Open source, AGPL-3.0 licensed

SSH in, get a container.
Exit, it's gone.

Podspawn hooks into your existing sshd to spawn ephemeral Docker containers on SSH connection. No custom daemon, no port 2222, no key exchange code. Two lines of sshd_config. Every SSH feature works.

Get StartedView on GitHub
terminal
$ ssh alice@backend.pod
Creating container podspawn-alice-backend...
Starting postgres:16, redis:7 on podspawn-alice-backend-net...
alice@backend:~/workspace$ npm test
Tests: 47 passed, 47 total
alice@backend:~/workspace$ exit
Grace period: 60s. Container preserved for reconnect.

Why podspawn?

Every competitor builds or embeds a custom SSH server. Podspawn doesn't. It hooks into native sshd and lets OpenSSH handle the protocol.

Native sshd

Two lines of sshd_config. No custom daemon, no replacement SSH server. Your existing sshd does the heavy lifting.

Sub-second startup

Cached images start in under 500ms. Pre-built Podfile images mean developers never wait for npm install.

Hardened by default

cap-drop ALL, no-new-privileges, PID limits, per-user network isolation. gVisor runtime support for untrusted workloads.

Podfile environments

Declarative YAML spec for dev environments: packages, services, dotfiles, hooks. Commit it, everyone gets the same setup.

Multi-tenant

Per-user bridge networks, reference-counted connections, grace period lifecycle. Multiple users on shared infrastructure.

Every SSH feature

SFTP, scp, rsync, port forwarding, agent forwarding, VS Code Remote, JetBrains Gateway. All work out of the box.

AI agent ready

Disposable environments for Claude Code, Cursor, Codex. SSH in, run tests against real postgres, push, exit. Container self-destructs.

Audit everything

Structured JSON-lines audit log for every connect, disconnect, command, and container lifecycle event.

devcontainer.json

Already have a .devcontainer? Podspawn reads it as a fallback. Podfiles are a superset with companion services and dotfiles.

How it works

Zero lines of SSH protocol code. OpenSSH handles the connection, podspawn handles containers.

ssh alice@work.pod
  |
  v
~/.ssh/config matches *.pod
  |
  v
ProxyCommand: podspawn connect alice work.pod 22
  |
  v
sshd calls: podspawn auth-keys alice
  |
  +-- alice in /etc/podspawn/keys/alice?
  |   YES -> return keys with command="podspawn spawn --user alice"
  |   NO  -> return nothing, sshd falls through to normal auth
  |
  v
podspawn spawn detects session type:
  |-- empty         -> interactive shell
  |-- sftp-server   -> SFTP subsystem
  |-- scp ...       -> scp transfer
  +-- anything else -> remote command
  |
  v
Container created/reattached, I/O piped, exit code propagated
  |
  v
User exits -> grace period -> container destroyed

Comparison

Podspawn is not competing with Docker Desktop or WSL. It competes with Codespaces, Coder, and DevPod -- remote dev environment platforms.

FeaturepodspawnContainerSSHCoderCodespaces
Native sshdYesNoNoN/A
SSH-triggeredYesYesNoNo
All SSH featuresYesPartialYesYes
Declarative env specPodfileNoPartialNo
Companion servicesYesNoYesYes
True ephemeralYesYesNoNo
Zero client installYesYesNoNo
Self-hostedEasyHardHardNo
Open sourceAGPLApacheAGPLNo

30 seconds to SSH containers

Install the binary, run server-setup, add a user. That's it.

$ curl -sSf https://podspawn.dev/install.sh | sh
$ sudo podspawn server-setup
$ sudo podspawn add-user alice --github alice
# On the client:
$ ssh alice@yourserver.com
alice@container:~$
Read the docs
Built with care. AGPL-3.0 licensed. Not affiliated with Docker, Inc.