Google is committed to advancing racial equity for Black communities. See how.


SSH is the supported protocol for communication between a Fuchsia target device and a host device. This document describes how to properly set up an SSH connection between these devices.


On the host side, a proper SSH distribution is required.

A public/private keypair is also needed. It may be generated via the ssh-keygen command, or extracted from the running SSH agent via ssh-add -L.

Provisioning a device

There are two options for installing the public key onto the target.

By installing it during paving (preferred)

Follow the instruction for paving the target device, and add an extra argument to the bootserver call pointing to the public key: $ bootserver --authorized-keys $PUBLIC_KEY <other args>

By modifying the Fuchsia image directly

The fuchsia.zbi image may be modified to include the public key using the zbi tool: $ zbi -o $FUCHSIA_DOT_ZBI -e data/ssh/authorized_keys=$PUBLIC_KEY

Note that this method is mainly designed for situations where paving is not necessarily an efficient option (e.g. testing on an emulator). Use with care.

Connecting to a device

Provided that the address of the target device is known as $TARGET_ADDRESS, open a shell on that device with: $ ssh -i $PRIVATE_KEY fuchsia@$TARGET_ADDRESS

Note that if you got the key from your SSH agent, or if the key is in a well known location ($SSH_HOME) under a well known name (id_*), you may omit the -i argument.

Note also that the host keys for a Fuchsia target device are generated at first boot, meaning that every time the device gets paved the keys are going to change. You may want to disable host key checking when connecting to a Fuchsia device to avoid running into errors by adding the following flags: -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null