Find answers to common questions about ZestSSH.
Tap the + button on the home screen, enter your server's hostname or IP address, port (default 22), and choose your authentication method (password or SSH key). Tap Connect and you're in.
Go to Identities in the app, tap "Create New Key", choose your algorithm (Ed25519 recommended), optionally set a passphrase, and tap Generate. You can then copy the public key to add to your server's authorized_keys file.
ZestSSH can import PuTTY .ppk key files directly. Go to Identities, tap "Import Key", and select your .ppk file. ZestSSH supports both PuTTY v2 and v3 key formats. OpenSSH PEM format is also supported.
Password authentication sends your password to the server each time you connect. Key authentication uses a cryptographic key pair — you keep the private key on your device and add the public key to the server. Key authentication is more secure and convenient (no typing passwords), and is the recommended method.
Yes. ZestSSH Pro ($9.99) and Cloud Sync ($19.99) are one-time purchases. No subscriptions, no recurring fees, no annual renewals. You pay once and get all future updates included.
Yes. All updates — bug fixes, new features, and platform updates — are included for the lifetime of the product. "Lifetime" means the lifetime of ZestSSH as a product.
Yes! Cloud Sync is an independent purchase. It works with both the Free and Pro tiers. With Free + Cloud Sync, you can sync your connections, identities, and snippets across devices. The Bundle ($29.99) gives you both Pro and Cloud Sync together at a discount.
The Bundle ($29.99) includes both Pro ($9.99) and Cloud Sync ($19.99) in a single purchase. It's the easiest way to get everything ZestSSH has to offer.
Install ZestSSH on your new device using the same Google Play or Apple ID account. Open the app, go to Settings, and tap "Restore Purchases". Your Pro and/or Cloud Sync access will be restored automatically.
The Free tier includes unlimited saved connections, 3 concurrent sessions, SSH/Telnet/Local Shell, 3 terminal themes, SSH key generation and import, 49 built-in command snippets, and PIN/biometric app lock. It's a fully functional SSH client.
Zero-knowledge encryption means your data is encrypted on your device using your master password before it ever leaves your device. Our servers store only encrypted data that we cannot read, even if we wanted to. If our servers were compromised, attackers would get only unreadable encrypted blobs.
Because of zero-knowledge encryption, we cannot recover your master password or decrypt your data. However, when you set up Cloud Sync, you receive a recovery key. Store this recovery key somewhere safe — it's the only way to regain access to your synced data if you forget your master password.
No. Your data is encrypted end-to-end on your device before upload. We store only encrypted blobs on our servers. We cannot see your connections, passwords, SSH keys, or any other synced data. This is by design — zero-knowledge architecture.
Install ZestSSH on your new device, restore your Cloud Sync purchase, then go to Cloud Sync settings and sign in with your account. Enter your master password (or recovery key) to decrypt your data. Your connections, identities, and snippets will sync automatically.
ZestSSH offers three sync modes: Automatic (syncs in the background whenever changes are made), Manual (sync only when you tap the sync button), and Off (no syncing, local only). You can switch between modes at any time in Settings.
The recovery key is a unique code generated when you set up Cloud Sync. It serves as a backup way to decrypt your data if you forget your master password. Store it somewhere safe (password manager, printed copy, etc.) — without it and your master password, your encrypted data cannot be recovered by anyone, including us.
SSH private keys are stored in your device's secure storage: iOS Keychain on Apple devices and EncryptedSharedPreferences on Android. This is the most secure storage available on each platform. Keys never leave your device unless you enable Cloud Sync (in which case they're encrypted before upload).
Yes. Locally, sensitive credentials use platform-native encryption. With Cloud Sync enabled, all synced data is encrypted end-to-end with AES-256 using your master password before leaving your device. Your SSH sessions are encrypted by the SSH protocol itself.
ZestSSH supports modern SSH algorithms including Ed25519, ECDSA (nistp256, nistp384, nistp521), RSA (2048, 4096), AES-128/256-CTR, AES-128/256-GCM, ChaCha20-Poly1305, and more. We follow current best practices and disable weak algorithms.
Yes. ZestSSH uses industry-standard SSH libraries and encryption. Your SSH connections go directly from your device to your server — we don't proxy, intercept, or log any traffic. The security of your connection depends on your server configuration and key management, just like any SSH client.
Yes! ZestSSH is available on Windows, macOS, and Linux. It's built with the same Flutter codebase as the mobile app, ensuring a consistent experience across all platforms. Head to our download page to get started.
Yes! If you have Cloud Sync, your connections, identities, and snippets sync seamlessly between mobile and desktop. Same zero-knowledge encryption, same experience.
The desktop version includes split panes, tabbed sessions, and all features from the mobile version. It replaces the need for PuTTY (SSH), WinSCP (SFTP), and Pageant (key agent) in a single modern app.
Your Pro and Cloud Sync purchases work across all platforms. Buy once, use everywhere — mobile and desktop.
We're here to help.