Jump Hippo ← Back to site

Authentication

Every SSH hop — each jump host and the target server — logs in with a credential. A credential is a saved identity: a username plus an auth method. Credentials are reusable, so define an identity once and reference it from as many tunnels and jump hosts as you like.

Auth methods

Choose the Type in the credential's authentication section:

SSH agent

Uses your running SSH agent (the same one ssh uses). No key file or password is stored in Jump Hippo — the agent holds the keys and does the signing. This is the most convenient and often the most secure option: nothing secret lives in Port Hippo's store at all.

Requires an agent to be running with the right key loaded (ssh-add -l to check).

Private key

Point Jump Hippo at a private key file. Use Browse… to pick the file, or type its path (e.g. ~/.ssh/id_ed25519).

Password

Enter the SSH password for the account. It's encrypted at rest like a passphrase. Password auth is the least preferred option where key or agent auth is available — but it's fully supported for servers that require it.

Username

The remote account to log in as (the user in user@host). Set it on the credential, not the tunnel — so the identity travels with the credential.

Where secrets go

Passwords and key passphrases are encrypted at rest and never leave the main process in cleartext:

Reusing credentials

Because a credential is a standalone record, the same identity can authenticate a jump host and a target server, or several tunnels that share one bastion. Update the credential — rotate a key, change a passphrase — and every reference uses the new value on its next connection.

Choosing a method

Whatever you choose, the server's identity is still verified separately by its host key — see Host Keys & Trust.