Truly convenient SSH

Added in version 0.25.0: Automatic shell integration, file transfer and reuse of connections

Added in version 0.30.0: Automatic forwarding of remote control sockets

The ssh kitten allows you to login easily to remote hosts, and automatically setup the environment there to be as comfortable as your local shell. You can specify environment variables to set on the remote host and files to copy there, making your remote experience just like your local shell. Additionally, it automatically sets up Shell integration on the remote host and copies the kitty terminfo database there.

The ssh kitten is a thin wrapper around the traditional ssh command line program and supports all the same options and arguments and configuration. In interactive usage scenarios it is a drop in replacement for ssh. To try it out, simply run:

kitten ssh some-hostname-to-connect-to

You should end up at a shell prompt on the remote host, with shell integration enabled. If you like it you can add an alias to it in your shell’s rc files:

alias s="kitten ssh"

So now you can just type s hostname to connect.

If you define a mapping in kitty.conf such as:

map f1 new_window_with_cwd

Then, pressing F1 will open a new window automatically logged into the same host using the ssh kitten, at the same directory.

The ssh kitten can be configured using the ~/.config/kitty/ssh.conf file where you can specify environment variables to set on the remote host and files to copy from the local to the remote host. Let’s see a quick example:

# Copy the files and directories needed to setup some common tools
copy .zshrc .vimrc .vim
# Setup some environment variables
env SOME_VAR=x
# COPIED_VAR will have the same value on the remote host as it does locally
env COPIED_VAR=_kitty_copy_env_var_

# Create some per hostname settings
hostname someserver-*
copy env-files
env SOMETHING=else

hostname someuser@somehost
copy --dest=foo/bar some-file
copy --glob some/files.*

See below for full details on the syntax and options of ssh.conf. Additionally, you can pass config options on the command line:

kitten ssh --kitten interpreter=python servername

The --kitten argument can be specified multiple times, with directives from ssh.conf. These override the final options used for the matched host, as if they had been appended to the end of the matching section for that host in ssh.conf. They apply only to the host being SSHed to by this invocation, so any hostname directives are ignored.

Warning

Due to limitations in the design of SSH, any typing you do before the shell prompt appears may be lost. So ideally don’t start typing till you see the shell prompt. 😇

A real world example

Suppose you often SSH into a production server, and you would like to setup your shell and editor there using your custom settings. However, other people could SSH in as well and you don’t want to clobber their settings. Here is how this could be achieved using the ssh kitten with zsh and vim as the shell and editor, respectively:

# Have these settings apply to servers in my organization
hostname myserver-*

# Setup zsh to read its files from my-conf/zsh
env ZDOTDIR=$HOME/my-conf/zsh
copy --dest my-conf/zsh/.zshrc .zshrc
copy --dest my-conf/zsh/.zshenv .zshenv
# If you use other zsh init files add them in a similar manner

# Setup vim to read its config from my-conf/vim
env VIMINIT=$HOME/my-conf/vim/vimrc
env VIMRUNTIME=$HOME/my-conf/vim
copy --dest my-conf/vim .vim
copy --dest my-conf/vim/vimrc .vimrc

How it works

The ssh kitten works by having SSH transmit and execute a POSIX sh (or optionally Python) bootstrap script on the remote host using an interpreter. This script reads setup data over the TTY device, which kitty sends as a Base64 encoded compressed tarball. The script extracts it and places the files and sets the environment variables before finally launching the login shell with shell integration enabled. The data is requested by the kitten over the TTY with a random one time password. kitty reads the request and if the password matches a password pre-stored in shared memory on the localhost by the kitten, the transmission is allowed. If your local OpenSSH version is >= 8.4 then the data is transmitted instantly without any roundtrip delay.

Note

When connecting to BSD hosts, it is possible the bootstrap script will fail or run slowly, because the default shells are crippled in various ways. Your best bet is to install Python on the remote, make sure the login shell is something POSIX sh compliant, and use python as the interpreter in ssh.conf.

Note

This may or may not work when using terminal multiplexers, depending on whether they passthrough the escape codes and if the values of the environment variables KITTY_PID and KITTY_WINDOW_ID are correct in the current session (they can be wrong when connecting to a tmux session running in a different window) and the ssh kitten is run in the currently active multiplexer window.

Host bootstrap configuration

hostname
hostname *

The hostname that the following options apply to. A glob pattern to match multiple hosts can be used. Multiple hostnames can also be specified, separated by spaces. The hostname can include an optional username in the form user@host. When not specified options apply to all hosts, until the first hostname specification is found. Note that matching of hostname is done against the name you specify on the command line to connect to the remote host. If you wish to include the same basic configuration for many different hosts, you can do so with the include directive. In version 0.28.0 the behavior of this option was changed slightly, now, when a hostname is encountered all its config values are set to defaults instead of being inherited from a previous matching hostname block. In particular it means hostnames dont inherit configurations, thereby avoiding hard to understand action-at-a-distance.

interpreter
interpreter sh

The interpreter to use on the remote host. Must be either a POSIX complaint shell or a python executable. If the default sh is not available or broken, using an alternate interpreter can be useful.

remote_dir
remote_dir .local/share/kitty-ssh-kitten

The location on the remote host where the files needed for this kitten are installed. Relative paths are resolved with respect to $HOME. Absolute paths have their leading / removed and so are also resolved with respect to $HOME.

copy

Copy files and directories from local to remote hosts. The specified files are assumed to be relative to the HOME directory and copied to the HOME on the remote. Directories are copied recursively. If absolute paths are used, they are copied as is. For example:

copy .vimrc .zshrc .config/some-dir

Use --dest to copy a file to some other destination on the remote host:

copy --dest some-other-name some-file

Glob patterns can be specified to copy multiple files, with --glob:

copy --glob images/*.png

Files can be excluded when copying with --exclude:

copy --glob --exclude *.jpg --exclude *.bmp images/*

Files whose remote name matches the exclude pattern will not be copied. For more details, see The copy command.

Login shell environment

shell_integration
shell_integration inherited

Control the shell integration on the remote host. See Shell integration for details on how this setting works. The special value inherited means use the setting from kitty.conf. This setting is useful for overriding integration on a per-host basis.

login_shell

The login shell to execute on the remote host. By default, the remote user account’s login shell is used.

env

Specify the environment variables to be set on the remote host. Using the name with an equal sign (e.g. env VAR=) will set it to the empty string. Specifying only the name (e.g. env VAR) will remove the variable from the remote shell environment. The special value _kitty_copy_env_var_ will cause the value of the variable to be copied from the local environment. The definitions are processed alphabetically. Note that environment variables are expanded recursively, for example:

env VAR1=a
env VAR2=${HOME}/${VAR1}/b

The value of VAR2 will be <path to home directory>/a/b.

cwd

The working directory on the remote host to change to. Environment variables in this value are expanded. The default is empty so no changing is done, which usually means the HOME directory is used.

color_scheme

Specify a color scheme to use when connecting to the remote host. If this option ends with .conf, it is assumed to be the name of a config file to load from the kitty config directory, otherwise it is assumed to be the name of a color theme to load via the themes kitten. Note that only colors applying to the text/background are changed, other config settings in the .conf files/themes are ignored.

remote_kitty
remote_kitty if-needed

Make kitten available on the remote host. Useful to run kittens such as the icat kitten to display images or the transfer file kitten to transfer files. Only works if the remote host has an architecture for which pre-compiled kitten binaries are available. Note that kitten is not actually copied to the remote host, instead a small bootstrap script is copied which will download and run kitten when kitten is first executed on the remote host. A value of if-needed means kitten is installed only if not already present in the system-wide PATH. A value of yes means that kitten is installed even if already present, and the installed kitten takes precedence. Finally, no means no kitten is installed on the remote host. The installed kitten can be updated by running: kitten update-self on the remote host.

SSH configuration

share_connections
share_connections yes

Within a single kitty instance, all connections to a particular server can be shared. This reduces startup latency for subsequent connections and means that you have to enter the password only once. Under the hood, it uses SSH ControlMasters and these are automatically cleaned up by kitty when it quits. You can map a shortcut to close_shared_ssh_connections to disconnect all active shared connections.

askpass
askpass unless-set

Control the program SSH uses to ask for passwords or confirmation of host keys etc. The default is to use kitty’s native askpass, unless the SSH_ASKPASS environment variable is set. Set this option to ssh to not interfere with the normal ssh askpass mechanism at all, which typically means that ssh will prompt at the terminal. Set it to native to always use kitty’s native, built-in askpass implementation. Note that not using the kitty askpass implementation means that SSH might need to use the terminal before the connection is established, so the kitten cannot use the terminal to send data without an extra roundtrip, adding to initial connection latency.

delegate

Do not use the SSH kitten for this host. Instead run the command specified as the delegate. For example using delegate ssh will run the ssh command with all arguments passed to the kitten, except kitten specific ones. This is useful if some hosts are not capable of supporting the ssh kitten.

forward_remote_control
forward_remote_control no

Forward the kitty remote control socket to the remote host. This allows using the kitty remote control facilities from the remote host. WARNING: This allows any software on the remote host full access to the local computer, so only do it for trusted remote hosts. Note that this does not work with abstract UNIX sockets such as @mykitty because of SSH limitations. This option uses SSH socket forwarding to forward the socket pointed to by the KITTY_LISTEN_ON environment variable.

The copy command

copy [options] file-or-dir-to-copy ...

Copy files and directories from local to remote hosts. The specified files are assumed to be relative to the HOME directory and copied to the HOME on the remote. Directories are copied recursively. If absolute paths are used, they are copied as is.

Options

--glob

Interpret file arguments as glob patterns. Globbing is based on standard wildcards with the addition that /**/ matches any number of directories. See the detailed syntax.

--dest <DEST>

The destination on the remote host to copy to. Relative paths are resolved relative to HOME on the remote host. When this option is not specified, the local file path is used as the remote destination (with the HOME directory getting automatically replaced by the remote HOME). Note that environment variables and ~ are not expanded.

--exclude <EXCLUDE>

A glob pattern. Files with names matching this pattern are excluded from being transferred. Only used when copying directories. Can be specified multiple times, if any of the patterns match the file will be excluded. If the pattern includes a / then it will match against the full path, not just the filename. In such patterns you can use /**/ to match zero or more directories. For example, to exclude a directory and everything under it use **/directory_name. See the detailed syntax for how wildcards match.

Control what happens if the specified path is a symlink. The default is to preserve the symlink, re-creating it on the remote machine. Setting this to resolve will cause the symlink to be followed and its target used as the file/directory to copy. The value of keep-path is the same as resolve except that the remote file path is derived from the symlink’s path instead of the path of the symlink’s target. Note that this option does not apply to symlinks encountered while recursively copying directories, those are always preserved. Default: preserve Choices: keep-path, preserve, resolve

Copying terminfo files manually

Sometimes, the ssh kitten can fail, or maybe you dont like to use it. In such cases, the terminfo files can be copied over manually to a server with the following one liner:

infocmp -a xterm-kitty | ssh myserver tic -x -o \~/.terminfo /dev/stdin

If you are behind a proxy (like Balabit) that prevents this, or you are SSHing into macOS where the tic does not support reading from STDIN, you must redirect the first command to a file, copy that to the server and run tic manually. If you connect to a server, embedded, or Android system that doesn’t have tic, copy over your local file terminfo to the other system as ~/.terminfo/x/xterm-kitty.

If the server is running a relatively modern Linux distribution and you have root access to it, you could simply install the kitty-terminfo package on the server to make the terminfo files available.

Really, the correct solution for this is to convince the OpenSSH maintainers to have ssh do this automatically, if possible, when connecting to a server, so that all terminals work transparently.

If the server is running FreeBSD, or another system that relies on termcap rather than terminfo, you will need to convert the terminfo file on your local machine by running (on local machine with kitty):

infocmp -CrT0 xterm-kitty

The output of this command is the termcap description, which should be appended to /usr/share/misc/termcap on the remote server. Then run the following command to apply your change (on the server):

cap_mkdb /usr/share/misc/termcap