Skip to main content
Skip to content

Security architecture

Built for infrastructure you cannot afford to lose.

ServerDesk connects to real production servers. Every architectural decision — from how credentials are stored to how Robbie's remediation plans are executed — reflects that responsibility. This page explains exactly how the system works.

SSH connection model

How connections work

ServerDesk acts as a secure relay between your browser and your server. Your browser does not make a direct SSH connection to your infrastructure. Instead, the ServerDesk backend establishes and manages the SSH session on your behalf.

Your browserHTTPS only
ServerDeskUK/EU hosted
Your serverYou control it

No direct browser-to-server connection

Your browser communicates with ServerDesk over HTTPS. ServerDesk manages the SSH session to your server. This means your server does not need to accept inbound WebSocket connections from browsers.

SSH encryption in transit

Traffic between ServerDesk and your server uses the SSH protocol — the same encryption you would use from a local terminal. Data in transit between your browser and ServerDesk uses HTTPS (TLS 1.2+).

Session isolation

Each workspace session uses its own isolated SSH connection. Credentials and session data from one account are never accessible to another. Sessions are torn down when you close the workspace.

Credential storage

Your credentials, encrypted at rest

SSH credentials — passwords and private keys — are encrypted before being written to the database. Encryption keys are not co-located with credential data.

  • Passwords and SSH private keys encrypted before storage
  • SSH private keys accepted in PEM format
  • Credentials never appear in logs or error messages
  • Delete any server from the dashboard — deletion is immediate and permanent
  • Credentials from different accounts are strictly isolated from one another

SSH key authentication

Password or SSH key — your choice

ServerDesk supports both password and SSH private key authentication. Using an SSH key rather than a password is the recommended approach for production servers.

  • PEM-format private keys accepted
  • Passphrase-protected keys supported
  • Keys stored using the same encrypted storage as passwords
  • No plaintext key material is ever logged

How to connect using an SSH key →

What Robbie reads during a health check

Read-only diagnostics. No silent writes.

During a health check, Robbie connects to your server and runs a set of read-only diagnostic commands. It collects the text output and sends it to the AI model for analysis. Robbie does not modify files, install packages, change configuration, or execute any write operation during this phase.

CommandWhat it reads
df -hDisk usage by mount point
free -mMemory usage and available RAM
uptimeSystem load and uptime
ps aux --sort=-%cpuProcess list sorted by CPU usage
docker ps --format ...Running container status and restart counts
docker stats --no-streamContainer resource usage snapshot
systemctl list-unitsService status overview
tail -n 500 [log file]Recent log entries for analysis
netstat -tlnpOpen ports and listening services
who / lastRecent login activity

Source code not included automatically

Robbie does not read file contents during a health check. Source code is only sent to the AI model when you explicitly ask Robbie to review a specific file or selection.

.env files never included

Files commonly containing secrets — .env, .env.production, credentials.json — are never automatically included in AI analysis. You control what Robbie reads.

Text output only

Diagnostic command output is text. Robbie does not capture binary data, screenshots, or network traffic from your server.

AI safety

What the AI model sees

The AI model that powers Robbie receives text — specifically, the output of diagnostic commands run on your server. It does not have direct access to your server, your file system, or your credentials.

  • Diagnostic text output sent to AI model for health check analysis
  • AI model has no direct SSH access to your server
  • Source code sent only when you explicitly ask Robbie to review a file
  • .env files and secret-containing files never automatically included
  • AI analysis is used to prepare recommendations — not to execute them

Privacy and data retention

What we keep and why

ServerDesk stores the minimum data needed to deliver the service.

  • Server credentials: retained until you delete the connection
  • Health check results: retained for trend analysis (visible to you in the dashboard)
  • Terminal session content: not stored after the session ends
  • Account data: retained until account deletion, then removed within 30 days
  • GDPR: you can request full data export or immediate deletion at any time

Read the full privacy policy →

Security FAQ

Direct answers to the questions that matter most

Does ServerDesk install anything on my server?

No. ServerDesk connects over SSH using your existing credentials. Nothing is installed, no agent runs on your server, and no persistent background process is left behind. The connection is established on demand when you open your workspace.

How are SSH credentials stored?

SSH passwords and private keys are encrypted before being written to the database. Encryption keys are not stored alongside credential data. You can view, update, or delete any server connection at any time from your dashboard. Deletion is permanent.

Does Robbie execute commands automatically?

No. Robbie runs read-only diagnostic commands during a health check — these read system metrics, process lists, and log output. For remediation, Robbie prepares a plan and stops. Nothing in that plan executes until you approve each step individually. There is no auto-approve mode and no way to enable one.

Can I use SSH keys instead of a password?

Yes. ServerDesk supports SSH private key authentication. Keys are accepted in PEM format and stored encrypted using the same mechanism as password credentials. If you use a passphrase-protected key, you can enter the passphrase during connection setup.

Can I remove my server at any time?

Yes. You can disconnect and delete any server connection from the dashboard at any time. Deletion removes the credentials immediately and permanently. ServerDesk does not retain copies.

What information leaves my server during a health check?

Robbie runs read-only diagnostic commands and collects the text output — system metrics, process lists, log excerpts. This text is sent to the AI model for analysis. Your source code is not included unless you explicitly ask Robbie to review a specific file or selection. Environment variables and .env files are never automatically included.

Can I use ServerDesk without using the AI features?

Yes. The file editor, terminal, Docker management, database explorer, and Git tools all work independently of Robbie. AI features are optional. You are never required to use them.

What happens to my data if I cancel?

When you cancel, your servers are disconnected and your subscription ends at the current billing period. Your account data is retained for 30 days after cancellation to allow for reactivation, then deleted. You can request immediate deletion at any time by contacting support.

Responsible disclosure

Found a vulnerability?

If you discover a security vulnerability in ServerDesk, please report it to us directly. We take every report seriously and commit to a prompt, transparent response.

  • Email: security@serverdesk.dev
  • Include a clear description of the issue and steps to reproduce
  • We aim to acknowledge reports within 24 hours
  • We will not take legal action against researchers acting in good faith
  • Responsible disclosure is recognised in our security changelog

Other security contacts

Questions about security architecture?

If you have questions about ServerDesk's security architecture that this page does not answer — particularly if you are evaluating the product for an organisation with specific compliance requirements — reach out directly.

  • Security questionssecurity@serverdesk.dev
  • General supportsupport@serverdesk.dev
  • Privacy / GDPRprivacy@serverdesk.dev