Tutorial: Set up ssh/sftp between non-rooted Android and Librem 5

I know Android ssh solutions are probably old news for many, but as I only just learned how to do this with Android, I thought I would share my experience here, in case others find it helpful.

Step 1: Set up ssh server and client functions on the L5 (or any other Linux computer), if you haven’t done so already. (See this tutorial.)

Step 2: On the Android, install the FOSS app SimpleSSHD from F-Droid. It might also be available from… the store that shall not be named. SimpleSSHD makes the process fairly easy, and doesn’t require root privileges.

Step 3: In the SimpleSSHD app settings, the default Port Number is set to 2222, but if you’ve previously restricted your network ssh actions to a specified port, as I have, change 2222 to the one you use for ssh on your network.

Step 4: Also in the app settings, under “Home Directory,” change the default (which is a temporary file, I believe) to /storage/emulated/0/PathToYOURFOLDER/

“YOURFOLDER” is the one you would like to use as the default storage directory for ssh transfers on the Android. It can be the folder called Download, which already exists in the Android internal file system, or, e.g., MySSHfiles, SFTP, Download/MySSHfiles, etc. Examples: /storage/emulated/0/Download/, or /storage/emulated/0/Download/MySSHfiles, etc. (Create the folder in your Android files app, if it doesn’t already exist.)

Step 5: Activate wifi on the Android and the L5.

Step 6: In the SimpleSSHD Android app, tap Start.

Step 7: In the L5 terminal, run the command:
ssh 192.xxx.xxx.xxx -p 2222
(Use the actual IP address for your Android device, which is displayed at the top of the SimpleSSHD screen, and the actual port number you set in the app settings, if different from 2222.)

Step 8: The first time you try to connect via ssh to the Android, the L5 will reject with a scary-@$$ warning (redacted) like this:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
SHA256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.
Please contact your system administrator.
Add correct host key in /home/USERNAME/.ssh/known_hosts to get rid of this message.
Offending RSA key in /home/USERNAME/.ssh/known_hosts:9
  remove with:
  ssh-keygen -f "/home/USERNAME/.ssh/known_hosts" -R "[192.xxx.xxx.xxx]:nnnn"
RSA host key for [192.xxx.xxx.xxx]:nnnn has changed and you have requested strict checking.
Host key verification failed.

To fix this, just copy the indicated command: ssh-keygen -f "/home/USERNAME/.ssh/known_hosts" -R "[192.xxx.xxx.xxx]:nnnn" and paste it to the command prompt; then hit Enter. Now run the original command again. The output will ask if you want to accept the new connection. Type “yes” to accept, and the key will be added on the L5 as a known host. At this point, the SimpleSSHD screen on the Android will display a single-use password, which you must enter in the L5’s terminal, after which your designated ssh directory will be mounted.

Now you can copy files and entire folders to and from the Android using the terminal command scp and parameters/options (secure copy - see tutorial), or exit, etc. SimpleSSHD also does rsync, apparently, although I haven’t looked into it yet.

Step 9: A simpler, graphical way to transfer or copy files between devices is sftp (ssh file transfer protocol). (See tutorial.)

Once you’ve established the ssh connection, open the Files application on the L5, and, following the sftp tutorial, create a bookmark for the Android folder, [EDIT: corrected: ] e.g. “sftp://192.xxx.xxx.xxx:nnnn/storage/emulated/0/Download/” (or “sftp://192.xxx.xxx.xxx:nnnn/storage/emulated/0/Download/MySSHfiles,” etc… whatever your chosen Android directory is.

Note that in the Files app on the L5, to mount the Android directory, you’ll have to input the user name (which is 0 for the Android) and an additional single-use password generated in the SimpleSSHD app.

With a bookmark to your Android directory now set in the L5’s Files browser, you can link to the Android any time, by first starting SimpleSSHD on the Android, initiating the ssh session in the L5’s terminal, then using the L5 Files interface to move and copy files and folders back and forth, i.e. point and click, drag into and out of, etc.

Between computers, you can initiate an sftp connection over your network directly from the Files browser, tapping the bookmark, or entering the sftp IP location, and then entering user name and password for the target device, with no need to connect in the terminal first (as long as ssh has already been set up on the devices). With a non-rooted Android using SimpleSSHD, however, you have to connect to the app first with the terminal command.

Always stop the SimpleSSHD app and close the connection in the L5’s terminal when you’re done.

4 Likes

Some screenshots of SimpleSSHD in action: https://www.techrepublic.com/article/how-to-install-an-ssh-server-on-your-android-phone/