SSH is the supported protocol for communication between a Fuchsia target device and a host device. This document describes how to properly set up an SSH connection between these devices.
On the host side, a proper SSH distribution is required.
A public/private key pair is also needed to secure access to the device or emulator running Fuchsia. ffx will generate the key if not present. You can add your own key, if desired, to the path displayed from ffx config get ssh.priv and ffx config get ssh.pub.
There are two options for installing the public key onto the target.
Follow the instruction for paving the target device, and add an extra argument to the bootserver call pointing to the public key:
$ bootserver --authorized-keys $PUBLIC_KEY <other args>
The fuchsia.zbi image may be modified to include the public key using the zbi tool:
$ zbi -o $FUCHSIA_DOT_ZBI -e data/ssh/authorized_keys=$PUBLIC_KEY
Note that this method is mainly designed for situations where paving is not necessarily an efficient option (e.g. testing on an emulator). Use with care.
Provided that the address of the target device is known as $TARGET_ADDRESS, open a shell on that device with:
$ ssh -i $PRIVATE_KEY fuchsia@$TARGET_ADDRESS
Note that if you got the key from your SSH agent, or if the key is in a well known location ($SSH_HOME) under a well known name (id_*), you may omit the -i argument.
Note also that the host keys for a Fuchsia target device are generated at first boot, meaning that every time the device gets paved the keys are going to change. You may want to disable host key checking when connecting to a Fuchsia device to avoid running into errors by adding the following flags:
-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null
