Skip to content

EngoDev/hitch

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
.github/workflows
.github/workflows
 
 
scripts
scripts
 
 
src
src
 
 
.gitignore
.gitignore
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
README.md
README.md
 
 

Repository files navigation

Hitch

Hitch wraps login commands that expect an OAuth callback on localhost and makes that callback reachable when the command is running on a remote machine over SSH.

Installation

Quick install from the hosted script:

curl -fsSL https://get.hitch.sh | bash

Install a specific release:

HITCH_VERSION=v0.1.0 curl -fsSL https://get.hitch.sh | bash

Build and install from source with Cargo:

cargo install hitch --locked

The hosted installer currently supports Linux x86_64 and Linux aarch64.

It is designed for flows like:

hitch -- aws sso login
hitch -- gh auth login
hitch --port 38983

When the wrapped command prints a loopback redirect URL such as http://localhost:4567/callback, Hitch:

  1. keeps the wrapped command interactive by running it in a PTY,
  2. mirrors the wrapped command's output to your terminal,
  3. detects the first localhost callback URL with a port,
  4. asks you to confirm the detected tunnel details and lets you edit port, user, and origin if needed,
  5. starts an SSH reverse tunnel for that port until the wrapped command exits.

Usage

hitch [--origin <host>] [--user <ssh-user>] -- <command> [args...]
hitch [--origin <host>] [--user <ssh-user>] --port <port>

Examples:

hitch -- aws sso login
hitch --origin 203.0.113.10 --user alice -- gh auth login
hitch --origin 203.0.113.10 --port 38983

Behavior

  • Hitch only reacts to loopback redirect URLs: localhost, 127.0.0.1, and ::1.
  • It only starts one tunnel per invocation. The first valid loopback URL wins.
  • In wrapped-command mode, Hitch asks you to confirm the detected tunnel details before opening the tunnel.
  • --port <port> opens a reverse tunnel immediately and keeps it alive until interrupted.
  • If a redirect URL is not loopback, Hitch reports that the original login command configuration should be checked.
  • If no origin can be determined, Hitch continues running the wrapped command and reports why tunneling could not be established.
  • If the tunnel SSH session prompts for a password, Hitch pauses forwarding terminal input to the wrapped command until tunnel authentication completes.
  • Hitch returns the wrapped command's exit status.

Origin resolution order:

  1. --origin
  2. the client IP from SSH_CONNECTION
  3. no origin available, which disables tunneling for that run

About

Easily login to your accounts from a remote machine

Resources

Readme
Activity

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 2

v0.1.1 Latest
Mar 17, 2026
+ 1 release

Packages

 
 
 

Contributors

Languages