Mission control
Fleet status, live SSH sessions and pending access requests on one screen. You always know who's on what — right now.
- Live session feed with one-click Watch
- Quick connect per server
- Pending approvals in view
No agents to roll out. No per-seat pricing. No vendor cloud between you and your servers. Portalis is one gateway on your infrastructure that records every session, blocks disasters live and lets access expire itself.
Bastion, screen-share audits, key spreadsheets, access tickets — this is what they collapse into. Captured live from a running Portalis, not a mockup. Click any screen to inspect it full-size.
Fleet status, live SSH sessions and pending access requests on one screen. You always know who's on what — right now.
A full terminal in the browser for quick work — or the team's own SSH clients through the gateway. Same locks, same recording, either way.
Every session recorded, every action logged, filterable per user and exportable for the auditor. The 3 a.m. mystery becomes a playback.
Groups per client or environment, panel links for cPanel, Plesk & DirectAdmin, host-key pinning and grants where deny always wins.
Every team we talk to sits in one of two camps: a DIY bastion that answers nothing, or an enterprise quote that needs board approval. Line them up.
A weekend of duct tape: ProxyJump, shared keys, a wiki page nobody updates.
Works, mostly. Nothing is recorded. Keys multiply on every box.
grep through bash histories. Half are cleared. Nobody knows.
One command, one afternoon. 2FA mandatory, recording on from the first login.
One audited door. Sessions recorded, JIT access expires itself, zero agents.
Filter Tuesday, press play. Name, commands, timestamps.
A quarter of rollout: consultants, agents on every box, training sessions.
Powerful — and the per-seat invoice grows with every engineer you hire.
The answers exist. In their cloud, behind their support portal.
The jump host's simplicity. The suite's control. None of the drawbacks of either.
Four teams, four versions of the same afternoon — filed the way they actually arrive. And how each one closes with Portalis in place.
"A client claims we broke their shop on Tuesday. Which of our 14 technicians was on that box — and what exactly did they run?"
Open the client's group, filter Tuesday, hit play. Name, commands, timestamps — dispute closed, invoice defended. And it all runs under your own brand.
"Security review found 214 authorized_keys entries across prod. 31 belong to people who left. Fix it by Friday."
One gateway key replaces all of them. Every grant is visible, every session recorded, JIT approvals for anything sensitive. The next review takes an hour, not a sprint.
"The freelancer needs prod access for one sprint. Last time we forgot to remove it — for eight months."
Grant four hours or four weeks — access closes itself when the clock runs out. No calendar reminders, no forgotten keys, no 3 a.m. surprises months later.
"The auditor wants proof of every privileged session. Our environment doesn't even touch the internet."
Fully offline licensing, USB-transferable tokens, zero phone-home — with complete recordings and CSV-exportable audit trails. Built for where the internet isn't.
Every session clears three independent checks before a single byte reaches your server — then it's pinned, guarded and recorded. This is the actual sequence, on loop:
Pay for the product, not per engineer. Every tier: self-hosted, unlimited users, session recording, no telemetry. Start free — upgrade when you outgrow five servers.
Homelabs & small teams
Not a trial. No credit card, no expiry.
Growing teams & agencies
Unlimited everything. One invoice, done.
MSPs & regulated teams
Everything unlocked, for client fleets.
Per-seat PAM pricing grows with every hire. Portalis doesn't. Drag your team size:
Usually right after being burned elsewhere.
The installer, the Compose file and the audit schema are public on GitHub — you can read exactly what you're running before you run it. The gateway binary is closed, and that's a deliberate trade: it funds a free tier that never expires, with no per-seat pricing and no VC pressure to monetize your data. If your policy requires full source, Teleport's OSS core is genuinely good — we'd rather point you there than pretend.
Because it can't answer the only question that matters: who did what, when? A jump host forwards connections; Portalis records them, guards them and expires them. You keep the simplicity, you gain the answers.
No agents to install on every server, no per-seat pricing that punishes growth, no SaaS control plane holding your access data, and no quarter-long rollout. One binary on your own hardware, live in an afternoon.
No. Every tier includes unlimited users — you shouldn't pay a tax for growing your team. Tiers differ on servers and modules, not on people.
Never. Sessions, recordings and credentials stay on your infrastructure. The only outbound call is license validation — and even that works fully offline for air-gapped environments.
It's one lightweight binary that restarts in seconds — and your servers still speak plain SSH, so your break-glass procedure keeps working. No proprietary protocol lock-in.
Run the one-line installer on any Docker host — you'll be at the login screen in about 30 seconds. Free licenses (5 servers, no credit card) and the step-by-step docs are launching soon — register your interest and we'll email you the moment they're live.
One command on any Docker host. No credit card, no sales call, no trial clock:
Prefer to read first? Installation guide — coming soon
Demos, Enterprise plans, white-label partnerships or a hard technical question — your mail skips the machinery and lands with the person who builds Portalis.
Goes straight to a person — no CRM, no drip sequence. We usually reply the same day.
Prefer plain email? reveal address