Free (infrastructure and operations are your responsibility)
• Cloud: Subscription-based, including infrastructure, monitoring, support, and SLA guarantees
• Enterprise:
  • Managed: Device tier licensing, infrastructure, and operations on our side.
  • Self-hosted: Device tier licensing only (infrastructure and operations are your responsibility)

ROI should be evaluated not just in licensing cost, but in:

• Reduced security exposure
• Elimination of VPN complexity
• Lower operational overhead
• Faster incident response
• Simplified compliance audits

Conclusion

Traditional tools force you to choose between what’s good for the business and what’s manageable operationally.

ShellHub inverts that model.

It provides the same technological foundation across three deployment models that adapt to your context:

• Community for technical autonomy
• Enterprise for full infrastructure and data control
• Cloud for maximum speed and zero operational friction

The real question is not “Which tool should I use?” It’s:

“Which operational model solves my problem today without forcing compromises that don’t make sense?”

Your infrastructure has nuances. Your remote access platform should, too.

Next Step

Still unsure which deployment model fits your architecture or compliance requirements?

👉 Talk to our engineering team: https://shellhub.io/contact

👉 Request a free Enterprise trial: https://shellhub.io/free-trial

Evaluate the full platform with no commitment required.

This is the first edition of Inside ShellHub, a monthly update on what we're building, why, and where we're headed. If you use ShellHub, contribute to it, or just watch from the sidelines, this is for you.

Since this is the first one, we're catching up on everything that happened since the beginning of the year. Going forward, expect one of these every month.

ShellHub is going through two major refactoring efforts that will shape the project for years. Here's where we stand.

Highlights

• New React-based UI is merged to master and will ship in the next Community Edition release. The legacy Vue frontend is frozen.
• PostgreSQL store is feature-complete at the store layer. More than a hundred methods implemented. The database migration will ship in a later CE release after the new UI stabilizes.
• We're rolling out changes in phases, starting with the Community Edition. Cloud and Enterprise editions will follow once the CE is stable.

UI: Vue → React

Status: Dozens of pages and components. Full CE feature parity. Merged to master, shipping in the next release.

The original ShellHub frontend is a Vue 3 app with more than a hundred components built over several years. It works, but the codebase accumulated complexity that made changes increasingly expensive. We decided to rebuild the UI from scratch in React with TypeScript, using a design system shared across apps.

The new frontend is now merged to master and covers all Community Edition functionality: devices, sessions, public keys, team management, setup, and terminal access. The next ShellHub release will be a CE-only release focused entirely on shipping this new UI, still backed by the existing MongoDB database. This lets us collect real-world feedback, fix bugs, and iterate before introducing more changes.

Some highlights compared to the previous Vue frontend:

• No more Vuetify lock-in. The old UI was tied to Material Design through Vuetify. The new one uses Tailwind CSS with a custom design system, giving us full control over styling without fighting a component library.
• Shared design system as a workspace package. Colors, typography, animations, and reusable components live in a separate package, ready to be shared across apps.
• Multi-session terminal. The old terminal opened one SSH session in a modal dialog. The new one supports multiple concurrent sessions with a taskbar, minimize, restore, and fullscreen.
• Better terminal error handling. Connection failures, expired sessions, and network drops show inline banners with clear messages instead of silently failing.

Up next: Ship the CE release, collect feedback, fix what needs fixing, and expand test coverage.

Database: MongoDB → PostgreSQL

Status: Community Edition store is feature-complete. Cloud and Enterprise stores are still in progress.

ShellHub has used MongoDB since its inception. As the data model grew (namespaces, memberships, invitations, sessions, API keys) we kept hitting the same friction: data that is inherently relational stored in a document database. Transactions, joins, referential integrity, schema enforcement. We were reimplementing all of this in application code instead of letting the database handle it.

The Community Edition PostgreSQL store is now feature-complete. Every method across more than a dozen store interfaces has a working implementation. The Cloud and Enterprise editions still have significant work ahead.

One architectural change worth calling out: the way the Enterprise Edition extends the Community store. With MongoDB, the enterprise store accessed the same database but couldn't coordinate transactions with community code—each side managed its own sessions independently. With PostgreSQL, the enterprise store wraps the community store and shares the same connection. Transactions are passed through context, so when a community operation starts a transaction, enterprise code called within it automatically participates in the same transaction. This means operations that span both editions are now truly atomic.

The database migration will not ship in the first CE release. The plan is deliberate: first we release the new UI on the existing database, let it stabilize, and only then introduce the PostgreSQL switchover in a subsequent CE release. This way we never change two critical layers at the same time.

Up next: Continue the Cloud and Enterprise store migration, expand test coverage, benchmark performance against MongoDB on real workloads, and prepare the switchover path for existing deployments.

Rollout plan

We're taking a phased approach to minimize risk:

Each phase needs to earn its way to the next one. We're not rushing.

AI as a force multiplier

ShellHub's core team is small. Two major rewrites running in parallel would normally require a much larger team or a much longer timeline. What changed the equation for us is AI-assisted development.

We use AI coding tools daily across both migration fronts. Writing store methods, porting components, generating test suites, reviewing architectural decisions, drafting migrations. It does not replace engineering judgment, but it compresses the time between "I know what to build" and "it's built and tested."

Some concrete examples from this month:

• PostgreSQL store methods. More than a hundred methods across dozens of interfaces. AI helped scaffold implementations, write test cases, and catch edge cases in query logic. What would take a full day often took a couple of hours.
• React components. Porting UI from Vue to React involves understanding existing behavior, translating idioms, and adapting to a different state management model. AI handles the mechanical translation while we focus on design decisions and UX improvements.
• Code review and refactoring. Having an AI pair that can read the entire codebase and flag inconsistencies, suggest simplifications, or spot potential bugs before they ship has been invaluable.

This is not about replacing developers. It's about a small team punching above its weight. We're shipping work that would traditionally require three or four times the headcount, and we're doing it without cutting corners on quality or test coverage.

We plan to share more about our AI-assisted workflow in future editions as we learn what works and what doesn't.

What's next

March will focus on preparing the next CE release with the new React UI. We'll be expanding test coverage, fixing issues found during internal testing, and making sure the upgrade path is smooth for existing installations. On the database side, work continues on the storetest suite and performance benchmarking.

Get involved

ShellHub is open source and we welcome contributions at any level: code, bug reports, documentation, or just feedback.

• Good first issues
• Join the discussion
• Star us on GitHub

The Challenge

An agritech company specializing in smart agricultural equipment struggled with frequent on-site interventions to diagnose issues in its embedded Linux devices.

Technical challenges:

• Devices based on Yocto Project, deployed in remote rural areas.
• 4G connectivity with strict NAT and no fixed IP.
• Remote access was manually configured per device via VPN and SSH tunnels.

Business impact:

• Each service call averaged 4 hours of engineer time.
• High operational costs and delayed support.
• Compromised service-level agreements (SLAs) with customers.

The Solution: ShellHub

To streamline remote access and remove manual setup, the company adopted the ShellHub Enterprise Managed version.

Technical implementation:

• Embedded the ShellHub agent into the Yocto build.
• Created regional namespaces for organized fleet management.
• Configured public key authentication and firewall rules for security and traceability.

Measurable Results

Highlights:

• 80% of support cases are now resolved remotely.
• Zero need for local firewall or port reconfiguration.

Takeaways

• ShellHub removes the need for custom VPN configurations.
• Namespaces help organize fleets by region or team.
• Yocto Project integration makes deployment scalable and automated.

Next Steps

The company is now exploring the integration of UpdateHub to handle secure, over-the-air firmware updates in the field, expanding its remote management capabilities.

Want similar results?

Request your free ShellHub trial or contact our sales team: comercial@ossystems.com.br

The Challenge

An aerospace company specializing in autonomous drones for spraying and sanitizing faced critical challenges in managing and maintaining its embedded Linux systems remotely.

Technical challenges:

• Drones equipped with embedded Linux, connected via unstable 4G/5G networks.
• Devices constantly operating in remote or dynamic environments (fields, urban areas, industrial zones).
• The need for secure, real-time support access during live missions.

Business impact:

• Operational delays due to unresolvable in-field issues.
• High costs due to drone recalls for maintenance.
• Lack of visibility and auditability over remote technician access.

The Solution: ShellHub

The company deployed ShellHub to enable fast, secure, and low-latency access to all drones, even in areas with strict network configurations.

Implementation highlights:

• ShellHub agent embedded into the drones’ custom Linux build.
• Connection through port 443, bypassing most firewalls and NAT issues.
• Use of namespaces and geolocation-based dynamic tags for mission-specific fleet management.

Measurable Results

Highlights:

• Reliable remote access even with unstable mobile networks.
• Real-time failure resolution without mission interruption.
• Full auditability and security policy compliance.

Takeaways

• ShellHub adapts seamlessly to mobile, distributed environments like drone fleets.
• WebSocket over HTTPS ensures consistent connectivity in unreliable network conditions.
• Public-key-based access and audit logs meet aerospace-grade compliance requirements.

Next Steps

The company is testing UpdateHub to perform secure, automated OTA firmware updates, with rollback, reducing the need for device recall or physical access.

Operate field-based or mobile Linux devices?

Start your free trial of ShellHub
or contact our team: comercial@ossystems.com.br

The Challenge

A European company specializing in critical data storage and management for the healthcare sector needed to meet the stringent security and compliance requirements of a major hospital client.

Key technical challenges:

• Providing secure, auditable remote access to servers and storage devices in hospital environments.
• Meeting GDPR and strict hospital data protection standards.
• Avoiding public/shared cloud environments for remote operations.
• Ensuring full control over data and access routes.

Business impact:

• Without a secure solution, timely technical support would be impossible.
• Non-compliance risks threatened critical business contracts.
• High pressure to deliver a remote access solution without compromising security.

The Solution: ShellHub Enterprise Managed

The company implemented the An isolated Managed version of ShellHub, deploying a dedicated ShellHub server located in Europe, ensuring compliance and secure operations.

Practical implementation:

• Dedicated ShellHub server hosted in a GDPR-compliant European data center.
• Encrypted WebSocket over HTTPS (port 443) for secure communications — no open SSH ports required.
• An isolated namespace exclusively for the hospital client.
• Public key authentication and detailed access logs with integrity checks.

Measurable Results

Highlights:

• Fully controlled and auditable remote access.
• Complete compliance with hospital data protection and GDPR requirements.
• Over 90% reduction in response times.

Takeaways

• ShellHub Managed is ideal for customers needing dedicated servers for strict compliance.
• Operating through port 443 and WebSocket improves compatibility with restricted corporate networks.
• Full access traceability greatly simplifies audits and certifications in healthcare environments.

Next Steps

The company is expanding its ShellHub Enterprise Managed usage to support additional healthcare contracts and plans to integrate UpdateHub for secure, auditable device updates.

Need compliant and secure remote access for critical environments?

Claim your free trial
or contact our team: comercial@ossystems.com.br

The Challenge

A global industrial leader specializing in embedded electronic devices faced major challenges during the development and testing phases on its production lines:

Key technical challenges:

• Need for fast and secure remote access to thousands of devices during development and pre-certification stages.
• Highly restricted, segmented production networks hindered traditional remote connections.
• After certification (homologation), devices could no longer retain any form of remote access due to security and regulatory compliance.

Business impact:

• Slow cycles of development and debugging for new devices.
• Production bottlenecks caused by limited remote diagnostic capabilities.
• Increased risk of delays in new product launches.

The Solution: ShellHub Enterprise Managed

The company deployed ShellHub Enterprise Managed to streamline controlled remote access to devices until the certification phase.

Although the ShellHub Cloud offering would technically meet the company’s operational needs, internal security policies required a fully isolated environment. For this reason, the company chose ShellHub Enterprise Managed, which provides a dedicated, single-tenant infrastructure — an exclusive machine per customer — rather than a shared managed server environment.

This approach allowed them to maintain strict compliance with internal security requirements while avoiding the operational burden of managing their own infrastructure.

Implementation highlights:

• ShellHub agent embedded only in pre-certified firmware builds.
• Centralized WebSocket-over-HTTPS access (port 443) — no network changes required.
• Automated policies to remove the ShellHub agent as part of the final certification process.

Measurable Results

Highlights:

• Significant acceleration of mass testing and adjustments.
• No impact on device certifications thanks to automated removal of remote access capabilities.
• Lower operational costs and increased production capacity.

Takeaways

• ShellHub can be used temporarily and strategically to speed up development without compromising post-certification security.
• Automating agent installation and removal is key in certified industrial environments.
• Using namespaces and granular access policies optimizes support across massive production lines.

Next Steps

The company plans to expand ShellHub usage to additional development areas, including not only industrial production lines but also the development of consumer electronics, maintaining agility across diverse product development and testing cycles.

Want to speed up device development without risking compliance?

Try ShellHub for free or contact our team: comercial@ossystems.com.br

The Challenge

A telecommunications company managing routers, modems, and distributed gateways faced recurring challenges in maintaining and supporting its Linux-based devices remotely.

Key technical hurdles:

• A large fleet of devices deployed in homes, base stations, and data centers.
• Most devices are behind NAT or firewalls, without public IPs.
• Remote access was handled manually through VPNs or on-site support, inefficient and costly.

Business impact:

• High demand for technical support with slow resolution cycles.
• Overburdened infrastructure team handling individual device access.
• Scalability limitations without compromising security.

The Solution: ShellHub

The company implemented ShellHub Enterprise Managed as a centralized platform for remote access, replacing VPNs and enabling secure, scalable device management.

Implementation details:

• Embedded the ShellHub agent into the default system image.
• Used namespaces to organize devices by customer, region, or service type.
• Enabled public key authentication, audit logs, and granular access control.

Measurable Results

Highlights:

• Significantly faster troubleshooting.
• Standardized and scalable support infrastructure.
• Enhanced traceability and security across teams.

Takeaways

• ShellHub provides seamless remote access without requiring public IPs or port forwarding.
• Namespaces accelerate team productivity when managing large device fleets.
• Built-in audit logs and key-based access improve compliance and control.

Next Steps

The company is currently piloting UpdateHub to securely deploy OTA updates across all devices, further enhancing its remote device lifecycle management.

Want to scale support without scaling your infrastructure?

Try ShellHub for free
or contact our team at comercial@ossystems.com.br

The ShellHub API allows you to programmatically interact with your devices, users, and sessions. If you’re comfortable with the command line and want a quick way to explore what the API can do, using a simple Shell Script is a great starting point.

In this guide, we’ll show how to authenticate with an API Key and fetch your list of devices.

Prerequisites

• A ShellHub account
• A valid API Key (Learn how to generate one here)
• curl and jq installed on your system

Tip: Storing your API Key in an environment variable is a safer practice than hardcoding it into scripts.

Example Script

Here’s a minimal script to get started:

#!/bin/bash

# ShellHub API URL
API_URL="https://cloud.shellhub.io/api"

# Your API Key stored in an environment variable
API_KEY="${SHELLHUB_API_KEY}"

# Fetch devices
echo "Fetching devices..."
curl -s -X GET "$API_URL/devices" \
  -H "X-API-Key: $API_KEY" \
  -H "Content-Type: application/json" | jq

This script will retrieve and list all devices in your namespace.

Next Steps

This is just the beginning. With the ShellHub API, you can:

• Create and manage sessions
• Add or remove devices
• Automate workflows and integrations

Check out the full ShellHub API documentation to discover all available endpoints and start building your own integrations.

Recently, Brazilian tech creator SlackJeff published a video exploring ShellHub Enterprise, highlighting how the platform simplifies remote access and management of Linux-based devices.

What stood out in his demonstration isn’t just the features themselves, but the tangible benefits they bring to companies that need to scale securely, remain compliant, and optimize operations.

Centralized Access: From Complexity to Efficiency

Traditionally, granting remote access meant juggling VPNs, IP addresses, and countless manual configs. ShellHub eliminates this by centralizing all connections: every device is uniquely identified and accessible through a unified platform.

Corporate benefit: IT teams save time, reduce errors, and ensure consistent policies across the entire fleet, whether managing 50 or 5,000 devices.

Clear User and Team Management

Namespaces, user roles, and granular permissions allow companies to organize devices by project, client, or business unit.

Corporate benefit: This ensures better governance, avoiding shadow IT, and guaranteeing that every engineer only has access to what they need.

Security and Compliance Made Simple

With built-in firewall rules, audit logs, and session recording, ShellHub strengthens the company’s security posture without complex setup.

Corporate benefit: Easy-to-use compliance tools help companies meet standards like ISO 27001 and Data protection, crucial in industries such as healthcare, finance, and aerospace.

Accelerating Delivery with Web Endpoints

ShellHub makes it easy to securely expose device services over HTTPS, complete with SSL certificates, without manual network adjustments.

Corporate benefit: Teams can share prototypes with clients, run internal demos, or test services remotely, accelerating time-to-market and improving collaboration.

Why Companies Choose ShellHub

SlackJeff’s video highlights how intuitive ShellHub is for developers. But for companies, the platform represents much more:

✅ Lower operational costs by eliminating VPN and manual maintenance overhead

✅ Increased productivity with faster, frictionless access to devices

✅ Stronger security posture through centralized control and auditing

✅ Scalable governance to manage distributed teams and diverse projects

We loved seeing SlackJeff explore ShellHub in action. His video shows how the platform helps developers, and when scaled to a corporate context, the impact multiplies.

Watch SlackJeff’s full video here: YouTube
Request a free trial of ShellHub Enterprise for your company and see how it can transform your remote device management.

When it comes to managing embedded devices and Linux servers, the terminal remains the developer’s tool of choice. Whether you’re debugging IoT fleets, pushing updates to edge devices, or supporting remote infrastructure, you need fast, secure, and flexible access.

ShellHub was built to modernize remote terminal access without compromising the workflows developers love. In this article, we’ll explore the two primary ways you can connect to your devices using ShellHub and why having both options makes your operations more efficient.

Why the Terminal Still Matters

The terminal gives you:
✅ Fine-grained control over systems
✅ The ability to automate with scripts
✅ Lightweight remote management without graphical overhead
✅ Portability across environments

But accessing remote terminals securely, especially behind NAT and firewalls, is complex. ShellHub solves this by providing a secure, centralized platform to connect to any registered device.

Two Ways to Access Terminals in ShellHub

ShellHub offers two complementary methods:

1) Web Terminal Overview

Use your browser to open a fully interactive terminal session, no extra tools required.

How It Works

• Log in to the ShellHub Cloud dashboard.
• Navigate to Devices.
• Select the device you want to manage.
• Click the Terminal icon.
• A secure terminal opens in your browser.

When to Use It

• Quick troubleshooting or support tasks.
• When you don’t have your SSH keys handy.
• Providing secure access to colleagues without requiring them to install SSH clients.

Benefits

✅ Zero configuration.
✅ Encrypted TLS session.
✅ Centralized session logs and audit trail.

2) SSH Client Access Overview

Prefer your own terminal and tooling? ShellHub lets you connect via SSH as you normally would.

How It Works

• Log in to the ShellHub dashboard.
• Find the device you wish to access.
• Copy the SSH command ShellHub provides
• Paste the command into your terminal.
• Authenticate with your SSH key or credentials.

When to Use It

• Automating workflows or scripts.
• Running intensive terminal sessions.
• Integrating with DevOps pipelines.

Benefits

✅ Native SSH experience.
✅ No changes to your existing workflows.
✅ Secure and auditable connections.

Feature Comparison

Here’s a quick side-by-side view:

Flexible Access, Same Peace of Mind

No matter how you prefer to work, ShellHub ensures that:

• All sessions are secure and logged.
• Device connectivity works even behind NAT and firewalls.
• You can manage devices at scale with ease.

Ready to experience modern remote terminal access?

? Try ShellHub for free and see how it can simplify your operations.

From embedded engineers to DevOps teams, developers have long relied on the terminal as their daily interface with machines. Whether you’re deploying firmware, managing fleets of IoT devices, or administering Linux servers, the terminal provides a direct, efficient, and powerful way to get work done.

In this article, we’ll explore why the terminal is such an essential tool and how ShellHub helps you take that power even further with secure, centralized remote access to your devices.

The Terminal: A Developer’s Superpower

Unlike graphical interfaces, the terminal offers:

• Speed and automation:
  Execute complex operations in seconds with simple commands or shell scripts.
• Fine-grained control:
  Access low-level system capabilities and configuration that GUIs often hide.
• Portability:
  Scripts and workflows are easy to share across development environments, CI/CD pipelines, and production infrastructure.
• Efficiency at scale:
  Whether you manage 10 devices or 10,000, the terminal lets you orchestrate them with minimal overhead.

This is why professionals in embedded systems, cloud infrastructure, and security rely on terminal workflows daily.

But There’s a Challenge: Secure Remote Access at Scale

While the terminal is powerful, connecting securely to distributed devices introduces real complexity:

• Firewall and NAT traversal:
  Many devices are behind NAT or firewalls, making direct SSH connections unreliable.
• Credential management:
  Managing SSH keys or passwords across hundreds or thousands of endpoints quickly becomes a security liability.
• Audit and compliance:
  Organizations need to log and monitor sessions for security, but native SSH lacks built-in visibility.
• User management:
  Onboarding and revoking access for collaborators and teams is time-consuming.

That’s where ShellHub comes in.

ShellHub: Modernizing Remote Terminal Access

ShellHub is a cloud-native solution that makes it effortless to access and control all your devices remotely through a simple, secure web interface or terminal client.

Here’s how ShellHub addresses common pain points:

✅ No network reconfiguration required
Devices establish outbound connections to ShellHub, enabling you to connect even if they’re behind a NAT or firewall.

✅ Centralized access control
Manage who can access which devices with fine-grained permissions and team-based roles.

✅ Secure by design
All communication is encrypted end-to-end. You no longer need to manually distribute SSH keys or open ports.

✅ Auditing and session recording
ShellHub logs all connection activity for compliance and troubleshooting.

✅ Unified experience
Connect via your web browser or traditional SSH client, your terminal workflows remain intact.

Real-World Use Cases

ShellHub is trusted by:

• Embedded systems teams who need to debug and update devices deployed in the field.
• IoT solution providers manage thousands of endpoints globally.
• DevOps and SREs orchestrating remote Linux servers at scale.
• Manufacturers are simplifying maintenance and customer support for their connected products.

Bring Your Terminal to the Cloud Without Sacrificing Control

The terminal will always be at the heart of efficient, professional development and operations. ShellHub simply makes it accessible, manageable, and secure, so you can focus on building great products instead of wrestling with connectivity.

Ready to experience modern remote access?

? Get started with ShellHub for free and see how it transforms your workflow.

In today’s world of distributed infrastructure and connected devices, remote access is no longer a luxury; it’s a necessity. And with that necessity comes risk: industrial systems, healthcare, finance, and critical infrastructure all face growing security and compliance pressures.

That’s where Session Recording becomes essential.

ShellHub’s Session Recording feature, available in Cloud and Enterprise editions, helps organizations maintain visibility, accountability, and compliance across their remote access operations.

What Is Session Recording?

Session recording allows you to capture and store the full terminal activity of remote sessions, including every command typed, every action taken, and the session’s duration.

It’s like having a time-stamped, replayable log of every support or engineering session performed via ShellHub.

Why It Matters, Now More Than Ever

1. Auditability for Compliance

Many industries must adhere to strict regulations (e.g., ISO 27001, HIPAA, GDPR, SOX) that require:

• Proof of who accessed what
• When the access occurred
• What actions were taken

With session recording, you get a tamper-proof, time-stamped trail that simplifies audits and regulatory reporting.

2. Security Incident Forensics

In case of a breach, misconfiguration, or suspicious behavior, recorded sessions provide clear evidence to:

• Understand what went wrong
• Reconstruct attacker behavior or human error
• Accelerate root cause analysis and incident response

No more guessing what happened in the terminal, you’ll have full visibility.

3. Internal Accountability and Oversight

Even trusted engineers can make mistakes. Session recording:

• Deters careless or malicious activity
• Encourages best practices during remote troubleshooting
• Helps team leads and managers review critical interventions without micromanaging

4. Training and Knowledge Transfer

Want to show junior engineers how to run a device fix or troubleshoot an issue?

Use past recorded sessions as real-world, hands-on training materials; no need to recreate walkthroughs manually.

5. Client Transparency in Managed Services

If you offer device management as a service, being able to prove exactly what your team did (and didn’t do) adds a powerful layer of trust.

Session recording becomes part of your service-level documentation.

What Makes ShellHub’s Session Recording Different?

ShellHub integrates session recording seamlessly into its remote access platform:

• No extra agents or third-party software
• Securely stored and encrypted
• Easily filterable by namespace, user, or time range
• Integrated with access control and audit logs
• Works in Cloud or private Enterprise deployments

The Bottom Line

In a world where remote access is essential, visibility and accountability are non-negotiable.

With ShellHub’s Session Recording, you gain the ability to:

• Trust your team’s access
• Prove your compliance
• Respond faster when things go wrong

Ready to take remote access auditing to the next level?

? Check ShellHub Docs to activate Session Recording
? Learn how ShellHub Enterprise can help you meet compliance and security demands without complexity.

There was a time when accessing a remote machine felt like a mini project.

Setting up a VPN.
Opening the right port.
Configuring firewall rules.
Copying IPs, toggling SSH configs, and hoping nothing breaks in production.
Just to get a terminal on one device.

If you're a developer who’s been around long enough, you remember those days. And you probably don’t miss them.

But here’s the catch: back then, you were dealing with one or maybe ten devices. Today, you're dealing with hundreds, sometimes thousands.

Remote Access, Reinvented for Scale

Modern development teams are expected to manage fleets of devices across multiple networks, locations, and environments:

• Edge gateways deployed in remote factories
• IoT devices out in the field
• Embedded boards on production lines
• Containers and VMs across cloud and on-prem setups

In this world, remote access has to scale. It has to be fast, secure, and let’s be honest, usable.

That’s where ShellHub comes in.

ShellHub: Made by Developers, for Developers

ShellHub was built from the ground up by people who’ve lived the complexity of embedded and remote device access. It reflects the mindset of developers who want to spend less time configuring and more time building.

And that vision is even more visible in the latest release, v0.19.0, which brings important UX improvements across the board:

Better Experience, Smoother Workflow

• Migrated to Vue’s new <script setup> syntax for better maintainability
• Refactored layout logic to reduce friction and navigation lag
• Improved session list view: faster to load, easier to manage
• Notification system overhaul with smarter feedback when actions succeed or fail

This isn’t just UI polish, it’s workflow-aware design that speeds up how you interact with your devices.

Managing More Devices Than Ever

Let’s face it: modern dev and DevOps teams are juggling more endpoints than ever before. ShellHub helps you:

• Instantly access any device — no IPs, no firewalls, no VPNs
• See your entire fleet organized by namespaces and tags
• Control access with key-based authentication and audit logs
• Connect securely via HTTPS (port 443) — even in NAT’d environments

The platform abstracts all the painful parts of device access so your team can focus on testing, debugging, and deploying, not babysitting tunnels and terminals.

Why UX Matters for Remote Access

It’s not just about pretty screens. A good developer experience means:

• Less time navigating UI, more time solving real problems
• Intuitive workflows that reduce human error
• Faster onboarding for new team members
• Fewer distractions, especially when you’re under pressure to ship

ShellHub’s UX updates aren’t bells and whistles. They’re about getting out of your way so you can do your job.

No More Friction. Just Access.

The days of over-engineering your remote access stack are over. ShellHub gives developers a tool that:

• Scales with your device count
• Works across complex networks
• Feels like it was built by people who’ve been in the trenches, because it was

Ready to skip the config and get to the code?

? Start your free trial of ShellHub
? Or check out what’s new in ShellHub v0.19.0

In today’s fast-evolving landscape of connected devices, container technology plays a crucial role, especially for solutions like ShellHub, which rely on lightweight, secure deployments to enable remote access at scale.

With version v0.19.0, ShellHub now officially supports Podman as an alternative to Docker, and this isn’t just a minor compatibility tweak. For many teams managing embedded, industrial, or enterprise systems, Podman unlocks new flexibility and infrastructure alignment.

Let’s break down why this support matters — even if rootless containers aren’t supported (yet).

Container Runtime Flexibility = Smoother Integration

By supporting Podman, ShellHub can now be deployed in environments where Docker isn’t available, allowed, or preferred. This includes:

• Enterprises standardizing on Red Hat or Fedora ecosystems
• Secure environments that avoid long-running Docker daemons
• Infrastructures that rely on systemd-native workflows

Whether you’re working with edge devices, embedded Linux, or private infrastructure, Podman support allows ShellHub to fit your deployment strategy instead of forcing changes to it.

Seamless Integration with systemd

Podman integrates directly with systemd, unlike Docker. That means ShellHub can now be managed as a native system service, enabling:

• Automatic service start/restart
• Easier deployment via systemd-run or custom units
• Cleaner integration with existing service orchestration tools

This makes ShellHub an ideal fit for enterprise Linux environments like RHEL, CentOS Stream, and Fedora CoreOS, where systemd is the foundation of service management.

No Daemon, Less Complexity

Podman is daemonless, which simplifies container execution and eliminates the need for a central dockerd process. This improves:

• Resource efficiency
• Debuggability
• Compatibility with minimal, secure systems

While ShellHub still requires elevated privileges to manage SSH tunnels and namespaces, meaning full rootless mode is not yet available, users still benefit from Podman’s simplicity and flexibility.

? Important clarification: ShellHub does not currently support rootless Podman, as root privileges are required to enable key low-level networking and namespace features. However, teams can still deploy ShellHub using Podman with root access.

Seamless with Existing OCI Workflows

Podman is fully compliant with the OCI (Open Container Initiative) standard, which means:

• ShellHub images work out of the box
• No CI/CD pipeline changes are needed
• You can use Podman as a drop-in replacement for Docker in your build and deploy process

This minimizes friction and shortens time-to-deploy for teams already familiar with container-based infrastructure.

Who Benefits Most from Podman Support?

ShellHub's Podman support is a big win for:

• Enterprises deploying in Red Hat-based environments
• Aerospace and industrial systems with strict runtime and daemon constraints
• QA and development teams building with Podman for test automation
• Organizations prioritizing container runtime isolation and policy compliance

Wherever teams want more control, less overhead, and Docker-free deployment, ShellHub fits right in.

And That’s Not All: ShellHub v0.19.0 at a Glance

In addition to Podman compatibility, ShellHub v0.19.0 delivers several updates focused on performance, UX, and enterprise readiness:

Improved UI/UX

• Migrated to <script setup> in Vue UI for faster, cleaner frontend development
• Refactored session layout and lists for better performance
• Enhanced notifications with clearer feedback and error handling

Enhanced Session Recording (Cloud & Enterprise)

• More stable session capture under long SSH sessions
• Improved audit trail capabilities for compliance-heavy use cases

Backend & Security Improvements

• Updated dependencies for security and compatibility
• Core performance improvements
• Minor bug fixes and logic cleanup

Ready to try ShellHub with Podman?

Whether you’re securing access to embedded devices or scaling remote support across fleets, ShellHub’s flexibility now fits even more environments.

? Try ShellHub free
? Read the full changelog,