One command. One URL. Access anything from a browser.
Shield CLI creates encrypted tunnels to your internal services — RDP desktops, VNC sessions, SSH terminals, web apps — and makes them accessible through any browser. No VPN. No client software. No port forwarding.
Documentation • Installation • Quick Start • 中文文档
Traditional tunnel tools (ngrok, frp) solve network reachability — they map ports to the internet, but users still need protocol-specific clients (RDP client, SSH terminal, VNC viewer).
Shield CLI solves terminal usability — it renders RDP desktops, VNC sessions, and SSH terminals directly in the browser via HTML5. The visitor only needs a browser.
| Feature | Shield CLI | ngrok | frp |
|---|---|---|---|
| Browser RDP/VNC | Yes | No | No |
| Browser SSH terminal | Yes | No | No |
| Free TCP tunnels | Yes | Paid only | Yes (self-hosted) |
| Zero client install | Yes | No | No |
| China-friendly install | Yes (CDN mirror) | No | Yes |
# macOS
brew tap fengyily/tap && brew install shield-cli
# Windows
scoop bucket add shield https://github.com/fengyily/scoop-bucket && scoop install shield-cli
# Linux (apt) — Debian / Ubuntu
curl -fsSL https://raw.githubusercontent.com/fengyily/shield-cli/main/scripts/setup-repo.sh | sudo bash
# Linux (yum) — RHEL / CentOS / Fedora
curl -fsSL https://raw.githubusercontent.com/fengyily/shield-cli/main/scripts/setup-repo.sh | sudo bash
# Linux / macOS (one-liner binary)
curl -fsSL https://raw.githubusercontent.com/fengyily/shield-cli/main/install.sh | sh
# China mirror (jsDelivr CDN)
curl -fsSL https://cdn.jsdelivr.net/gh/fengyily/shield-cli@main/install.sh | sh# Use the prebuilt image (recommended)
docker run -d --name shield \
--network host \
--restart unless-stopped \
fengyily/shield-cli
# Or build from source
docker build -t shield-cli .
docker run -d --name shield --network host --restart unless-stopped shield-cliNote:
--network hostshares the host's network stack, allowing Shield CLI to reach local and LAN services (e.g.,10.0.0.x,192.168.x.x). Openhttp://localhost:8181to access the Web UI.Caveat:
--network hostonly works on Linux. On macOS/Windows Docker Desktop, use port mapping instead:docker run -d --name shield -p 8181:8181 --restart unless-stopped fengyily/shield-cli
More installation methods (apt, yum, deb, rpm, PowerShell, source build): Installation Guide
shield startOpen http://localhost:8181, add your services, and connect with one click. On macOS and Windows, a system tray icon provides quick access to the Dashboard.
shield install # Install as system service (port 8181)
shield install --port 8182 # Use custom port if 8181 is occupied
shield start # Start the service (if stopped)
shield stop # Stop the service
shield uninstall # Remove the serviceAfter shield install, the service starts automatically and will restart on boot. If the service is stopped, use shield start to restart it — no need to reinstall.
Supports macOS (launchd), Linux (systemd), and Windows. See System Service Guide for details.
shield ssh # SSH terminal in browser (127.0.0.1:22)
shield rdp 10.0.0.5 # Windows desktop in browser
shield http 3000 # Expose local web app
shield vnc 10.0.0.10 # VNC screen sharing in browser
shield tcp 3306 # TCP port proxy (MySQL)
shield udp 53 # UDP port proxy (DNS)
| Command | Resolves To |
|---|---|
shield ssh |
127.0.0.1:22 |
shield ssh 2222 |
127.0.0.1:2222 |
shield ssh 10.0.0.2 |
10.0.0.2:22 |
shield rdp |
127.0.0.1:3389 |
shield http 3000 |
127.0.0.1:3000 |
shield tcp 3306 |
127.0.0.1:3306 |
shield udp 53 |
127.0.0.1:53 |
Protocols: ssh, rdp, vnc, http, https, telnet, tcp, udp — Full Commands Reference
Internal Service ←→ Shield CLI ←→ Public Gateway ←→ Browser
(SSH/RDP/...) (Encrypted) (HTML5 Render) (Any Device)
Learn more: Connection Flow | Security Model
- AES-256-GCM encryption — credentials encrypted with machine fingerprint-derived keys
- Password masking — all passwords hidden in logs
- WebSocket transport — authenticated encrypted tunnels
- 0600 permissions — credential files readable only by owner
Details: Credentials | Access Modes
Full documentation is available at docs.yishield.com:
- What is Shield CLI — overview and key features
- Installation — all installation methods
- Quick Start — 5-minute tutorial
- Protocol Guides — SSH, RDP, VNC, HTTP, Telnet
- Commands Reference — full parameter guide
- FAQ — frequently asked questions
- Troubleshooting — common errors and fixes
Apache 2.0