Deflect One - Agentless Linux Server Monitoring & AI-Powered DevOps Control


🛰

You already have SSH access to your servers. That is the only thing Deflect One needs. Open a terminal, run deflect, and your entire fleet appears: live CPU, RAM, disk, Docker containers, active attacks, and service health across every host - simultaneously, in real time. No agents to install on managed servers. No daemons. No browser tab. No SaaS to trust with your credentials. Just the SSH key you already have, and a terminal dashboard that shows you everything.


A brute-force attack starts hitting port 22. You see it the moment it begins - attacker IP, country, attempt count - and contain the threat in seconds. A microservice crashes on three hosts simultaneously. You catch it before your users do, restart across all three, and read the logs - never leaving a single extra terminal. That is the loop: see everything, react instantly, move on. Monitoring + security + management + optional AI, packed into a single pip install deflect-one.


Agentless Monitoring Features: SSH Fleet Control, Attack Defense & AI Automation


📈 Real-Time Fleet Monitoring - CPU, RAM, disk, network I/O, Docker containers, MySQL/PostgreSQL/Redis slow queries across all your servers simultaneously. When something spikes on server 7, you see it the moment it happens. No exporters to maintain. No scrape intervals. No YAML. Near-zero overhead by design - async coroutines, not polling loops.


🛡 Live Attack Radar & Automated Defense - watch attackers hit your servers in real time: IP, country, attack type, timeline, session forensics. One keystroke bans the IP fleet-wide. AuthSentinel watches SSH, sudo, mail, databases, and FTP simultaneously - and fires an instant alert when an IP that failed 50 times suddenly succeeds. Containment workflow: block IP → kill session → disable account → rotate credentials - one screen, five steps, breach contained.


👤 User & Group Administration - full Linux account management over SSH, per host (Ctrl+J, switch hosts with ←→ tabs): create, edit, lock, and delete users and groups, manage SSH keys per account - generate a new key locally, deploy it, and verify it in one flow. See who is logged in right now and what commands they are running live. Need to revoke access immediately? Emergency containment - block + disable + key revoke - in one click, with a safety guard that prevents you from accidentally locking yourself out. All without touching a single config file.


🤖 Optional AI - Your Infrastructure, Always On (opt-in, off by default) - connect Claude, GPT-4, Gemini, Mistral, Groq, or a local LM Studio model to everything Deflect One already knows about your fleet. Write per-host instructions in plain English: "if MySQL slow queries exceed 10/min, restart the service and notify me" - the AI follows them 24/7 while you do other things. Or just press Ctrl+A and ask "why is this server slow?" and get an actual diagnosis with context. Deflect One works perfectly without AI - it is an optional power layer, not a dependency.


💬 Plain-English Command Terminal - press Ctrl+A, type what you want: "find all Python processes using more than 500MB RAM across all hosts and show me which ones". Deflect One generates the exact SSH commands and executes them. No guessing syntax at 2am. No Stack Overflow tabs.


📊 25+ Screens - One Tool Replaces Many - dual-panel SFTP file manager (Midnight Commander style), live log aggregation with regex across all hosts, cron & systemd timer editor, backup scheduler with rotation, email queue monitor, cross-host process audit with OOM detection, git deploy with per-host rollback, SSH key rotation across the fleet, Docker container inspection. The combination that used to mean a dozen separate tools and a browser full of tabs.


🔐 Hardware-Bound Encrypted Credential Vault - SSH credentials are encrypted at rest using Fernet + PBKDF2, bound to local machine hardware. A stolen config file is completely useless on any other machine.


How Agentless SSH Monitoring Works: Architecture & Python Engine


Deflect One is a 40,000+ LOC async Python monolith built on Textual TUI. Every operation runs over paramiko SSH - no agents, no open ports beyond 22. Each managed host gets its own async agent with 10 parallel loops: metrics every 5s, attack log every 8s, Docker every 15s, apt every hour. When you see live data in the dashboard, it is genuinely live - not a cached scrape from 60 seconds ago. Your SSH credentials are encrypted at rest using hardware-bound Fernet/PBKDF2 - a stolen config file is worthless on any other machine.


The optional dual-tier AI engine routes expensive reasoning (health audits, threat analysis) to a SMART model and fast repetitive calls (shell hints, command translation) to a FAST model - so you get intelligence where it matters without burning your API budget on routine polling. Each host runs its own AI policy - one server restarts nginx on crash, another notifies you instead. You decide. Or you turn AI off entirely and nothing breaks.


Single JSON config file. Import hosts from ~/.ssh/config in one click. Hardware-bound credential vault. First launch shows a demo mode with live animations and 25+ screens - no SSH required to evaluate the full UI.


Designed for DevOps Professionals & Solo Linux Server Admins


Deflect One is for the engineer who has more servers than patience for Zabbix and more security requirements than htop can answer. If you find yourself with 15 SSH terminals open, a Grafana tab nobody reads, and still no idea what is actually happening on your fleet right now - this is what you have been missing. Real-time visibility, active defense, and management - from one terminal, with one pip install.


Also perfect for solo developers and homelab enthusiasts who want Datadog-level visibility without the Datadog bill - and without running Prometheus, Grafana, Loki, and Alertmanager just to know if their VPS is alive. pip install deflect-one && deflect --demo. That is the entire evaluation process. No account. No trial. No credit card.


⚡ Current Status & Beta Access

Status: Active development - beta coming soon

Runs on:
✅ Linux  ·  ✅ macOS (Intel + Apple Silicon)  ·  ✅ Windows (Windows Terminal)  ·  ✅ WSL2
Any OS that runs Python 3.10+

Manages:
✅ Debian 10+  ·  ✅ Ubuntu 20.04+  - primary targets, fully tested
🟨 Fedora · CentOS · Arch · Alpine - works via SSH, not all features tested yet

Stack: Python 3.10+, Textual TUI, asyncio, paramiko, Fernet/PBKDF2. Optional AI modules: Claude API, OpenAI/Gemini/Mistral

AI backends (optional): Claude, GPT-4, Gemini, Mistral, Groq, LM Studio (local)

License: MIT License with Attribution Requirement. Freeware - free for personal and commercial use

Agent required on servers: None


♥ Support Deflect One Development🔗 View on GitHub⬇ Download deflect.py


Deflect One is free and will remain free. Your sponsorship goes directly into continued development, new features, and the beta release.



Frequently Asked Questions


Does Deflect One require installing agents on monitored servers?

No. Deflect One is fully agentless. It connects to your servers exclusively via SSH - no daemons, no background processes, no additional ports to open. If SSH works, Deflect One works. This is the core design principle: zero footprint on monitored infrastructure.


What Linux distributions does Deflect One support for server monitoring?

Primary targets (fully tested): Debian 10+ and Ubuntu 20.04+. Works via SSH on Fedora, CentOS, Arch, and Alpine - most features functional, full test coverage coming in a future release.


Is AI required to use Deflect One?

No - AI is entirely optional. Deflect One is a fully functional agentless Linux server monitoring tool without any AI enabled. The AI integration (Claude, GPT-4, Gemini, Mistral, Groq, LM Studio) is an experimental, opt-in feature for those who want natural-language command execution or autonomous background governance. You control whether AI is used, which model, and on which servers.


Is Deflect One a free and open-source server monitoring tool?

Yes. Deflect One is released under the MIT License with Attribution Requirement. It is free for personal and commercial use, including homelab and VPS monitoring. Source code is available on GitHub. Sponsorship is welcome to fund continued development.


Is Deflect One a free open-source alternative to Zabbix, Netdata, Cockpit, Wazuh, or Termius?

Yes. Unlike Zabbix and Checkmk (agents on every host, days of setup, dedicated monitoring server), Wazuh (enterprise SIEM requiring its own infrastructure), Netdata and Prometheus+Grafana (agent stacks that only graph - no management layer), Cockpit and Webmin (browser panels managing one host at a time), or Termius (paid SSH client with no monitoring or security), Deflect One is a single Python script that uses only the SSH access you already have - zero installation on monitored servers. It shows your entire fleet in one terminal dashboard, combines monitoring with active attack detection, firewall automation, and file management, and adds optional AI - all open-source, MIT licensed, pip install deflect-one and running in 10 seconds.


Can I use Deflect One for homelab server monitoring?

Yes. Deflect One is well-suited for homelab monitoring and self-hosted infrastructure. It runs on any machine with Python 3.10+ (Linux, macOS, Windows Terminal, WSL2) and connects to your home servers or VPS via SSH. No cloud services, no SaaS subscriptions - entirely self-hosted and offline-capable.