AITerm vs SSH for AI development

SSH has been the default for remote terminal access for thirty years. For running Claude Code, Ollama, and other AI CLIs from mobile or a shared browser, there's a better fit in 2026.

What SSH requires for "Claude Code from my phone"

To reach a Claude Code session on your home dev box from a phone on mobile data, a typical SSH setup needs:

1. An inbound SSH port on the dev box — which means port-forwarding on your router, a reverse tunnel through a jump host, or a VPN like Tailscale or Wireguard.
2. An SSH app on the phone. Built-in Terminal doesn't exist on iOS. Termius, Blink Shell, Prompt — all cost money for the features you actually want (key sync, multi-session).
3. tmux or screen on the dev box so the Claude session survives when your phone loses signal. Remembering tmux bindings on a touch keyboard is an acquired taste.
4. Ssh keys on the phone, synced securely.

Every item is solvable. The cost is configuration, client licenses, and ongoing maintenance.

What AITerm does differently

1. The connector connects outbound to aiterm.io (push model). No inbound port, no VPN, no dyndns. Works through NAT, cafe Wi-Fi, mobile data, airplane hotspots.
2. The client is any browser. Safari on iPhone works. Chrome on Android works. No app install, no license.
3. A separate PTY manager daemon owns the session lifecycle — it survives connector restarts. Your Claude Code review keeps running while your phone switches from Wi-Fi to LTE.
4. Multi-AI scanning and a session picker are built in. Claude Code, Ollama models, llama.cpp, LM Studio, vLLM, GPT4All, plain bash — all visible in one sidebar.

Feature comparison

	AITerm	SSH + tmux + mobile app
Inbound port required	No	Yes (or jump host / VPN)
Works on mobile browser	Yes, natively	Needs paid SSH app
Session survives disconnect	Yes (PTY manager daemon)	With tmux/screen setup
Multi-AI discovery	Built-in scan	Manual
Team view-sharing	Invites + share links	Complex (tmate, etc.)
File upload (drag & drop)	Yes	scp / sftp separately
Voice input	Built-in (SpeechRecognition)	No
Client cost on mobile	Free (browser)	Paid SSH app usually
Works in restricted networks	Outbound HTTPS only	Depends on firewall policy
Encryption	TLS 1.2+ with cert pinning	SSH protocol (strong)
Auth mechanism	Email/password + paired token	SSH keys (best practice)
Update integrity	Ed25519-signed manifest + SHA-256 per file	Apt/apk package signing
Open source	Connector is MIT	OpenSSH is BSD

Security comparison

SSH with key authentication is one of the most battle-tested protocols in software. AITerm is newer and smaller in scope.

What changes in the threat model:

• Attack surface of the machine. SSH gives a full login shell — a compromised SSH key is full host access. AITerm gives access only to paired AI sessions and any bash sessions you explicitly start; filesystem access is scoped to where those sessions run.
• Attack surface of the update path. SSH and OS packages are updated through the distribution package manager. AITerm updates through a dedicated path that verifies an Ed25519-signed manifest before any file is written. A compromised aiterm.io hub cannot push code without the signing key (which lives offline of the hub).
• Credential sanitization. Shells spawned by AITerm's PTY manager see a whitelisted environment only — AWS_*, ANTHROPIC_API_KEY, GITHUB_TOKEN, *_SECRET etc. are filtered out of the connector-process env and don't leak into spawned sessions. SSH inherits whatever the login shell has.

Neither tool is "more secure" in absolute terms. They're different scopes, and the right one depends on what you're actually doing.

When to pick which

Most developers end up running both. SSH for admin; AITerm for AI. They complement more than they compete.

FAQ

Does AITerm replace my SSH keys?

No. AITerm uses a different auth mechanism (paired token + browser session). Your SSH keys stay where they are for everything else.

Can I pair my machine with AITerm while keeping SSH open?

Yes — they don't conflict. AITerm runs as a systemd service and doesn't touch your SSH daemon or configuration.

Is the AITerm connector safe to install as root?

The installer asks. System-wide mode runs as root (like sshd or docker-daemon). Per-user mode runs under a regular user via systemctl --user. Unit files are hardened with NoNewPrivileges, ProtectHome, ProtectKernel*, RestrictNamespaces and similar.

What if my network blocks outbound WebSocket?

AITerm uses TLS over port 443 (WSS). If HTTPS works, AITerm works. Corporate proxies with deep-packet inspection that specifically strip WebSocket upgrade headers are the only blocker — rare in practice.