Skip to main content

Try free on Pangolin Cloud

Fastest way to get started with Pangolin using the hosted control plane. No credit card required.
Only available in Pangolin Cloud and Enterprise Edition.
SSH public resources render a full interactive terminal in the browser. Users visit a FQDN—no SSH client or Pangolin desktop client is required.
Interactive SSH terminal rendered in the Pangolin web dashboard

How It Works

  1. You assign a FQDN on a domain managed in Pangolin.
  2. The user completes public resource authentication in the browser (platform SSO, identity providers, access rules, and so on).
  3. Depending on the SSH configuration you chose, the user may be prompted for a second credential step or proceed directly into the terminal.
  4. Pangolin renders the session and proxies traffic to the backend through a site connector.

Site and Host Configuration

SSH public resources do not use targets. Instead, you:
  1. Select which sites can route to the resource.
  2. Enter the backend host and port—unless you selected Pangolin SSH mode, which executes sessions on the site connector host and does not require a host or port.
Pangolin SSH mode requires root. Newt must run as root on the site connector host. Use sudo newt ... or run the Newt systemd service as root. See Install a site.
Pangolin routes through the site that is online and healthiest, using the same intelligent multi-site routing model as private resources.

SSH Configuration

The SSH settings on a public resource use the same options as private SSH resources. Mode, authentication method, and auth daemon location are configured identically in the dashboard. See SSH Access for a full explanation of each option, setup instructions, and an example for every configuration combination.

How Public SSH Differs from Private SSH

Public SSHPrivate SSH
AccessWeb browser at a public FQDNPangolin CLI: pangolin ssh <alias>
Client requiredNoYes — user must be connected with the Pangolin client
First auth layerPublic resource authentication — login page, SSO, access rulesIdentity from the active client connection; private resource access rules
HostnamePublic FQDN on your Pangolin domainAlias on the private resource

Authentication and Access Rules

SSH public resources are protocol-aware and support the full set of Pangolin authentication and access rules. These rules gate who can reach the resource URL in the first place—before any SSH session or host credential prompt begins. You can configure these settings inline on the resource or attach a shared resource policy and add resource-specific overrides on top.