Fuchsia builds that include sshd start a program called listen that is similar in nature to inetd from other platforms, in that listen takes the responsibility to listen on a socket and spawn programs when connections are made. listen is configured to spawn sshd when it receives a connection on port 22 over either IPv4 or IPv6.
The sshd is configured such that it expects a username of fuchsia.
There is a minimal program called hostkeygen that is also run on startup, that will create a host private key file in /data/ssh/ if none is already present.
The jiri tool is configured to run a script on checkout that provisions a user specific SSH key into $FUCHSIA_DIR/.ssh/pkey and an associated authorized_keys file into $FUCHSIA_DIR/.ssh/authorized_keys. Users are free to replace the contents of the authorized_keys file with their preferred keys if they desire, for example to add keys from your ssh-agent, one might invoke: ssh-add -L > $FUCHSIA_DIR/.ssh/authorized_keys.
User keys can be provisioned to Fuchsia devices in several ways:
bootserver tools --authorized-keys argument (fx pave does this).extra_authorized_keys build argument. This approach is not recommended, as the image artifacts produced by a build in this case are by side effect specialized to the given keys.curl -o /data/ssh/authorized_keys https://github.com/<username>.keys-N typically used to background a connection does not currently work. The workaround is to run a long running program such as cat.The clients are built but don't work yet.