SSH is the supported protocol for communication between a Fuchsia target device and a host device. This document describes how to properly set up an SSH connection between these devices.
Prerequisites
On the host side, a proper SSH distribution is required.
A public/private key pair is also needed to secure access to the
device or emulator running Fuchsia. ffx
will generate the key if not present.
You can add your own key, if desired, to the path displayed from
ffx config get ssh.priv
and ffx config get ssh.pub
.
Provisioning a device
There are two options for installing the public key onto the target.
By installing it during paving (preferred)
Follow the instruction for paving the target device, and add an
extra argument to the bootserver
call pointing to the public key:
$ bootserver --authorized-keys $PUBLIC_KEY <other args>
By modifying the Fuchsia image directly
The fuchsia.zbi
image may be modified to include the public key using the
zbi
tool:
$ zbi -o $FUCHSIA_DOT_ZBI -e data/ssh/authorized_keys=$PUBLIC_KEY
Note that this method is mainly designed for situations where paving is not necessarily an efficient option (e.g. testing on an emulator). Use with care.
Connecting to a device
Provided that the address of the target device is known as $TARGET_ADDRESS
,
open a shell on that device with:
$ ssh -i $PRIVATE_KEY fuchsia@$TARGET_ADDRESS
Note that if you got the key from your SSH agent, or if the key is in a well
known location ($SSH_HOME
) under a well known name (id_*
), you may omit the
-i
argument.
Note also that the host keys for a Fuchsia target device are generated at first
boot, meaning that every time the device gets paved the keys are going to
change.
You may want to disable host key checking when connecting to a Fuchsia device to
avoid running into errors by adding the following flags:
-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null