Open a terminal and enter the following command:
ssh-keygen -t ed25519
You will be asked to
Enter a file in which to save the key- we recommend you press
Enterto use the default location
Create a strong passphrase and save it somewhere safe, or press
Enter for no passphrase
It will inform you that your public key has been saved. Take note of this path:
Your public key has been saved in /home/user/.ssh/id_ed25519.pub
Next, start your system’s
ssh-agent and add your key to it:
eval "$(ssh-agent -s)" ssh-add ~/.ssh/id_ed25519
Note that if you changed the file name/location in step 1, you will need to use that file/path in this step
In your Embassy’s web interface, navigate to System > SSH.
Click “Add New Key”.
Back in the terminal of your workstation, display and copy your SSH public key (created above):
On Mac simply copy your key to clipboard by typing the following into a terminal:pbcopy < ~/.ssh/id_ed25519.pub
On Linux:cat ~/.ssh/id_ed25519.pub
Copy the whole resulting line that looks similar to:ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINH3tqX71XsPlzYhhoo9CqAP2Yx7gsGTh43bQXr1zqoq firstname.lastname@example.org
Paste that line into the Add New Key text field of your Embassy
You are now ready to SSH into your Embassy!
You can now access your Embassy from the command line (Linux and Mac) using:
ssh start9@<LAN URL>
<LAN URL> with your Embassy’s LAN (
Community member BrewsBitcoin has created a guide for connecting via SSH using PuTTY on Windows.
The following guide requires that you have already added an SSH key to your Embassy.
SSH over Tor is only supported on Linux, though it may also work on Windows with Torifier.
First, you’ll need one dependency,
torsocks, which will allow you to use SSH over Tor on the machine that you want access with. Select your Linux flavor to install:
sudo apt install torsockssudo pacman -S torsocks
The changes you make here are on the overlay and won’t persist after a restart of your Embassy.ssh email@example.com
Elevate yourself to root for the rest of the ssh session:
Using Vim or Nano, add the following 2 lines to
HiddenServiceDir /var/lib/tor/ssh HiddenServicePort 22 127.0.0.1:22
You can also add these lines by running the following command:echo "HiddenServiceDir /var/lib/tor/ssh" >> /etc/tor/torrc && echo "HiddenServicePort 22 127.0.0.1:22" >> /etc/tor/torrc
Reload the Tor configuration with your edits:
systemctl reload tor
Gather the “.onion” address you just created:
To log in, simply use the following command, using the “.onion” hostname you printed above:
torsocks ssh firstname.lastname@example.org