🔐 SSH · Tunnels · Bastion

SSH tunnels in one clicknever left open

Name: BastionOrbit
Author: SlothLabs

The SSH tunnel manager for macOS — one-click port forwarding through bastion hosts with auto-expiry TTL. BastionOrbit manages multiple bastions in a clean GUI, probes connectivity, and never leaves a tunnel open by accident. Stop memorizing SSH flags.

Launching December 31, 2026

Why BastionOrbit

SSH tunnels that managethemselves

🔐

One-click tunnels — no SSH flags

Click 30m or 1h next to any target and the tunnel opens instantly. No terminal, no flags, no copy-pasting ports. BastionOrbit runs a real ssh -N -L process under the hood — not a reimplemented protocol.

⏱️

Auto-expiry TTL — ports close themselves

Unique

Every tunnel has a timer. When it expires the tunnel closes automatically. No more "oh I left port 5432 forwarded all weekend." Extend with +15m or +30m without stopping. Built for the paranoid DevOps engineer.

🔌

DataOrbit integration — DB in 2 clicks

Open a BastionOrbit tunnel to localhost:5434, then connect DataOrbit to that port. Instant production database access — no VPN, no credential sharing, no IAM magic required. Two SlothLabs tools, one seamless workflow.

🔍

Connectivity probe — test before you tunnel

BastionOrbit runs an SSH test command before opening a tunnel and probes the remote port through the bastion (nc -z equivalent). Know within seconds if your key is wrong, the bastion is down, or the target port is closed.

⚡

Native Rust binary — real ssh processes

BastionOrbit is not an SSH reimplementation. It spawns the real system ssh binary for maximum compatibility with your key agent, ~/.ssh/config, and corporate SSH servers. The app itself is a native Rust binary — no Electron, no Node.js, no JVM.

🗂️

Multi-bastion management — all in one place

Add prod-bastion, staging-bastion, and your personal VPS side by side. Each bastion stores its own list of targets. Offline bastions are flagged automatically so you never wonder why a tunnel failed to open.

🔐

Your SSH tunnel sticky note has too many entries

Every team has one: a Notion doc, a README, or a literal sticky note listing the SSH commands to forward prod-db, staging-redis, and that internal API gateway. You copy the command, open a terminal, remember which key file to use, and hope you closed last week's tunnel before you left on Friday.

BastionOrbit replaces the sticky note. It stores your bastion hosts and targets, opens the real system ssh -N -L process with one click, sets a TTL so the tunnel closes automatically, and probes the remote port before you try to connect. Works with your existing ~/.ssh/config and key agent — no protocol reimplementation.

Screenshots

See it in action

Bastion overview

Active tunnels

Add bastion wizard

Settings

Stop copy-pasting SSH commands

BastionOrbit replaces the sticky note of port-forwards you keep near your monitor.

Feature

BastionOrbit

Manual SSH

Teleport

VS Code Remote

One-click open

✅

❌

✅

⚠️

Auto-expiry TTL

✅

❌

Multi-bastion UI

✅

❌

✅

⚠️

No server setup

✅

❌ Server req

✅

DataOrbit integration

✅

❌

Free forever

✅

❌ Paid tiers

✅

Native binary (not Electron)

✅ Rust

✅

❌ Electron

A note from Slothy

Help us
please! ☕

Slothy and the Linux penguin — open source forever

100% open source

BastionOrbit is free. Built with heart, on nights and weekends.

BastionOrbit is open source — every line is on GitHub. Zero tracking. Zero telemetry. The Apple Developer license is covered — signed builds are rolling out. If your download still shows a warning, see below.

BastionOrbit runs on spare time. No VC, no investors. Just something built from scratch in spare time because we wanted tools that don't exist. If you find it useful, a coffee keeps the lights on.

Read the source

BastionOrbit is verified open source — MIT license, zero telemetry

Never leave a tunnel open again

BastionOrbit launches Friday, July 3, 2026. Subscribe to hear when it drops.

Launching December 31, 2026

Past releases →← All SlothLabs tools

Free forever. macOS, Linux, Windows. Native Rust binary.