Moshi vs Secure ShellFish

Secure ShellFish is one of the most polished SSH and SFTP clients on Apple platforms. Built by indie developer Anders Borum over the better part of a decade, it's beloved (4.8★, ~1,400 ratings) for one thing above all: it mounts your remote servers as native drives in the Files app and Finder, so you can browse and edit remote files from any app as if they were local. It runs on iPhone, iPad, Mac, and Vision Pro, it has serious security (Secure Enclave keys, YubiKey, SSH certificates, post-quantum key exchange), and it's genuinely lovely software.

It also belongs in a slightly different bucket than the other comparisons here, because Secure ShellFish has leaned into agentic coding. In recent releases it detects and sets up Claude Code, Codex, and OpenCode for you, renders Claude Code's output more cleanly, and lets the shell push encrypted notifications and widgets to your phone. So this isn't "agent app vs. plain terminal." It's two apps that both take AI coding seriously, arriving from opposite directions: Secure ShellFish is a best-in-class file and SSH client that added agent affordances, and Moshi is an agent-first terminal that was built around the loop from day one.

That difference in DNA is the whole comparison — and it cuts both ways. Let's be specific, including where Secure ShellFish is simply the better (and cheaper) tool.

Both apps can run these agents, and Secure ShellFish will even detect and install three of them — Claude Code, Codex, or OpenCode — on the server for you. Moshi recognizes and normalizes a wider roster (the ten above) into one inbox, but the more telling difference is what happens around the agent — how approvals, review, and notifications are handled — and that's where the two diverge.

The short version

The clusters: the agent-loop rows (approval inbox, diff viewer, Mosh, voice modes) favour Moshi; the file-management, security, and Apple-platform-breadth rows favour Secure ShellFish — and it's meaningfully cheaper. Most people will know within two rows which list is theirs.

Credit where it's due: Secure ShellFish does agents now

It would be dishonest to pretend Secure ShellFish is just a file manager with a terminal bolted on. Recent versions ship real, thoughtful agent support:

• Agent detection & setup. Its Shell Integration installer spots Claude Code, Codex, or OpenCode on the server and wires them up.
• Agent-tuned terminal. A synchronized output mode makes Claude Code's redraws render cleanly, and Shift+Return inserts a newline without submitting — small touches that show someone uses these tools.
• Encrypted push from the shell. notify and widget shell commands let the server (or an agent) push end-to-end-encrypted alerts — including images — to your phone, home-screen widgets, and Live Activity.
• On-device dictation for composing prompts, and Live Activity / Dynamic Island to follow the active session from the lock screen.

If that covers what you need, Secure ShellFish is a great answer — and you should take it seriously. The rest of this page is about where Moshi's agent-first architecture goes further, and where Secure ShellFish's file-first heritage wins outright.

An approval inbox, not just a notification

Here's the sharpest distinction. Secure ShellFish's notify is a notification primitive: the shell fires an alert, and you tap it to open the session and deal with whatever's there. Moshi turns that into a managed approval inbox:

• Every permission request, question, and finished turn becomes a card with Allow / Deny right on it — answer without even opening the session.
• A tap on your phone unblocks the process on the host instantly, because Moshi's host daemon is wired into the agent's permission hooks, not just reading the terminal buffer.
• The same actions reach your Apple Watch — approve or deny from your wrist. (Secure ShellFish has a watch app, but not agent approve/deny actions.)

It's the difference between "you have a notification, go look" and "approve this? — yes." Over a day of babysitting an agent, that gap adds up.

The inbox is also managed state, not a log. Each agent session gets one row that updates in place rather than spawning a new alert per event, and rows are grouped by host and by project, so the same agent on your Mac and on a Linux box stay cleanly separated. A finished turn floats up and quietly archives itself after a few hours; a pending approval pins to the top until you answer it. Moshi normalizes events from a long list of agents into this one feed — Claude Code, Codex, OpenCode, Gemini, Cursor, and more — so "what are all my agents doing right now" is a single screen, not several sessions you open one by one.

A dashboard its widgets don't add up to

Secure ShellFish's notify and widget commands are a great primitive for ambient status — a home-screen widget, a Live Activity, an encrypted image pushed from a script. But they're things you wire up, one shell command at a time. Moshi reads the agent layer automatically and turns it into a dashboard ShellFish has no equivalent for:

• Usage rings. Each account's rate-limit windows, drawn as rings: Claude Code's 5-hour and 7-day windows, Codex's rolling windows, OpenCode's provider limits. Glance before you start a long turn to see if you have headroom — on the phone or on an Apple Watch complication.
• Context "stamina." A ring per active agent showing how much of its context window is left, flagged below ~15% so you can ask it to summarize before it forgets what it was doing.
• Recent directories. Reconnect to a host and Moshi offers one-tap entries for the directories where Claude or Codex recently ran, read from the agents' own transcripts — straight back into the repo, no path to type.

You could approximate the first one with a hand-written widget script. The context ring and the recent-directory launcher have no shell-command equivalent at all — they come from Moshi being wired into the agents' own hooks and transcripts.

Review what the agent changed

When an agent rewrites a dozen files, you want to read the changes, not scroll raw git diff in a terminal. Moshi ships review surfaces Secure ShellFish doesn't:

• Diff viewer — a phone-tuned side-by-side (or stacked), syntax-highlighted read of the working tree.
• A repository browser. The same diff app has a Browse tab: walk the project's file tree at the working tree or any past commit, and open any file as syntax-highlighted source — TypeScript/JavaScript, JSX/TSX, Go, Swift, JSON, YAML, TOML, HTML/CSS, Markdown, and shell. Reviewing the agent's work isn't limited to the changed lines; you can read the files around them.
• Browser preview — tap a detected localhost port and the host's dev server opens in Moshi's in-app browser over your session.

All three surfaces ride a small gateway that moshi-hook serves locally on your host and tunnels through your existing SSH session, so the diff contents, the files you browse, and the dev-server traffic never touch Moshi's servers — they go phone-to-host, the same as your terminal. Secure ShellFish's answer to "edit remote files" is its superb Files integration — open the file in your favourite editor and it syncs back. That's excellent for hand-editing, but it isn't a one-tap review of what the agent just did.

Paste a screenshot straight into the agent

This is the one row in the table worth circling. Secure ShellFish's Files integration is among the best ways anywhere to drag a file around — but the direction that matters for an agent is inbound, into the running prompt. On a desktop you screenshot a bug and drag it into Claude Code. Moshi collapses that to one tap on a phone: pick a photo, screenshot, PDF, or log; Moshi SCPs it to your host into ~/.moshi/uploads/ and hands the agent a real file path — exactly like pressing Ctrl+V in Claude Code or Codex. You can crop or annotate the screenshot first, and it works for arbitrary files, not just images. ShellFish can push an image out to your phone with notify, and it can mount and move files beautifully; what it doesn't do is drop one into a running agent's prompt. See Image and file paste.

Connection resilience: Mosh vs. tmux

Both apps keep long agent runs alive, but differently. Secure ShellFish leans on tmux (it has a polished native tmux mode) so the session survives on the server while your phone comes and goes. Moshi speaks Mosh natively and pairs it with tmux: Mosh roams across network changes and sleeps without a persistent socket, so when you switch from Wi-Fi to cellular mid-run, the session just catches up. As best we can tell, Secure ShellFish doesn't ship Mosh — its persistence story is tmux, which is great on a stable link and weaker when your connection actually moves. On a phone, that roaming matters. Moshi also sends a wake-up probe when it opens a new Mosh connection, so a Mac that fell asleep with the lid closed comes back to find the session waiting — and getting connected in the first place is easy, with Bonjour discovery of SSH servers on your LAN and a QR "easy pair" flow that provisions a saved connection from the host in one scan.

Prompt by voice

Both apps support dictation. Moshi's voice is built specifically for prompting. It runs on-device by default — your pick of NVIDIA's Parakeet, Apple's SpeechAnalyzer (iOS 26+), or a local Whisper (large-v3-turbo and smaller), with a metered cloud option only if you want it — so a dictated prompt never leaves the phone. And it has two modes: a chat mode that opens a composer where you can edit a long prompt, attach a screenshot, and send it as one message, and a command mode that types straight into the shell. "Add a nullable deleted_at to users and show me the diff," spoken while walking, is exactly what the two modes are tuned for — draft carefully, or fire a quick command.

An on-screen keyboard tuned for the agent loop

Secure ShellFish has solid keyboard customization and presets — this isn't a knock on it. But Moshi's on-screen toolbar is built around the specific rhythm of answering an agent one-handed. The D-pad has configurable corners, one defaulting to Interrupt (clear the line, soft-cancel a runaway turn) and another to a dedicated Backspace for the agent TUIs that swallow the normal one. A shortcut builder lets you bind any sequence — a tmux prefix chord, Esc :wq, or a prompt fragment you send constantly — to a slot or a gesture, with per-agent sets for Claude Code, Codex, Cursor, and OpenCode. When the agent prompts every few seconds, a double-tap to paste or a swipe to switch sessions beats hunting for a small target every time. It's the same idea as ShellFish's thoughtful Shift+Return-for-Claude-Code touch, taken across the whole input surface.

Where Secure ShellFish wins

This is a real list, and for the right person it's decisive. Secure ShellFish is the better tool when:

• You live in remote files. Its Files app / Finder integration is about as good as remote files get on any platform — mount any server path as a native drive, edit in any app, cache directories for offline. Moshi has a file browser too — a git-aware view of the repo with syntax-highlighted source — but it's read-oriented and scoped to the project, not a general SFTP mount you can edit through. If managing files across the whole filesystem is your day, ShellFish isn't close.
• You want Apple-platform breadth. Native macOS and Vision Pro apps, plus deep Shortcuts automation and home/lock-screen widgets. Moshi is iOS and Android only.
• You want encrypted push that's yours to script. Its notify and widget commands fire end-to-end-encrypted alerts — even images — from any shell or cron job to your phone, widgets, Live Activities, and StandBy, surviving backgrounding via APNs. It's a lovely primitive for ambient status and CI pings.
• You want to keep agents alive comfortably. Picture-in-Picture and Location Persistence are explicitly there to keep long Claude Code / Codex sessions running while you do other things — a thoughtful, agent-aware touch.
• You want the deepest security options. YubiKey over NFC and USB, short-lived SSH certificates from your CA, post-quantum key exchange, and Secure Enclave keys.
• You want one-tap host setup. Provider integrations for DigitalOcean, Hetzner Cloud, and Synology, CSV import, and a "scan the clipboard for connection details" trick make adding servers painless.
• You want a beloved, mature indie app shipping near-weekly, with a long track record.
• You want to spend less — see below.

Pricing

Plainly: Secure ShellFish is much cheaper. It's a one-developer app with a famously fair price, and it undercuts Moshi at every tier. Moshi costs more because the agent-first machinery — the inbox, diff viewer, Mosh, watch actions, voice modes — is the product.

The honest read: if price is your deciding factor, Secure ShellFish wins it comfortably — its $29.99 lifetime unlock is one of the best deals in the category. Moshi's pitch is that a purpose-built agent cockpit — approval inbox, diff review, Mosh, Apple Watch, voice — is worth the premium if that's how you actually spend your time.

(Secure ShellFish prices are from its App Store listing and vary by region; Moshi's $6.99 / $59.99 / $249 are standard rates, and founders/regional pricing may show you less.)

The verdict

These two respect each other's turf. Secure ShellFish is the file-and-SSH client that added thoughtful agent support; Moshi is the agent-first cockpit with a real terminal under it. Some people will run both — Secure ShellFish for SFTP, Finder mounts, and Mac work, Moshi for steering agents from the couch with the inbox, usage rings, diff viewer, and image paste. They overlap less than the spec sheet suggests, and the right answer is usually whichever one matches how you actually spend your phone time. For the rest of the field, see Moshi vs Termius and Moshi vs Blink on the SSH-client side, Moshi vs Happy and Moshi vs Kittylitter on the agent-client side, and the iOS terminal roundup.