Note: With the version
9.20220727.0.1 or higher, some
ffx commands (such as
ffx target flash and
ffx emu start) will automatically generate Fuchsia-specific SSH keys on the host machine if they are not found in the
$HOME/.ssh directory. (To check the
ffx version on your host machine, run
ffx sdk version.)
During development, one or more public SSH keys (listed in
fuchsia_authorized_keys) are loaded to a Fuchsia device, typically when a new Fuchsia image is flashed to the device. Once the device is loaded with these public SSH keys, the
ffx commands (running from the host machine where a matching private SSH key is stored) can establish an SSH connection to the device.
By default, Fuchsia-specific SSH keys are stored in the
$HOME/.ssh directory of the host machine, as shown below:
These files are created by
ffx if they do not exist.
Note: These keys are not password protected. Don't use these keys for non-development devices.
These files contain the following:
fuchsia_ed25519: A private SSH key. The content of this file must not be revealed or shared.
fuchsia_authorized_keys: A list of one or more authorized public SSH keys.
fuchsia_authorized_keys file must include the public SSH key for
fuchsia_ed25519. During the flashing process, the
fuchsia_authorized_keys file gets uploaded from the host machine to the Fuchsia device.
If you have multiple development machines, it's recommended that the Fuchsia SSH keys are synchronized across your development machines. This may require you to copy the existing Fuchsia SSH keys files from one machine to another.