TUTORIAL: Using ssh and scp

The bigger picture is: Out of the box, sshd is not going to be acceptable security for me. I have to do something. The tutorial needs to cover something, or multiple somethings. I’m not going to get all bent out of shape regardless of what the option(s) covered is/are, as long as the tutorial doesn’t encourage customers to set up their sshd with weak security.

Perhaps those advocating key-based auth will write up the needed config file changes and other commands for the benefit of the OP.

I suggest a new section under the Community Wiki for Tutorials and then this can be the first tutorial under that section. I wouldn’t link to this topic as it has already become messy and disjointed. In other words, use a topic in the forum to refine and discuss the content, and when you are happy with it, copy the content into a tutorial in the Wiki.

1 Like

I use key-based auth both with my Pinephone and with a couple of servers I run. Below are a couple links that explain how to generate the keys, and how to make the config changes on your server (or Librem 5, or Pinephone).


From that page (the example is using an account called vivek). Please note that you are creating your keys on the machine you are using to remote into the server (or phone). So, run these commands on your laptop/desktop.

Copy the contents of the id_rsa.pub key (on your laptop) into the ~/.ssh/known_hosts file on the phone. The permissions on the known_hosts file should be 600. The permissions on the .ssh directory should be 700.

Once the contents of the id_rsa.pub key is copied into the known_hosts file, restart your phone (just to be sure), and then you can authenicate using ssh purism@192.168.1.xxx (whatever your ip address is), and you will not be prompted for a password.

To disable the password-based authentication, taken from this site (when it says login as root, that is just your Librem 5 id, run with sudo):


@leetaur, thanks for that. I think it would be helpful if you or someone could write a simple, concise guide (“1. On your computer…, 2. On your L5…, 3. etc.”) from start to finish, like I did with the original post…something that even a brand new Linux user could follow without confusion. I’d do it myself, but I’m not as competent as others here.

I will do that @amarok :slight_smile: Though work is starting, so it will have to wait until this evening.


Thanks! If you prefer to make a new thread and link it here, that’s cool, too.
Then we can combine the tutorials and add them to the community wiki.

1 Like

Tutorial for enabling key-based ssh authentication on the Librem 5 is linked below:


Things can even be simpler. On your Linux-based client, start nautilus (the file manager) hit ctrl-l or chose connect to server and use sftp://purism@182.168.x.x as address. There you can navigate through your phones file system and copy files as if they were local.
P.S. Similar things work on different DEs, file managers, and even in MacOS, I think.
P.P.S. sftp uses ssh, so you still need to enable the ssh server in your phone.


In did that for some time, but I had difficulties opening files remotely by applications. The applications could not write the files, even the user had the permissions and were able to override the file by file manager.

For me the solution was sshfs which is also easy as it can get.

If you prefer to do this from the shell, you can use gio mount ... to get the same result, and it may be easier to (semi-)automate from the shell, as distinct from a GUI.

Sure, but I was under the impression that the purpose of this tutorial was something that was usable by mere mortals :slight_smile:


Yep, but @amarok gets to decide what is suitable for mere mortals. Forum readers may want to go beyond that and benefit from additional info. :slight_smile:

1 Like

Please see the Community Wiki for the new “Tutorials” section (https://source.puri.sm/Librem5/community-wiki/-/wikis/Tips-&-Tricks), and add to it if you have some useful tips. Above all, keep the language simple and don’t write elliptically…assume you’re instructing complete newbies. Thanks!

1 Like

I was suggesting to create a new page i.e. a new Tutorial section within the Wiki, and then a new page within that section, rather than a new document section within the Tips and Tricks page.

Otherwise I think Tips and Tricks will end being thousands and thousands of lines long.

Tips and Tricks could perhaps intro and link to any tutorial that someone writes. So Tips and Tricks could explain what you can use SSH for and then link to the tutorial for how to set it up initially.

1 Like

A new page with expandable individual tutorials would be better, I agree. If you know how to create that, please go ahead. Something like @amosbatto’s FAQ page would be nice.

That’s a different way again. That I definitely don’t know how to do.

So there are a few ways of doing it.

  1. Embedded Table of Contents (ToC) - like the FAQ
  2. Separate ToC / page hierarchy - like the Wiki itself
  3. Expanding ToC - beyond my pay grade :slight_smile: - but a lot of web sites do this e.g. https://puri.sm/faq/

For the first one, I would just pretend to edit the FAQ and look at the coding to see how it is done but it may be easier to ask Amos. :wink:

I was suggesting the second one.

I had a look, but don’t understand it. Maybe @amosbatto could start it for us when he has time.

1 Like

@amarok, I added a table of contents to the Tips & Tricks page. If you don’t like it, feel free to undo it.

By the way, if you want line breaks to appear in your text, you can add two spaces at the end of a line.


Very nice! That looks great. Thanks!

Does not work for me:

Error: “Connection Timed Out”

It never gets to the nice point of connecting to the remote L5 device over WIFI.


  1. ssh server up and running on L5
  2. ports open in ufw L5 firewall and accept incoming connections on (port 22)
  3. public L5 IP used to connect on the client using client SSH (installed)
  4. router firewall checked and does not block IP, public L5 IP can be pinged from client, client can be pinged using client public IP from L5 with no connectivity issues
  5. Gnome sharing settings show “Remote Login=on” and “File Sharing=Enabled”

Error stated as above. (and i am just interested in getting the instructions to work as laid out here, no fancy keys other than the L5 user password that has to be entered on remote connection attempt)

From all of that, what is the secret to configuring (configuration file settings?) SSH on the L5 to work?

Besides my issues above isn’t it much safer to just use the USB cable and connect locally only over ethernet IP where no security precautions are needed since you can be assumed to be operating from a secure environment already?

I take it you’re trying to connect over the internet, as opposed to within your home wifi network?

Here’s what I based my tutorial on: https://www.makeuseof.com/tag/beginners-guide-setting-ssh-linux-testing-setup/
It lists some troubleshooting steps that may help.
“The IP address you use should be the one suitable for the connection. So, if the device is on the same network as the client, use the local IP address. For connections across the internet, use the public IP address. If the computer is located on a different network, make sure that port 22 is forwarded to the computer.”

Port forwarding: https://www.ssh.com/academy/ssh/tunneling/example

1 Like