TUTORIAL: Using ssh and scp

Things can even be simpler. On your Linux-based client, start nautilus (the file manager) hit ctrl-l or chose connect to server and use sftp://purism@182.168.x.x as address. There you can navigate through your phones file system and copy files as if they were local.
P.S. Similar things work on different DEs, file managers, and even in MacOS, I think.
P.P.S. sftp uses ssh, so you still need to enable the ssh server in your phone.


In did that for some time, but I had difficulties opening files remotely by applications. The applications could not write the files, even the user had the permissions and were able to override the file by file manager.

For me the solution was sshfs which is also easy as it can get.

If you prefer to do this from the shell, you can use gio mount ... to get the same result, and it may be easier to (semi-)automate from the shell, as distinct from a GUI.

Sure, but I was under the impression that the purpose of this tutorial was something that was usable by mere mortals :slight_smile:


Yep, but @amarok gets to decide what is suitable for mere mortals. Forum readers may want to go beyond that and benefit from additional info. :slight_smile:

1 Like

Please see the Community Wiki for the new “Tutorials” section (https://source.puri.sm/Librem5/community-wiki/-/wikis/Tips-&-Tricks), and add to it if you have some useful tips. Above all, keep the language simple and don’t write elliptically…assume you’re instructing complete newbies. Thanks!

1 Like

I was suggesting to create a new page i.e. a new Tutorial section within the Wiki, and then a new page within that section, rather than a new document section within the Tips and Tricks page.

Otherwise I think Tips and Tricks will end being thousands and thousands of lines long.

Tips and Tricks could perhaps intro and link to any tutorial that someone writes. So Tips and Tricks could explain what you can use SSH for and then link to the tutorial for how to set it up initially.

1 Like

A new page with expandable individual tutorials would be better, I agree. If you know how to create that, please go ahead. Something like @amosbatto’s FAQ page would be nice.

That’s a different way again. That I definitely don’t know how to do.

So there are a few ways of doing it.

  1. Embedded Table of Contents (ToC) - like the FAQ
  2. Separate ToC / page hierarchy - like the Wiki itself
  3. Expanding ToC - beyond my pay grade :slight_smile: - but a lot of web sites do this e.g. https://puri.sm/faq/

For the first one, I would just pretend to edit the FAQ and look at the coding to see how it is done but it may be easier to ask Amos. :wink:

I was suggesting the second one.

I had a look, but don’t understand it. Maybe @amosbatto could start it for us when he has time.

1 Like

@amarok, I added a table of contents to the Tips & Tricks page. If you don’t like it, feel free to undo it.

By the way, if you want line breaks to appear in your text, you can add two spaces at the end of a line.


Very nice! That looks great. Thanks!

Does not work for me:

Error: “Connection Timed Out”

It never gets to the nice point of connecting to the remote L5 device over WIFI.


  1. ssh server up and running on L5
  2. ports open in ufw L5 firewall and accept incoming connections on (port 22)
  3. public L5 IP used to connect on the client using client SSH (installed)
  4. router firewall checked and does not block IP, public L5 IP can be pinged from client, client can be pinged using client public IP from L5 with no connectivity issues
  5. Gnome sharing settings show “Remote Login=on” and “File Sharing=Enabled”

Error stated as above. (and i am just interested in getting the instructions to work as laid out here, no fancy keys other than the L5 user password that has to be entered on remote connection attempt)

From all of that, what is the secret to configuring (configuration file settings?) SSH on the L5 to work?

Besides my issues above isn’t it much safer to just use the USB cable and connect locally only over ethernet IP where no security precautions are needed since you can be assumed to be operating from a secure environment already?

I take it you’re trying to connect over the internet, as opposed to within your home wifi network?

Here’s what I based my tutorial on: https://www.makeuseof.com/tag/beginners-guide-setting-ssh-linux-testing-setup/
It lists some troubleshooting steps that may help.
“The IP address you use should be the one suitable for the connection. So, if the device is on the same network as the client, use the local IP address. For connections across the internet, use the public IP address. If the computer is located on a different network, make sure that port 22 is forwarded to the computer.”

Port forwarding: https://www.ssh.com/academy/ssh/tunneling/example

1 Like

Not necessarily whatever works. It appears that port forwarding needs to be enabled to make it work. On the server side that is enabled by default but not on the client side. I will give that a try.

I assume you have used it successfully? My question would be how?

I had no problems enabling ssh exactly as outlined here, although initially I failed to allow it in the firewall, then corrected it.

I use ssh all the time, mainly to enter the L5’s terminal from my computer, execute commands, and copy terminal output to this forum (for example).

I used scp a lot in the beginning to copy files and pictures over, but then I switched to sftp, which allows me to save devices on my network as bookmarks in the files navigator on my computer. So I can just click on “Librem 5” or “Raspberry Pi” directly on my computer, enter the password, and open up the directories from those devices. Very convenient for transferring files.

By the way, I also changed the default port to something other than 22. I’ll probably switch from password to authentication keys soon.

1 Like

I would use a non-default port on the internet gateway in this case. You can use port forwarding to change the external port number (preferably not 22) to the internal port number (can be 22 if you want) - so the non-default port number can be transparent to the Librem 5.

There are a bunch of different network configurations that might be involved here and I didn’t get a clear understanding from @Captain_Morgan regarding which applies. For example:

  1. Librem 5 is at home on the local WLAN, client is outside the home and wants to connect in to the Librem 5.

  2. Librem 5 is at home on the local WLAN, client is inside the home and wants to connect in to the Librem 5.

  3. Librem 5 is at home but not on the local WLAN and is instead using the cellular modem to be on the internet and client is somewhere and wants to connect in to the Librem 5. Warning: With most cellular providers this will most likely be impossible because the Librem 5 will not have a public IP address and will be relying on CGNAT.

Only for IPv4 of course. For IPv6 it should just work. So that would be a point of clarification.


If this is an IPv4 address in a NAT scenario then the above statement isn’t all that relevant. You are pinging the internet gateway, not the Librem 5 itself. (Well, OK, it establishes something about basic connectivity.)

One thing to check is your Librem 5’s SSH server config. It can be configured to filter by username and/or IP address. Any such filtering by IP address is over and above the firewall.

grep -v ^# /etc/ssh/sshd_config

I would confirm working ssh-in to the Librem 5 from the local LAN before worrying about any public scenarios.

Thats my case: one complication laptop and L5 connected on same wifi, however both use VPN and the IP is routed through different VPN servers. Since i dont think it would be secure to expose either one IP directly to the network provider.

So what i really would like to do is not using SSH at all, instead plug in my phone with a USB to USB cable and use that hardwired cable to connect to the L5 - 100% airgapped. Is there a way to set that up, and in theory shouldnt that be much easier than the relatively insecure port forwarding method or opening listening ports to the internet?

Then they aren’t really in the situation that you describe, unless you override the VPN for select cases.

The basic scenario that I was describing in that bullet point is e.g. Librem 5 is and client is and the two devices may directly communicate over the local LAN (presumed to be in this example).

If the VPN still allows LAN communication then you should be able to ignore the VPN.

So you would need to examine the output from route -n but this is rapidly becoming something that a rando on the internet without access to your network can’t troubleshoot.

Of course. Plug it in.

But since that just creates an additional network interface, you will still need to contend with VPN and routing. (Or, to put that another way, if you pull both devices off the WiFi, and disable the VPN on both devices, and then make the USB-to-USB connection then the pair will be able to network over USB but will be airgapped from the rest of the world.)

And in my experience out-of-the-box the client operating system may not assign an IP address and bring the interface up. So the Librem 5 end will be all good but you will have to work within whatever distro is running on the client to configure and bring up the interface. That will obviously depend on what distro you are using and its current configuration. (So you would start on the Librem 5 and use ifconfig to see what its state is and then do the same on the client.)

And once you have the networking up and running, you might still choose to use SSH (sftp) to transfer files but you can use whatever application protocol works for you.

1 Like