[HN Gopher] Show HN: XPipe, a shell connection hub for SSH, Dock...
___________________________________________________________________
Show HN: XPipe, a shell connection hub for SSH, Docker, K8s, VMs,
and more
Hey HN, I built XPipe as I always wanted to have an easy file
system and terminal access to all of my remote systems, including
containers, virtual machines, clusters, and more that you normally
can't connect to with existing solutions out of the box. XPipe is
a new type of connection hub that allows you to access your entire
server infrastructure from your local desktop. It can make your
life easier when working with any kind of servers by eliminating
all the commonly tedious tasks that come up when interacting with
remote systems, either from the terminal or from a graphical
interface. XPipe comes with integrations for SSH, docker and other
containers, various hypervisors like Proxmox, Kubernetes clusters,
tools like Teleport and Tailscale, and more without requiring any
setup on your remote systems. You can link your favourite text/code
editors, terminals, password managers, shells, command-line tools,
and more with it, allowing you to keep using your own favourite
tools when working with XPipe. The entire implementation of how it
communicates with remote systems is completely different from most
other solutions out there. What happens in the background can
essentially be explained this way: It launches a local shell
process like cmd or bash and executes a command that opens a remote
shell connection such as ssh user@host in that shell process. All
communication is then done through the stdin/stdout/stderr of that
shell process. From there, it detects what kind of server and
environment, such as shell type, os, user, etc. you have logged
into and adjusts how it talks to the remote system. By then using,
for example, file system related commands such as ls, rm, touch,
etc. and its equivalents, it can realize a functional file manager
that can connect to essentially every system. It is essentially
the same idea as emacs TRAMP mode if you have ever used that. With
the difference being that it works on all kinds of systems and is
also not constrained to a certain editor/tool environment. VSCode
also uses a similar approach for some of the remote development
tools with SSH, but that one is more limited in scope and is a
little bit sluggish to use. And it's also bound to the VSCode
platform. The goal of XPipe's implementation is to not be limited
by a certain environment or specific set of tools. The development
took a while as this new approach requires a completely new
implementation in many areas, but I am confident that it's ready
now. I appreciate any kind of feedback from you to guide me in the
right development direction from here. Enjoy!
Author : crschnick
Score : 154 points
Date : 2025-03-12 03:16 UTC (19 hours ago)
(HTM) web link (xpipe.io)
(TXT) w3m dump (xpipe.io)
| bb88 wrote:
| I just want to purchase software these days. Not another
| subscription.
| smaccona wrote:
| The homelab and professional editions have lifetime licenses
| available - I didnt notice them in the pricing section but
| there's a link to them in the FAQ
| bb88 wrote:
| The issue is do I own the software or rely upon SaaS infra I
| can't control?
|
| I'm not really interested in the latter.
| crschnick wrote:
| You will own a lifetime license for the software if you
| choose the lifetime plan.
|
| Everyone has seen it in practice that some companies try to
| pull a bait and switch by then changing the terms of
| licenses or simply shutting down the servers when going out
| of business. Since this is a desktop tool not hosted on any
| server infrastructure, at least the latter part isn't that
| much of a risk. You still have to have some trust in me to
| honor the license terms, but I try my best to build that
| trust.
|
| There is also an offline license functionality, meaning
| that if you obtain a lifetime license and request an
| offline license file, that one will not perform any
| verification with any online services, so it will work
| forever without any dependency on some SaaS infra. Anyone
| interested in that can simply request an offline license,
| you can find the details on the pricing page. The offline
| licenses are also often used for usage in air-gapped
| environments.
| KomoD wrote:
| The feature matrix says you can't get an offline license
| with "Homelab" though.
| crschnick wrote:
| Alright, fair point. I will change that on the website,
| you can still write me an email to request that
| crschnick wrote:
| I fully get that. The reason why it focuses on the subscription
| model is that is quite difficult to plan ahead with an
| irregular revenue stream. Everything is financed via
| bootstrapping, so I can't afford to burn through money or have
| irregular revenue over time when planning expenses.
| BehindTheMath wrote:
| Doesn't that mean that you're charging extra from those that
| don't care about updates to subsidize them for those that do?
| whalesalad wrote:
| that's how software as a service works.
| crschnick wrote:
| I think everyone cares about updates to some degree.
| Doesn't have to be about big feature updates, just
| continuous fixes for various small bugs and performance
| improvements can improve you user experience quite a bit.
|
| If you used XPipe a year ago, it's night and day compared
| to today in terms of features, stability, and performance.
| bb88 wrote:
| So typically I'm fine with something like a $50 upfront cost
| and then $10/year for updates (that actually get updated).
|
| Or maybe a license with $70 with two years of updates
| included and then $10/year afterward.
|
| Or what Jetbrains does and reduce the cost of the
| subscription over time, but let the users still use their
| last version after the subscription ends.
| VectorLock wrote:
| If it worked with Okta ASA (formerly ScaleFT) that would be
| pretty cool. Be able to auth into Okta and have all the servers
| registered in ASA presented to you.
| crschnick wrote:
| Yeah things like Okta are planned to be supported in the long
| term. Just need to prioritize the different integrations as
| there are so much tools I can still add support for. And every
| single integration presents its unique challenges, so these all
| take some time.
| mintplant wrote:
| Not to overwhelm you, but Cloudflare Access support would be
| great, too. Beautiful work!
| crschnick wrote:
| Yeah feel free to open a feature request on GitHub, that
| way I can keep track easier. You can also make my life much
| easier if you provide more details on how exactly such an
| integration could work. Because in practice, many requested
| integrations are for tools that I have never used before. I
| have to first figure them out myself and set up proper a
| testing environment. That part sometimes takes more time
| than implementing the actual integration itself because
| some tools are quite difficult to set up (Looking at you,
| goteleport).
| f2hex wrote:
| Why are we still using Java for these kinds of solutions today?
| crschnick wrote:
| Can you elaborate on that? Then I can better respond to your
| specific points on why it shouldn't be used
| f2hex wrote:
| Well, it would necessitate a dedicated conversation. In my
| opinion, there are better languages and runtimes available
| today to create such solutions, such as Go and Rust, to name
| a couple of the most suitable ones.
|
| I believe Java is no longer an appealing choice for these
| types of tools, but I still like the project and its
| development process.
| crschnick wrote:
| So far I'm happy with the choice. The ecosystem is mature,
| the build tools (maven/gradle) are solid to build this more
| complicated project, JavaFX works well enough to realize
| cross-platform applications, and the performance with
| modern JIT compilation from GraalVM is good. Currently I'm
| not missing something important from the tech stack.
|
| Next week, when JDK 24 is released for the general
| availability, I plan to immediately switch to that as there
| will be additional performance gains with Project Leyden's
| AOT compilation and Project Liliput's memory improvements.
| So I'm positive for the future.
| trurl42 wrote:
| Go and Rust are more suited than Java for building
| graphical user interfaces that run cross-platform? That
| would be news to me.
|
| Sure it can be done, but it's not exactly like there are
| well-established solutions for this.
| robertlagrant wrote:
| Can you name the top three reasons why Go or Rust would be
| better for this?
| globular-toast wrote:
| 1. Rust is cool, 2. Go is cool, 3. Java is uncool.
| robertlagrant wrote:
| That is pretty persuasive!
| mike_hearn wrote:
| Neither Go nor Rust have a GUI toolkit anywhere close to
| the capabilities of JavaFX, so in practice such an app
| would largely be written in JavaScript. If you want to use
| one language for your desktop app, be portable, and avoid
| the complexities that come with web development, Java is
| the best possible choice today (arguably the only choice
| other than maybe Qt).
| whalesalad wrote:
| why not? cross platform, lots of ui toolkits, huge ecosystem of
| packages and tools.
|
| tbh java is a perfect choice for a tool like this. building it
| in rust or go would take 10x the time.
| r0b05 wrote:
| Your website is really cool.
| crschnick wrote:
| Thanks, that means a lot to a full stack developer like me
| rubin55 wrote:
| Hey, I just wanted to congratulate you with a very impressive
| release, the software looks amazing, and I think I will give it a
| try pretty soon. A question: I see only subscription pricing; is
| a lifetime licence possible, or a licence like the way jetbrains
| does it (you pay for version, and maintain the right to keep
| using the version that was available when the license/subscrition
| expires, you can re-activate any time).
|
| I'm particularly interested in this "field". I've build something
| similar many moons ago [1], in the same spirit, but much more
| primitive. I later started a company around an evolved idea,
| where the structure you sort of see in your screenshots is
| effectively a DAG with arbitrary depth (we didn't manage to
| release it unfortunately, complexity overtook us).
|
| In any case, much congratulations + good luck with the launch!
|
| [1]: https://github.com/raaftech/session
| crschnick wrote:
| Thanks! Yes, you can find lifetime licenses on the pricing page
| further down. A perpetual fallback license model like jetbrains
| has does not exist yet. But I could look into this in the
| future.
|
| It's cool to see that there are also other people in that
| space. And about the complexity, I definitely know what you
| mean. It took a long while before this approach even worked and
| also took a while until it was actually stable. One of the main
| points of consideration whenever I think of adding something is
| the added complexity, because it's very important for me to
| keep that as low as possible. Otherwise I will end up with an
| unmaintainable workload. There were definitely a few
| interesting features I discarded to keep the application as
| lean as possible.
| gbraad wrote:
| > connections to those systems are only possible starting from
| the professional plan: Red Hat Enterprise Linux systems, etc
|
| /me blinks. An OS is an OS... so, access to developer licenses
| for these are Professional use too?
|
| > connections to those systems are only possible starting from
| the homelab plan: Oracle Linux systems
|
| /me blinks even more ...
| crschnick wrote:
| That is implemented under the assumption that these distros are
| most of the time used in enterprise contexts. I know that this
| is not always the case, there is the option to upgrade to a
| license at no cost to the next tier if you're only using it for
| personal use. Just send me an email I can upgrade it for you.
| fru654 wrote:
| > That is implemented under the assumption that these distros
| are most of the time used in enterprise contexts.
|
| I've been using OEL since before Rocky was a thing. It was
| and still is a free alternative to RHEL.
|
| Apart from that, all my planned use of XPipe fits entirely in
| the Community feature set (maybe apart from Yubikey/GPG
| agent).
|
| But now I'd need to pay $5 a month just to open a shell? No
| thanks.
|
| Also, a slight tangent, but charging homelab folks $5/mo is
| weird. The only profit I'm making with my homelab is
| negative. And I, as a developer, would much more likely to
| ask my employer to buy an enterprise license if I actually
| liked using it at home. Like Tailscale, JetBrains, etc.
| crschnick wrote:
| Considering the costs of a more serious homelab, I think
| paying $5 a month for a tool that can save you some time
| and effort, can be reasonable. Of course only if you see
| the value for yourself. That value comes from more features
| than just the shell opener, that is only a part of XPipe.
|
| The community version is pretty extensive in what you can
| do with it, so I think you can accurately judge whether the
| homelab plan is worth it for you by using it for a bit.
| hobofan wrote:
| Tried it out and it's amazing!
|
| I'm a freelancer working with different clients with a mix of the
| technologies you listed (Docker/Kubernetes) and I'm using
| Tailscale for mostly personal use-cases, so this hits all the
| right spots.
|
| Up until now I proxied most of my stuff on a macOS client via
| "SSH Tunnel Manager", which has quite a clunky UI, and whenever I
| have to reconfigure something there the current feedback of the
| current connection state isn't always right. I just moved all
| those settings to XPipe, and it works like a charm.
|
| Previously I also used the same solution for accessing some
| internal websites via a combination of the SSH tunnels +
| /etc/hosts entries + header rewrites, which depending on the
| complexity of the websites sometimes works great and sometimes
| doesn't at all. With XPipe I was easily able to set up a SOCKS
| proxy, which I previously gave up on trying to figure out. Paired
| that with FoxyProxy on Firefox and now all the websites work like
| a charm!
| crschnick wrote:
| Great that it works for you. I also struggled a lot with
| setting up various different types of tunnels initially,
| especially more complex ones. That was one of the motivations
| why I started developing it.
| import wrote:
| Tried, seems nice, but don't want another subscription.
| crschnick wrote:
| Note that there are also lifetime plans available later down
| the pricing page.
| mgaunard wrote:
| does it support AWS SSM?
| crschnick wrote:
| Not yet. But it is definitely on my roadmap for the future to
| provide an integration for aws in general, maybe also including
| SSM
| wkat4242 wrote:
| Hmm looks interesting but all my servers require openpgp (yubikey
| with gpg agent support) so I'd have to use the homelab tier. And
| I'm very adverse to subscriptions.
|
| And I don't think it's available for my os, otherwise I'd try it.
| But it's ok, I have my own setups for this stuff.
| crschnick wrote:
| What os are you using?
|
| And about adversity to subscriptions, note that you can also
| obtain lifetime licenses further down the pricing page.
| m0d0nne11 wrote:
| FYI: y'all are talking about an "aversion" and not an
| adversity.
| npodbielski wrote:
| Nice. Just add remote desktop and vnc and it would be nice
| alternative to remmina.
| crschnick wrote:
| The goal of XPipe is to be connection hub that brings together
| your tools, not really replace them. For example with RDP and
| remmina, XPipe has an integration for remmina to launch RDP
| connections directly, making it easier for you to quickly boot
| into RDP sessions. Especially when you combine it with the
| automatic SSH tunneling functionality for RDP that is also
| included.
|
| For VNC, as the a landscape of tools to integrate is a little
| bit less populated compared to RDP, XPipe has a built-in VNC
| client. However, if you still want to use your own VNC client,
| you can do so using the service tunnel functionality.
| npodbielski wrote:
| Very nice then. I looked through the page and did not saw
| anywhere mention of any remote desktop technology, but I also
| did not looked thorough enough.
|
| Will try it to see how this work.
| Cynddl wrote:
| Previous discussions:
|
| https://news.ycombinator.com/item?id=40599419 (9 months ago)
|
| https://news.ycombinator.com/item?id=38412162 (2 years ago)
|
| https://news.ycombinator.com/item?id=37186039 (2 years ago)
| InMice wrote:
| Where can I find what the "advanced ssh features" are for homelab
| version? Can't seem to find such details on the website right
| now..
|
| Thank you for this, it looks amazing. With so many client
| machines, servers, raspberry pis, tunneling to home, RDP sessions
| etc etc these days it gets out of hand managing connections. I
| can't wait to try this. Thank you
| crschnick wrote:
| On the pricing page, you can find a feature matrix. The
| advanced SSH features are basically things like smartcard
| support, custom Pkcs#11 libraries, etc.
| dangoodmanUT wrote:
| this is cool, but it looks like a security posture nightmare XD
| crschnick wrote:
| If you're looking for security details, you can find them at
| https://docs.xpipe.io/reference/security
| sepositus wrote:
| Question for the developer: for the Kubernetes integration, I use
| aws-vault to generate short-lived credentials to authenticate
| with my clusters (meaning, by default, kubectl doesn't work
| outside of this context).
|
| Would it be possible to get XPipe to work with this constraint?
| Couldn't find much in the docs.
| crschnick wrote:
| Now I don't fully know the details of your setup, but in
| general XPipe just works on top of your kubectl installation.
| So it will only work if you could manually connect to your
| clusters via kubectl in a terminal. But you can always just try
| it out and see what happens the community version because I
| can't say that for sure.
| sepositus wrote:
| Yeah, I'm assuming you're just calling kubectl directly
| underneath the hood. The way that aws-vault works is that you
| do something like: `aws-vault exec kubectl ...` or you can
| just do `aws-vault exec` and drop into a subshell. In both
| cases, a set of short-lived AWS credentials are exposed via
| the AWS-defined environment variables to the process (or
| shell context). The kubeconfig is then configured to handle
| authentication via AWS (rather than the default certificate
| method).
|
| So, if you just straight-up call `kubectl` within XPipe
| without having AWS credentials already available, then it
| would fail. So, I'm guessing this wouldn't work.
| axkdev wrote:
| Hi! Looks like a very interesting tool, as a stubborn cli-only
| user, I was pleased that there is cli version of this alongside
| the GUI verison. However, trying to look into the documentation
| of the cli has left me with a 404 page.
| https://docs.xpipe.io/cli/man
| crschnick wrote:
| Whoops, it seems like some links were not updated yet. That
| should be just https://docs.xpipe.io/cli
|
| To preface that, the CLI is only very basic. The only real
| thing you can do with it is launch shell connections. For more
| advanced usage without the GUI, there is for example the Python
| API: https://docs.xpipe.io/guide/python-api
| sleepybrett wrote:
| i can already "access my entire infrastructre from my local
| desktop" using software that costs me $0 a month.
| crschnick wrote:
| That is true, but ideally with XPipe you can do that easier and
| faster. And with the time and effort you save each month, the
| few $ per month can be good deal for you.
| von_lohengramm wrote:
| > Windows enterprise systems are only supported with at least a
| XPipe Professional license. You can find information about
| upgrading to a professional license below.
|
| Welp. If I have to choose between XPipe and LTSC, I'm afraid LTSC
| is gonna win. I have no interest running a version of Windows
| where Windows Update will randomly decide to brick my install or
| better yet, add even more Candy Crushes to my start menu.
| mrbluecoat wrote:
| > Automatic detection of all containers on any system without
| manual configuration for docker, podman, LXD, incus, k8s,
| Proxmox, and more
|
| Apptainer?
| d0100 wrote:
| Are the community version limitations artificial? What part of
| this relies on SaaS infra?
|
| Can it import my connections from WinSCP?
| whistl034 wrote:
| The ARM Mac version crashes instantly upon launch with a window
| reporting a broken pipe error, and attempts to 'report and send
| diagnostics' gets the same problem.
|
| Well, I tried to try it. I guess I'll just bookmark it and try
| again at a later date.
___________________________________________________________________
(page generated 2025-03-12 23:01 UTC)