</>

ShellPad

Free SSH & Telnet Client for Android

A clean, secure terminal client that does what the others don't - proper terminal emulation, tabbed sessions, and no password storage by default. Built by developers, for developers.

Download APK Features

Features

🔒

SSH & Telnet

Full SSH2 with password, keyboard-interactive, and private key auth. Telnet for legacy systems.

📑

Tabbed Sessions

Multiple concurrent connections with swipeable tabs. Switch between servers instantly.

🖥️

Real Terminal

Full xterm.js emulator. Runs vim, htop, tmux, Claude CLI - not just basic text output.

🔑

No Stored Passwords

Default "Plain" mode - server prompts for password in terminal. Your credentials never touch the app.

🛡️

Host Key Verification

Trust On First Use (TOFU) SSH fingerprint verification. Warns on key changes (MITM detection).

⌨️

Special Keys Bar

ESC, TAB, CTRL, arrows, copy/paste, and common shell characters (~ $ _ | / -) always accessible.

🔐

Encrypted Storage

Optional saved passwords encrypted with AES-256-GCM. Key stored in Android Keystore.

🌙

Catppuccin Theme

Beautiful dark Mocha theme with 256-color and truecolor support. Easy on the eyes.

📡

Background Sessions

Sessions stay alive when you switch apps. Foreground service + wake lock keep connections active.

Authentication Options

Method How It Works Password Stored?
Plain (default) Server prompts in terminal. You type password there. No
Saved Password Password encrypted and stored on device. Yes (AES-256)
Private Key PEM key file for key-based auth. No
Key + Passphrase Private key with encrypted passphrase. Passphrase only

Download

Version: 2.5.1

Size: ~11 MB

Requires: Android 8.0+ (API 26)

Price: Free (ad-supported)

Google Play listing coming soon.

Direct APK download:

Download APK

Security

  • SSH host key verification (TOFU) with MITM change detection
  • AES-256-GCM encryption for saved credentials (Android Keystore backed)
  • Android backup disabled - credentials can't be extracted via adb
  • No analytics, no telemetry, no tracking
  • Host/port input validation (prevents injection)
  • URI handler requires user confirmation before connecting
  • ProGuard/R8 obfuscation in release builds
Privacy Policy | Terms of Service | [email protected]