All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Marix open source desktop SSH client for developers and sysadmins
I’ve just finished Marix, a desktop SSH client for developers and sysadmins who want full control over their credentials.
Core philosophy
🔐 Zero-knowledge by design
☁️ No servers, no backend
📊 No telemetry, no tracking
🔓 Open-source (GPL-3.0)
Features
SSH / SFTP / FTP / FTPS
Full terminal experience (xterm.js)
Dual-pane SFTP file manager
SSH key & known hosts management
RDP (Windows & Linux)
DNS & network tools
LAN file transfer & LAN server sharing
Backup model (updated)
Backups are encrypted with Argon2id + AES-256-GCM
You can:
export an encrypted .marix file locally
sync encrypted backups to GitHub, GitLab, or Box
Cloud providers only store encrypted blobs
No password recovery
Lose the password → lose the data (by design)
Marix prioritizes control and transparency over convenience.
I’m looking for feedback on UX decisions, threat model, and backup workflows.
👉 Website: marix.dev
👉 Source code & full README on GitHub
Comments
I will give it a try
Thanks you
Android?
This stole all my server details
red flag , windows app seems suspect
This is a serious claim.
Marix is fully open-source and works offline. It does not send any server data to third-party services.
If you believe data was exfiltrated, please provide technical evidence (logs, network traces, or a reproducible report).
Otherwise, this statement is misleading.
Calling something “suspect” without evidence isn’t useful.
Marix is open-source, works offline, and does not transmit server data anywhere.
If you find an actual issue while testing, please share logs or a reproducible case.
Windows defender suspect it not me, i don't process the full installation anyway
Windows Defender flagging an unsigned or newly released binary is expected behavior.
Marix installers are not code-signed yet, and the project is very new, so SmartScreen/Defender may show warnings.
The source code is fully open and builds are reproducible.
If you believe Defender detected something specific, please share the detection name or hash so it can be investigated properly.
ooo, i love the UI. def going to try it out soon. got so many ssh keys
Thank you
Can you automate syncing on Apple devices like how Obsidian automated it by using a shared iCloud storage location?
Simple feature, huge benefit for a large ecosystem of users.
This is a good suggestion, and it’s something I’d like to support in the future.
At the moment, Marix doesn’t support iCloud-based syncing because it requires an Apple Developer account, which isn’t available yet for this project.
For now, this feature is on the waitlist.
Thanks for the suggestion.
A huge love from me! Thanks for the incredible designs and UX!
Hope can add in quick commands or snippets with shortcut keys so I save some time typing some commands repeatedly.
Just a few quick remarks
Kudos for at least using TypeScript but security requires a serious and compiled language
Also; WOW what a lot of functionality - BUT: security tends to be indirectionally proportional to featuritis. In fact, one of the golden rules of the field basically is a stronger version of Unix' "do one thing and do it well!".
TL;DR I guess that many will at least be interested and likely even try your software. I will not though. But thanks for your work.
Looks to be llm slop.
Given this involves storing secrets, have you actually reviewed the generated code?
Yes.
All code related to credential handling and backups is manually written and reviewed.
Marix does not store raw secrets remotely, has no backend, and performs encryption locally before any data leaves the device.
The full implementation is open-source and documented in the repository.
Thanks for the thoughtful feedback.
Marix intentionally prioritizes workflow integration over minimalism, with security boundaries enforced at specific layers rather than by reducing feature count alone.
Security-critical paths (encryption, key handling, backups) are explicitly implemented and isolated, and the project is fully open for audit.
I agree it won’t fit everyone’s philosophy, but that trade-off is deliberate.
The GUI is very similar to termius. Got inspired by it?
Thank you so much! Really glad you like the design and UX 🙏
Quick commands/snippets are a great idea.
Could you share a few examples of commands you run repeatedly and how you usually trigger them?
I’d love to understand your workflow better and see how this could fit into Marix.
It’s hard not to be influenced by tools you’ve used over the years, and Termius is definitely one of the well-known SSH clients out there.
That said, Marix is designed around a different philosophy and workflow, especially around offline-first usage, backups, and security boundaries.
Similar problems often lead to similar UI patterns.
update 1.0.5 see on https://github.com/marixdev/marix
Why do we want TypeScript+V8 instead of the highly efficient
/usr/bin/ssh?We don’t replace /usr/bin/ssh.
Marix uses the system SSH and focuses on orchestration, UX, and workflow around it.
TypeScript/V8 is used for cross-platform UI, state management, and integration logic — not for implementing the SSH protocol itself.
Optional, but highly recommended - inform users that app code generated by llm. To manage expectations.
Thanks for the suggestion.
For clarity: security-critical parts of Marix are manually written and reviewed.
LLMs, where used at all, are limited to non-critical areas and never generate code that handles secrets or cryptography.
The entire codebase is open-source and auditable, which is the primary way expectations are managed.
Looks good, will give it a try after going home!
Thank you
He should be banned for this post. Sorry, someone is coding something for free, open source and you disrespect the guy coding it in the worst way. I don't know what wrong with you...
dont be a snowflake