Docs / Help

FAQ

Short, straight answers to the questions people ask most before and after they install NetShell — the free SSH client for iPhone, iPad & Mac.

Cost & platforms

Is NetShell really free?

Yes. NetShell is a free SSH client for iPhone, iPad & Mac with no subscription, no paid tier, and no locked features. You can download it from the App Store and use everything — the terminal, key vault, SFTP, network scanner, Docker management, and AI assistance — at no cost.

Are there ads?

No. There are no advertisements anywhere in NetShell, and no ad networks bundled into the app. It is a tool you use, not a feed you are sold to.

Does NetShell run on iPad and Mac, or just iPhone?

All three. NetShell runs on iPhone, iPad & Mac. The iPhone and iPad builds need iOS or iPadOS 17 or later, and there is a Mac version too. Your connections, snippets, and other settings follow you across them through iCloud — see Sync across devices.

Tip. Because the app is free with no account to create, the fastest way to evaluate it is simply to install it and add one connection. The Quickstart walks you through your first session in a few minutes.

Privacy & telemetry

Does NetShell track me or send telemetry?

Not by default. There is no telemetry collected unless you explicitly opt in to analytics. If you leave analytics off — which is the default — NetShell does not phone home about how you use it. You can read exactly what is and isn't collected in Privacy & telemetry.

Keys & the vault

Where are my SSH keys stored?

Private keys and their passphrases live in the hardware-backed iOS Keychain, the operating system's own secure credential store, protected by Face ID. NetShell never keeps your secrets in plain files, app preferences, or its own database. At connect time it asks the system for the item by name and the Keychain hands it back only after you have authenticated. See the Key vault for the full workflow.

Do my keys sync between my devices?

Yes — but only between devices you own, and only through Apple's end-to-end encrypted iCloud Keychain, never a NetShell server. A key is encrypted on-device before it ever leaves; Apple relays the encrypted blob between your iPhone, iPad, and Mac but cannot read it, and neither can we. This needs the same Apple Account on each device, iCloud Keychain enabled, two-factor authentication, and a device passcode. Host (known-hosts) keys are deliberately the exception — they stay device-local and do not sync, because a trust decision belongs to the device that made it. Details are in Key sync.

What happens if I lose my phone?

Your secrets are not stranded on the lost device. Because private keys and passwords ride Apple's end-to-end encrypted iCloud Keychain, they reappear on your other signed-in devices — and on a replacement device once you sign in with the same Apple Account and restore iCloud Keychain. Meanwhile the lost device stays protected: the vault sits behind Face ID, and NetShell auto-relocks after a period of inactivity, so an unattended phone does not leave your sessions exposed. If the device is gone for good, use Apple's Find My to erase it remotely. See Face ID lock.

Key types & algorithms

Does NetShell support ed25519 and RSA?

Yes. You can generate both ed25519 and RSA keys directly on the device, and you can import existing OpenSSH keys — including encrypted ed25519 and RSA private keys. ed25519 is the modern default most people should choose; RSA is there for servers that still require it.

What about ECDSA keys?

On-device key generation covers ed25519 and RSA. If your workflow centres on ECDSA, generate or convert that key with your usual desktop tooling and connect with the algorithms NetShell supports. For most setups ed25519 is the recommended choice and avoids the question entirely. See SSH keys.

Connecting to servers

Can I connect through a bastion or jump host?

Yes. NetShell supports multi-hop / jump-host chaining, so you can reach a server that only accepts connections from inside a private network by hopping through a bastion first. Each leg of the path is its own encrypted SSH connection. The full setup is covered in Jump hosts.

Can I manage Docker from NetShell?

Yes. Over an SSH connection NetShell can manage containers and Compose stacks — start and stop them, inspect their configuration, and read their logs — without leaving the app. See the Docker guide.

AI & offline use

Does the AI assistant cost anything?

NetShell gives you two paths and neither requires a NetShell subscription. The first is on-device Apple Intelligence — private, with no account to create — available on iOS 26 and later. The second is bring-your-own model: connect Claude, OpenAI, or a local Ollama instance. With the bring-your-own option any usage cost is whatever your chosen provider charges on your own account; Apple Intelligence runs on-device. Compare them in Apple Intelligence and bring your own model.

Can I use NetShell offline?

SSH is a network protocol, so reaching a remote server obviously needs a connection to that server. But much of NetShell works without internet: your connection list, snippets, groups, tags, and the key vault are all stored on-device and remain available offline, and on-device Apple Intelligence works without a network call. A reachable LAN is enough for the network scanner and for connecting to local machines even when the wider internet is down.

Still stuck?

If something isn't behaving the way this page describes, the Troubleshooting guide covers the most common connection, key, and sync issues step by step. New to the app entirely? Start with What is NetShell, then grab it on the App Store.

Next
Troubleshooting → Related
What is NetShell →