Use cases — SSH, SFTP, RDP & VNC for macOS
Manage AWS EC2 instances from your Mac
Connect to public and private EC2 instances with PEM keys, jump hosts, and tunnels — all from one native macOS app.
AWS gives you EC2 instances in two flavors: public-facing in the default VPC subnets (open to SSH from your laptop) and private in custom VPCs (reachable only via a bastion or VPN). Either way, the daily ergonomics depend on your SSH client. SSHive handles both natively: PEM file authentication out of the box, ProxyJump for bastion-mediated access, and tunnels for reaching RDS/ElastiCache/internal load balancers from your Mac. No more `ssh -i ~/keys/mykey.pem -J ec2-user@bastion ec2-user@10.0.1.42` muscle memory — every connection is a profile.
Connect to a public EC2 instance with a PEM key
When you create an EC2 instance, AWS gives you a `.pem` file. Download it, set permissions: `chmod 400 ~/Downloads/mykey.pem`. In SSHive, New Connection → enter the public DNS or IP, user (`ec2-user` for Amazon Linux, `ubuntu` for Ubuntu AMI, `admin` for Debian), auth method "Private Key", browse to your PEM. Save as profile. SSHive caches the key path — moving the PEM file later requires re-pointing the profile.
Reach private subnets via a bastion host
Best practice on AWS is to put application servers in private subnets and access them via a bastion in the public subnet. In SSHive, create a profile for the bastion first (public IP, ec2-user, your PEM). Then create a profile for the private instance: enter the private IP, user, key — and in the "Jump Host" section, select your bastion profile. SSHive handles the multi-hop SSH connection transparently, agent forwarding optional. No more SSH config-file editing every time AWS rotates an IP.
Connect TablePlus / DBeaver to private RDS via tunnel
RDS instances live in private subnets — TablePlus on your Mac cannot reach them directly. The trick: SSH-tunnel through your bastion. In SSHive's bastion profile, add a Local forward: local port 5432 → remote host `mydb.xxx.us-east-1.rds.amazonaws.com` → remote port 5432. Connect. Open TablePlus, point it at `localhost:5432` with your DB credentials. SSHive's SSH connection now proxies your DB queries securely.
Frequently asked questions
Does SSHive support AWS Session Manager?+
Not directly — Session Manager uses AWS's SSM agent and the AWS CLI, not raw SSH. However, you can use the AWS CLI to start an SSH-over-SSM port forward (`aws ssm start-session --target i-xxx --document-name AWS-StartSSHSession`) and then connect SSHive to the resulting localhost port like any other SSH endpoint.
How does SSHive handle AWS instance IP changes?+
For elastic IPs (paid, persistent), nothing changes. For ephemeral public IPs, edit the profile when AWS rotates them — or use the public DNS name (`ec2-x-x-x-x.compute.amazonaws.com`) which AWS keeps stable as long as the instance lives. Best practice: assign Elastic IPs to anything you SSH into often.
Can I copy files to S3 from SSHive?+
SSHive does SSH/SFTP, not S3. For S3 transfers, run `aws s3 cp` from SSHive's terminal — it works perfectly because the AWS CLI is just another command-line tool. SSHive's SFTP pane is for the EC2 instance's filesystem.
Step-by-step guides
How to generate and use SSH keys on a Mac
From `ssh-keygen` to passwordless servers in 5 minutes — covers ed25519, ssh-agent, the Apple Keychain, and SSHive integration.
How to use a jump host on a Mac
Visual ProxyJump configuration, agent forwarding, multi-hop chains — without editing ~/.ssh/config every time.
How to set up an SSH tunnel on a Mac
A complete guide to local, remote, and SOCKS5 SSH tunnels on macOS — both command-line and visually in SSHive.
Common use cases
Try SSHive Free for macOS
Get the all-in-one SSH, SFTP, RDP and VNC client for Mac. Free download, no signup required.