Built for IoT fleets, MSPs & DevOps teams

Reach every server,
every device — behind any firewall.

Zero-configuration reverse SSH tunnels for your entire fleet. No port forwarding, no VPN to plan, no third-party binaries on your hardware — just the tools already on your machines, controlled through one dashboard and API.

No agent install No static IP needed Bring your own public key

Trusted in production since 2016 — built and operated by Panon D.O.O.

5,000+
Clients per dedicated server
9 regions
Forwarding-server locations
0 agents
No third-party binaries
3 TB/mo
Bandwidth per dedicated plan
// Built for business workloads

One tunneling layer for every team that runs hardware in the field.

From a handful of customer servers to thousands of edge devices, sshReach.me removes the static-IP, port-forwarding and VPN headaches that block you from scaling.

IoT & device manufacturers

Provision thousands of devices per dedicated server. Auto-register on first boot via API, push updates to the whole fleet, then close every tunnel.

Managed service providers

Maintain customer Linux boxes on dynamic IPs without DDNS or open ports. Onboard a new client in minutes — not a network migration.

DevOps & webhooks

Expose a local webhook to Stripe, PayPal, GitHub or Slack with one tunnel. Share a staging environment with a client in seconds.

Remote & branch offices

Reach Windows PCs over VNC and Linux servers in small offices on ADSL or consumer ISP links. No static IP required.

Embedded Linux & edge

Built-in dropbear support for low-memory targets. Raspberry Pi, OpenWrt, custom embedded distros — if it ships SSH, it works.

Scheduled maintenance

Open tunnels on demand from CI/CD or cron, run your script, close the tunnel. Idle tunnels auto-close — nothing left exposed.

// 5 minutes from sign-up to first tunnel

Six steps. Zero infrastructure changes.

Your server creates the outbound tunnel — sshReach.me just provides the endpoint and the control plane. No inbound ports, no firewall rules to negotiate with the client's IT.

Open a business account

Sign up and pick a plan based on client count and bandwidth.

Upload your public key

Bring your own keypair or generate one in the dashboard. Private keys never leave you.

Drop the client script on your machines

A plain Python script — auditable, replaceable, no compiled binaries.

Run it on boot

systemd, init.d or a Windows service — pick what your platform uses.

Open a tunnel from the dashboard or API

Web UI for people, REST API for automation across thousands of devices.

SSH straight through

Forward port 22, VNC, HTTP or any port on paid plans. The tunnel auto-closes on idle.

We never run code we wrote on your hardware.

sshReach.me only uses the SSH tooling already installed on your machines. The client is a plain script you can read, fork or replace — there is no proprietary binary of unknown content to trust.

// What makes it enterprise-ready

Boring, predictable, secure — the way infrastructure should be.

End-to-end encryption, your keys

Tunnels use the SSH keypair you control. A compromised forwarding server still sees only opaque traffic.

REST API for fleet automation

Create clients, open and close tunnels, list devices, pull config — all scriptable, with unlimited calls on paid plans.

Per-server IP whitelisting

Dedicated plans add source-IP restrictions on top of key auth, so only your ops network can reach the endpoints.

9 regions, latency-aware

Endpoints in California, Texas, Ontario, Newark, England, Germany, India, Singapore and Japan.

Auditable, replaceable client

The client is a plain Python script — read it, fork it, write your own. No proprietary binaries on your hardware.

Auto-close on idle

Tunnels collapse automatically when unused — smaller attack surface, lower spend, nothing exposed longer than needed.

Team support & shared pools

Every paid plan includes team access — hand off ops without sharing passwords or root keys.

Cross-platform clients

Windows 7–11, macOS, RHEL, Ubuntu, Debian, Fedora, Arch, openSUSE, Raspbian, OpenWrt — if it ships SSH, it works.

// Pricing

Plans that scale from a side-project to a 5,000-device fleet.

Start on a shared forwarding server. Graduate to a dedicated server when you outgrow it — same client script, same API.

Team

€5/ mo

For small teams getting started with remote access.

  • 10 clients
  • 10 GB transfer / month
  • Unlimited API calls
  • Forward any port
  • Team support
  • Regional forwarding servers
Sign up

Dedicated

from€400/ mo

Your own forwarding server — for OEMs and large fleets.

  • 5,000 clients per server
  • 3 TB transfer / month
  • Unlimited API calls
  • IP whitelisting
  • 9 deployment regions
  • Priority team support
Talk to us

Also available: extended €1/mo trial · 20-client (€10) · 40-client (€20) · custom plans up to 250 clients on shared infrastructure.

// Why teams trust the tunnel

Security that holds up even if the middle is breached.

Your keys, your secrets

The tunnel is encrypted with your own private/public key pair. Break into a forwarding server and there is nothing to read — your servers stay behind your password and key.

Exposed only while in use

Tunnels close automatically after a period of inactivity, so a device is reachable only during the window you actually need it.

Nothing to hide on your box

No third-party application or binary of unknown content. Only the SSH tools already on your server, driven by a script you can audit line by line.

Stop building your own bastion.

Get a tunnel up in five minutes, or talk to us about a dedicated forwarding server for your fleet. No long contract, no setup call required.