FORWARDING NODES: CALIFORNIA · GERMANY · SINGAPORE · TEXAS · ONTARIO · NEWARK · ENGLAND · INDIA · JAPAN UP TO 5,000 CLIENTS PER DEDICATED SERVER NO BINARIES INSTALLED ON YOUR FLEET — EVER WORKS ON RHEL · DEBIAN · ARCH · WINDOWS · MACOS · RASPBIAN · DROPBEAR
sshreach.me · for business

Reach every machine you manage. Without VPNs, port forwarding, or vendor binaries.

A zero-configuration reverse-tunnel service for ops teams, MSPs, integrators, and IoT operators. Your fleet stays behind its firewall — you reach it through a tunnel your own server opens on demand, encrypted with your own keys.

Start free trial See team pricing
9 regions forwarding nodes
5,000 / server on dedicated plans
Zero install no third-party binary
ops@workstation: ~ — ssh reach.eu1
# open tunnel from web console, then:
ops@workstation ~ $ ssh -p 31742 admin@reach.eu1.sshreach.me
→ tunnel established [edge: frankfurt · client: pi-warehouse-04]
 
Linux pi-warehouse-04 6.6.31-v8+ #1 SMP PREEMPT aarch64
Last login: Fri May 9 14:12:01 from 10.0.0.5
 
admin@pi-warehouse-04:~$ systemctl status modbus-gw
modbus-gw.service — Modbus → MQTT gateway
   Active: active (running) since Wed; 2d 4h ago
  Memory: 18.4M  CPU: 142ms
 
admin@pi-warehouse-04:~$
0kb
third-party software
installed on your fleet
9
forwarding regions
across 3 continents
5k
clients per dedicated
forwarding server
€5/mo
starting point for
shared team plans
01 — THE PROBLEM

Every operations team eventually hits the same wall.

Distributed fleets. Networks you don't own. Customers who can't (or won't) configure their router. The usual answers all break at scale.
CASE / 01
[ no static IP ]

Branch offices on consumer ISPs

You maintain dozens of small-office Linux servers behind ADSL or cable lines with no static IP and no router access.

CASE / 02
[ no port fwd ]

Locked-down customer networks

The Windows PCs you support via VNC sit behind a firewall the customer's IT department refuses to touch.

CASE / 03
[ field fleet ]

IoT and Raspberry Pi at the edge

You have embedded devices deployed across customer sites. Every truck-roll for a console session costs you margin.

CASE / 04
[ webhooks ]

Demos, webhooks, dev tunnels

Your developers need to expose a local service to Stripe, Slack, or a customer — without standing up infrastructure each time.

02 — THE MECHANISM

Your server opens the tunnel. You steer it from the web.

We don't install anything proprietary on your fleet. A small Python script — readable, auditable, swappable — speaks the standard ssh -R protocol your machine already knows.
STEP / 01

Upload your key

Use your existing SSH keypair or generate one in the dashboard. We never see your private key.

STEP / 02

Drop the script

A short, auditable Python script ships to each device. Plain text — read it, fork it, replace it.

STEP / 03

Open from the web

Click a button in the console (or hit the API). The device opens its outbound tunnel on demand.

STEP / 04

Connect & work

SSH, SCP, VNC over forwarded ports, anything the device supports. Idle tunnels close automatically.

03 — WHY US

The honest comparison.

Plenty of solutions reach machines behind firewalls. Most ask you to trust a closed binary, run a VPN, or take over your router. We don't.
sshreach.me VPN mesh services Dynamic DNS + port forwarding DIY SSH bastion
Installs proprietary agent on every machine No — uses standard ssh client Yes — kernel module or daemon Often (DDNS client) No
Requires router / firewall changes at customer site Never Usually no Yes — port forwarding No
Tunnel encrypted with your SSH keys Yes Provider keys Depends on protocol Yes
Works on Dropbear / minimal IoT Yes Rarely Sometimes Yes
Effort to scale to 500+ devices Add clients in dashboard Mesh management overhead Per-site router work You build & maintain it
Replaceable / forkable client Yes — it's a Python script No Vendor-dependent Yes — you wrote it
Monthly cost for 50 endpoints €25 €100–300+ typical Hidden in IT labor Server + your time
04 — BUILT FOR

Three kinds of teams that save real money with us.

If your team spends Monday mornings asking customers to plug something in or click "allow remote access", you're our audience.
/ MSPs & IT SERVICES

Manage a fleet of small-business Linux & Windows hosts

Stop rolling trucks to remote sites for routine maintenance. Reach every client device the same way, regardless of their ISP or router.

  • One dashboard for every customer site
  • Per-tunnel audit through the API
  • Team accounts on shared plans
/ IoT & INTEGRATORS

Service deployed devices in the field at scale

Built for Raspberry Pi, embedded Linux, and Dropbear-class hardware. Dedicated forwarding servers handle up to 5,000 endpoints with IP whitelisting.

  • Works on memory-constrained devices
  • Forward any port (VNC, web UI, Modbus-gw)
  • Regional edges keep latency low
/ DEV & PRODUCT TEAMS

Expose local services without standing up infra

Test Stripe, Slack, or PayPal webhooks against a real public endpoint. Share a staging app with a customer in one click. No corporate VPN politics.

  • Public URL for any local port
  • Tunnels auto-close when idle
  • Unlimited API calls on paid plans
05 — SECURITY POSTURE

Trust is a thing you should be able to verify.

We designed the architecture so a breach of our infrastructure doesn't give an attacker access to your machines.
[ KEYS ]

Your keys, never ours

The tunnel is encrypted with your own public/private keypair. Even if our forwarding server is compromised, there's nothing useful to read.

[ CODE ]

Auditable client

A plain-text Python script — no compiled binary, no obfuscation. Read it, fork it, replace it with your own implementation if you'd rather.

[ DEFAULT ]

Closed by default

Tunnels only exist when you ask for them. Idle connections close automatically. Dedicated plans add IP-based whitelisting on top.

06 — PRICING

Pay for clients. Not seats.

Plans are sized by the number of endpoints you connect, not by how many engineers log in. Every paid plan includes team accounts and unlimited API calls.
SHARED · STARTER

Team 10

€5/mo
Smallest team plan. Less than two coffees.
  • 10 clients / endpoints
  • 10 GB transfer per month
  • Unlimited API calls
  • Forward any port
  • Team accounts included
  • Regional shared edges
Start →
SHARED · GROWTH

Team 50

€25/mo
The sweet spot for MSPs and integrators.
  • 50 clients / endpoints
  • 50 GB transfer per month
  • Unlimited API calls
  • Forward any port
  • Team accounts included
  • Edges in California, Germany, Singapore
  • Scales up to 250 on shared plans
Start free trial
DEDICATED · SCALE

Dedicated forwarder

€400/mo
For fleets and isolated infrastructure.
  • 5,000 clients per server
  • 3 TB transfer / month / server
  • IP-based whitelisting
  • Unlimited API calls & team support
  • Deploy in CA, TX, ON, NJ, UK, DE, IN, SG, JP
  • Run multiple servers for HA
Talk to us →

// Shared plans available at 20, 40, 100, 150, 200, 250 clients

See full pricing →

Try it on five devices. See if it sticks.

Free trial covers one client for five days — extend on request. Paid team plans start at €5/month and you can scale clients up or down whenever. No call required.

Create account Contact sales → Read the docs first