Secure P2P Remote Access

Remote access,
without the headaches

SSH-like shell access without port forwarding, VPNs, or third-party routing. Direct encrypted peer-to-peer connections with a single binary.

Get Started How It Works
$ curl -fsSL https://hop.keik.ai/install.sh | bash
macOS (Apple Silicon & Intel) · Linux (x86_64 & ARM64)

Why hop?

Existing tools all have tradeoffs. hop was built to eliminate them.

End-to-End Encrypted

TLS 1.3 over QUIC. Your traffic is never decrypted by a relay or third-party service. Keys stay on your machines.

NAT Traversal Built In

Works behind ISP NAT, double NAT, and carrier-grade NAT. No port forwarding or router configuration needed.

Single Binary

One download. No runtime dependencies, no daemon required for basic use, no accounts to create. Just run it.

One-Time Invite Links

Share a link or token to grant access. Each invite is single-use and cryptographically verified. No shared passwords.

Direct P2P

Connections go directly between peers whenever possible. No bandwidth limits, no metered relay, no man-in-the-middle.

Cross-Platform

macOS (Apple Silicon & Intel) and Linux (x86_64 & ARM64). Built with Rust for native performance on every platform.

How hop compares

No accounts, no port forwarding, no third-party routing.

hop
SSH / Tailscale / ngrok
Port forwarding
Not needed
SSH requires it
Account required
No
Tailscale, ngrok require accounts
Traffic routing
Direct P2P
ngrok routes through their servers
Setup
One curl command
VPN config, daemon install, signup
NAT traversal
Automatic (QUIC)
Tailscale (WireGuard), SSH (none)

How it works

Three commands. That's it.

Start hosting

Run hop host on the machine you want to access. It generates an identity and starts listening for connections.

Share an invite

Run hop invite to generate a one-time token. Send it to whoever needs access—it's single-use and time-limited.

Connect

The other person runs hop connect <token> and gets a secure shell. Future connections use hop connect <name>.

Terminal
# On your server $ hop host Listening... Node ID: 5f4a8c... # Generate an invite $ hop invite Invite token: eyJ0eX... # On your laptop (or any machine) $ hop connect eyJ0eX... Connected to server server $ _

Install

One command to download, verify, and install.

Quick Install (all platforms)

Shell
# Install latest $ curl -fsSL https://hop.keik.ai/install.sh | bash # Install specific version $ curl -fsSL https://hop.keik.ai/install.sh | bash -s -- --version 0.1.0 # Custom install directory $ curl -fsSL https://hop.keik.ai/install.sh | bash -s -- --dir ~/.local/bin

Downloads the binary, verifies the SHA-256 checksum, and installs to /usr/local/bin. Works with curl or wget.

Supported Platforms

macOS
Apple Silicon (arm64) & Intel (x86_64)
🐧
Linux
x86_64 & ARM64 (glibc)

Run as a System Daemon

Keep hop running at boot with a native system service.

macOS .pkg Installer

The package installer sets up hop as a system LaunchDaemon that starts automatically at boot. Ideal for always-on machines like home servers, dev boxes, or Mac Minis under your desk.

  • Installs binary to /usr/local/bin/hop
  • Registers a LaunchDaemon that runs hop host at boot
  • System-level config at /Library/Application Support/hop/
  • Automatic restarts on crash (KeepAlive)
  • Shared config with admin group permissions
Terminal
# Download the .pkg installer $ curl -fsSLO https://hop.keik.ai/v0.1.0/hop-0.1.0.pkg # Install the package $ sudo installer -pkg hop-0.1.0.pkg -target / # The daemon starts automatically — create an invite $ hop invite Invite token: eyJ0eX...

Uninstall cleanly with sudo /usr/local/bin/hop-uninstall.sh. Your config at /Library/Application Support/hop/ is preserved.

systemd Service

Install hop as a systemd service that starts automatically at boot. Ideal for headless servers, VPS instances, or any always-on Linux machine.

  • Installs binary to /usr/local/bin/hop
  • Registers a systemd service that runs hop host at boot
  • Config at ~/.config/hop/ (XDG default)
  • Automatic restarts on crash (Restart=on-failure)
  • Logs via journald (journalctl -u hop)
Terminal
# Install the hop binary $ curl -fsSL https://hop.keik.ai/install.sh | bash # Install and start the systemd service $ sudo curl -fsSL https://hop.keik.ai/hop.service -o /etc/systemd/system/hop.service $ sudo systemctl daemon-reload $ sudo systemctl enable --now hop # Create an invite $ hop invite Invite token: eyJ0eX...

Stop and remove with sudo systemctl disable --now hop && sudo rm /etc/systemd/system/hop.service