diff --git a/_home.macos/private_dot_local/bin/executable_tsh-get b/_home.macos/private_dot_local/bin/executable_tsh-get
new file mode 120000
index 0000000..7c62216
--- /dev/null
+++ b/_home.macos/private_dot_local/bin/executable_tsh-get
@@ -0,0 +1 @@
+../../../_src.posix/private_dot_local/bin/executable_tsh-get
\ No newline at end of file
diff --git a/_home.macos/private_dot_local/bin/executable_tssh b/_home.macos/private_dot_local/bin/executable_tssh
new file mode 120000
index 0000000..8f59b48
--- /dev/null
+++ b/_home.macos/private_dot_local/bin/executable_tssh
@@ -0,0 +1 @@
+../../../_src.posix/private_dot_local/bin/executable_tssh
\ No newline at end of file
diff --git a/_home.macos/private_dot_local/bin/executable_tssh-with-tunnel b/_home.macos/private_dot_local/bin/executable_tssh-with-tunnel
new file mode 120000
index 0000000..2322671
--- /dev/null
+++ b/_home.macos/private_dot_local/bin/executable_tssh-with-tunnel
@@ -0,0 +1 @@
+../../../_src.posix/private_dot_local/bin/executable_tssh-with-tunnel
\ No newline at end of file
diff --git a/_src.posix/private_dot_local/bin/executable_tsh-get b/_src.posix/private_dot_local/bin/executable_tsh-get
new file mode 100644
index 0000000..1bf3f32
--- /dev/null
+++ b/_src.posix/private_dot_local/bin/executable_tsh-get
@@ -0,0 +1,62 @@
+#! /usr/bin/env bash
+
+set -e
+
+SCRIPT_NAME="${0##/*}"
+usage() {
+    printf '%s\n' \
+        'Search Teleport for an ssh host with an interactive selection' \
+        '' \
+        'Usage:' \
+        "  [SILENT=1] [BATCH=1] [QUERY='query syntax'] ${SCRIPT_NAME} <search string>" \
+        '' \
+        'Arguments:' \
+        '' \
+        'Examples:' \
+        '  $ BATCH=1 tsh-get tesla' \
+        '  cluster_psnt=VAST-TESLA-AUS-1,hostname=aus08p1vstfs01-cn1-DO-NOT-LOGIN' \
+        '  cluster_psnt=VA22374479,hostname=c-0-1' \
+        '  cluster_psnt=VA22465472,hostname=c-0-1' \
+        '' \
+        '  tsh-get tesla ' \
+        ''
+    exit 2
+}
+
+if [[ $# -eq 0 ]]; then
+    usage
+fi
+
+SILENT=${SILENT:-${BATCH:+1}}
+SEARCH="$1"
+QUERY="${QUERY:+--query=${QUERY}}"
+
+${SILENT:+:} printf 'Searching for %s...' "$SEARCH" >&2
+
+OPTIONS="$(
+    tsh ls --search "$SEARCH" ${QUERY} --format json | jq -r ' .[] | (
+        if .metadata.labels.customer_name
+        then "customer_name=" + .metadata.labels.customer_name + ","
+        elif .metadata.labels.Customer
+        then "Customer=" + .metadata.labels.Customer + ","
+        else ""
+        end)
+        + "cluster_psnt=\(.metadata.labels.cluster_psnt),"
+        + "hostname=\(.spec.hostname)"
+    '
+)"
+
+if [[ -z "$BATCH" && "${OPTIONS}" == *$'\n'* ]]; then
+    SELECTED="$( tv --no-preview <<<"$OPTIONS" )"
+else
+    SELECTED="$OPTIONS"
+fi
+
+if [[ -z "$SELECTED" ]]; then
+    ${SILENT:+:} printf 'Aborted (empty response)\n' >&2
+    exit 2
+fi
+
+${SILENT:+:} printf '\n%s selected.\n' "$SELECTED" >&2
+echo "$SELECTED"
+
diff --git a/_src.posix/private_dot_local/bin/executable_tssh b/_src.posix/private_dot_local/bin/executable_tssh
new file mode 100644
index 0000000..c607a90
--- /dev/null
+++ b/_src.posix/private_dot_local/bin/executable_tssh
@@ -0,0 +1,28 @@
+#! /usr/bin/env bash
+
+set -e
+
+SCRIPT_NAME="${0##/*}"
+usage() {
+    printf '%s\n' \
+	'SSH using Teleport with interactive selection and VAST-reasnoble defaults' \
+	'' \
+        "${SCRIPT_NAME} " \
+        '' \
+        'Usage:' \
+        ''
+    exit 2
+}
+
+if [[ $# -eq 0 ]]; then
+    usage
+fi
+
+SEARCH="$1"
+SSHUSER="${SSHUSER:-vastdata}"
+TUNNEL="${TUNNEL:+-L ${TUNNEL}}"
+
+TARGET="${SSHUSER}@$(tsh-get "$SEARCH" "$SSHUSER")"
+
+tsh ssh ${TUNNEL} "${TARGET}" "${@:2}"
+
diff --git a/_src.posix/private_dot_local/bin/executable_tssh-with-tunnel b/_src.posix/private_dot_local/bin/executable_tssh-with-tunnel
new file mode 100644
index 0000000..6da0438
--- /dev/null
+++ b/_src.posix/private_dot_local/bin/executable_tssh-with-tunnel
@@ -0,0 +1,48 @@
+#! /usr/bin/env bash
+
+set -e
+
+SCRIPT_NAME="${0##*/}"
+usage() {
+    printf '%s\n' \
+        'Open a tunnel to the VMS external IP' \
+        '' \
+        'Usage:' \
+        "  ${SCRIPT_NAME} <search> [ssh args...]" \
+        '' \
+        'Env manipulators:' \
+        '  LOCAL_PORT   default is 8443' \
+        '  TARGET_PORT  default is 443' \
+        '  SSHUSER      default is vastdata' \
+        '  VMS          default is auto-detected' \
+        ''
+    exit 2
+}
+
+if [[ $# -eq 0 ]]; then
+    usage
+fi
+
+LOCAL_PORT="${LOCAL_PORT:-8443}"
+TARGET_PORT="${TARGET_PORT:-443}"
+SEARCH="$1"
+SSHUSER="${SSHUSER:-vastdata}"
+
+TARGET="${SSHUSER}@$(tsh-get "$SEARCH" "$SSHUSER")"
+
+VMS="${VMS:-"$(awk '$5 { split($4, cidr, "/"); print cidr[1] }' <(tsh ssh "${TARGET}" bash -l <<SSHEOF
+    VMS="\$(clush -g cnodes 'docker ps | grep vast_vms | grep -v grep' 2>/dev/null | cut -d':' -f1)" \
+    && clush -w "\$VMS" ip -4 -br a
+SSHEOF
+))"}"
+
+TUNNEL="-L ${LOCAL_PORT}:${VMS}:${TARGET_PORT}"
+
+RUN="${RUN:-}"
+if [[ -z "$RUN" && -n "$(command -v zellij)" ]]; then
+    RUN="zellij run --floating --pinned 'true' --name '${SCRIPT_NAME} ${SEARCH}: ${TUNNEL} ${TARGET}' --"
+fi
+
+printf "Executing: %s ...\n" "tsh ssh ${TUNNEL} ${TARGET} ${*:2}" >&2
+eval "${RUN} tsh ssh ${TUNNEL} '${TARGET}' ${*:2}"
+