🔐 SSH · Tunnels · Bastion

SSH tunnels in one clicknever left open

Name: BastionOrbit
Author: SlothLabs

Stop memorizing SSH flags. BastionOrbit manages your bastion hosts, opens tunnels with auto-expiry TTL, and probes connectivity — so you can connect your tools and get back to work.

Join waitlist See features ↓

Launching May 27, 2026

Why BastionOrbit

SSH tunnels that managethemselves

🔐

One-click tunnels — no SSH flags

Click 30m or 1h next to any target and the tunnel opens instantly. No terminal, no flags, no copy-pasting ports. BastionOrbit runs a real ssh -N -L process under the hood — not a reimplemented protocol.

⏱️

Auto-expiry TTL — ports close themselves

Unique

Every tunnel has a timer. When it expires the tunnel closes automatically. No more "oh I left port 5432 forwarded all weekend." Extend with +15m or +30m without stopping. Built for the paranoid DevOps engineer.

🔌

DataOrbit integration — DB in 2 clicks

Open a BastionOrbit tunnel to localhost:5434, then connect DataOrbit to that port. Instant production database access — no VPN, no credential sharing, no IAM magic required. Two SlothLabs tools, one seamless workflow.

🔍

Connectivity probe — test before you tunnel

BastionOrbit runs an SSH test command before opening a tunnel and probes the remote port through the bastion (nc -z equivalent). Know within seconds if your key is wrong, the bastion is down, or the target port is closed.

⚡

Native Rust binary — real ssh processes

BastionOrbit is not an SSH reimplementation. It spawns the real system ssh binary for maximum compatibility with your key agent, ~/.ssh/config, and corporate SSH servers. The app itself is a native Rust binary — no Electron, no Node.js, no JVM.

🗂️

Multi-bastion management — all in one place

Add prod-bastion, staging-bastion, and your personal VPS side by side. Each bastion stores its own list of targets. Offline bastions are flagged automatically so you never wonder why a tunnel failed to open.

🔐

Your SSH tunnel sticky note has too many entries

Every team has one: a Notion doc, a README, or a literal sticky note listing the SSH commands to forward prod-db, staging-redis, and that internal API gateway. You copy the command, open a terminal, remember which key file to use, and hope you closed last week's tunnel before you left on Friday.

BastionOrbit replaces the sticky note. It stores your bastion hosts and targets, opens the real system ssh -N -L process with one click, sets a TTL so the tunnel closes automatically, and probes the remote port before you try to connect. Works with your existing ~/.ssh/config and key agent — no protocol reimplementation.

Screenshots

See it in action

Bastion overview

Active tunnels

Add bastion wizard

Settings

Stop copy-pasting SSH commands

BastionOrbit replaces the sticky note of port-forwards you keep near your monitor.

Feature

BastionOrbit

Manual SSH

Teleport

VS Code Remote

One-click open

✅

❌

✅

⚠️

Auto-expiry TTL

✅

❌

Multi-bastion UI

✅

❌

✅

⚠️

No server setup

✅

❌ Server req

✅

DataOrbit integration

✅

❌

Free forever

✅

❌ Paid tiers

✅

Native binary (not Electron)

✅ Rust

✅

❌ Electron

A note from Slothy

Help us
please! ☕

Slothy and the Linux penguin — open source forever

100% open source

BastionOrbit is free. The install warning is Apple's toll, not ours.

BastionOrbit is open source — every line is on GitHub. Zero tracking. Zero telemetry. The install warning? That's Apple charging $99 for a certificate. Not us.

BastionOrbit runs on spare time. There's no VC money. No subscription. Just a $99 Apple invoice and a hope that enough people find this useful. Every coffee on Ko-fi is one step closer to a clean install — no warning, no friction — for everyone who comes after you.

Read the source

BastionOrbit is verified open source — MIT license, zero telemetry

Never leave a tunnel open again

BastionOrbit launches May 8. Free macOS app. Native Rust binary.

Join the waitlist ← All SlothLabs tools

Free forever. macOS, Linux, Windows. Native Rust binary.