Google Git
Sign in
fuchsia / third_party / openssh-portable / refs/heads/main / . / fuchsia
tree: 13eb55a4463d8a5a9ff2f1b47b037d7fc5266cd4 [path history] [tgz]
  1. hostkeygen/
  2. config.h
  3. fuchsia-compat.c
  4. fuchsia-compat.h
  5. fuchsia-pty.cc
  6. loader-wrapper.cc
  7. loader-wrapper.h
  8. README.md
  9. sshd_config
  10. sshd_config_eng
fuchsia/README.md

OpenSSH on Fuchsia

Server

Fuchsia builds that include sshd start a program called listen that is similar in nature to inetd from other platforms, in that listen takes the responsibility to listen on a socket and spawn programs when connections are made. listen is configured to spawn sshd when it receives a connection on port 22 over either IPv4 or IPv6.

The sshd is configured such that it expects a username of fuchsia.

Host Keys

There is a minimal program called hostkeygen that is also run on startup, that will create a host private key file in /data/ssh/ if none is already present.

User Keys

User keys are configured and managed by using ffx. See SSH keys for details.

For development usage, the authorized public keys are added when flashing or starting the emulator via ffx.

Notes

  • There is no termcap on Fuchisa, and the shell (a Dash fork) has limited knowledge of terminals. It is recommended that you use a terminal that is loosely vt100/xterm compatible.
  • The SSH client feature -N typically used to background a connection does not currently work. The workaround is to run a long running program such as cat.
  • Fuchsia supports a ignore_valid_after configuration option to ignore the valid_after date check when authenticating via certificate. This is used during development to connect to devices that do not have a synchronized time source. See fxr/302848 for details.
  • Fuchsia does not support password authentication.

Client

The clients are built but don't work yet.

Updating

To update Fuchsia's fork to a new version of openssh-portable perform the following steps:

  1. Identify a released version of openssh-portable and find the corresponding tag prefixed by ‘upstream’ in our mirror.
  2. Merge changes from upstream into origin/main and resolve merge conflicts.
  3. Compare the build rules in Makefile.in and reconcile changes in BUILD.gn.
  4. Compare changes in the autoconf configuration and update fuchsia/config.h.