Fuchsia builds that include sshd
start a program called listen
that is similar in nature to inetd
from other platforms, in that listen
takes the responsibility to listen on a socket and spawn programs when connections are made. listen
is configured to spawn sshd
when it receives a connection on port 22 over either IPv4 or IPv6.
The sshd is configured such that it expects a username of fuchsia
.
There is a minimal program called hostkeygen
that is also run on startup, that will create a host private key file in /data/ssh/
if none is already present.
The jiri
tool is configured to run a script on checkout that provisions a user specific SSH key into $FUCHSIA_DIR/.ssh/pkey
and an associated authorized_keys file into $FUCHSIA_DIR/.ssh/authorized_keys
. Users are free to replace the contents of the authorized_keys file with their preferred keys if they desire, for example to add keys from your ssh-agent, one might invoke: ssh-add -L > $FUCHSIA_DIR/.ssh/authorized_keys
.
User keys can be provisioned to Fuchsia devices in several ways:
bootserver
tools --authorized-keys
argument (fx pave
does this).extra_authorized_keys
build argument. This approach is not recommended, as the image artifacts produced by a build in this case are by side effect specialized to the given keys.curl -o /data/ssh/authorized_keys https://github.com/<username>.keys
-N
typically used to background a connection does not currently work. The workaround is to run a long running program such as cat
.The clients are built but don't work yet.