SSH - koreader/koreader GitHub Wiki

This feature is only available on Cervantes, Kobo, Kindle, and PocketBook

The SSH server is dropbear. OpenSSH's SFTP server is also installed.

In KOReader, the SSH server settings are located under Tools menu (Cog icon) -> Network -> SSH server.

This menu contains the following items:

  • The SSH server checkbox allows you to start the SSH server. After starting, a message will pop up with relevant information about the server, such as its IP address.
  • The SSH port menu item allows you to specify the SSH port.
  • SSH public keys must be placed under the folder detailed by the SSH public key menu item.
  • The Login without password (DANGEROUS) menu item lets you log in with any password.

Connecting through SFTP - without password

  • Make sure your device is connected to your local network
  • Open KOReader
  • Tap the top edge of the screen to open the menu
  • Click on the Cog Wheel -> Network -> SSH Server
  • Check Login without password (DANGEROUS)
  • Check SSH server
  • A pop-up will open with the IP address of the server. If the pop-up does not list such an IP address, the operation was unsucessful (is your device actually connected to the internet?)

From your PC, use any standard SFTP client to connect to the device using its specific IP address (shown when starting the SSH server and available under network info), and port 2222 (the standard SFTP port is 22). Use root as both username and password.

The following image show the connection configuration screen for FileZilla:

After that you can transfer your files to and from your device with SFTP client.

The root folder that KOReader displays is `/mnt/onboard'.

Secure your SSH Server with a ecdsa key pair

It's not advised that you leave your kindle ssh server unsecured. This text will briefly explain how to secure it using a ecdsa ssh key pair.

Generate a ecdsa key pair using ssh-keygen -t ecdsa

On windows, mac and linux you should be able to generate a ssh key pair with the command ssh-keygen -t ecdsa. You can skip the passphrase prompt. The ssh-keygen program will tell you where it stores your "identification" and "public key" files.

Copy the contents of your .pub file to your authorized_keys file in your koreader installation

The key pair file that ends in .pub is the public portion of your key pair. Open this file with a text editor and copy it's contents (a single line). On your device access the main koreader directory. Inside it you will find the directory settings/SSH If a authorized_keys file doesn't exist then create it. Paste the single line from your .pub key pair to this file. Note, the authorized_keys file doesn't have an extension. If you want to add other public keys to it you can add each one on a new line.

notepad++_coj0fuj9bS

Put your private key in a safe place and direct your SFTP client to it

When ssh-keygen generates the key pair files the file without a .pub extension is your private key. Move this file to a location where you can keep it safe and point your SFTP client to it. On filezilla you will select Logon Type -> Key file. And then click browse and select the key file. By default the filezilla application will likely only show .PPK files. Toggle this extension filter to show All Files (.) and then select your freshly generated private key.

filezilla_nLYzhKsN7o

That's it! Disable login without password and test it!

On koreader disable the SSH server and then disable the login without password option. Re-enable the ssh server. Now, you should only be able to connect with the private key selected as authorization.

Troubleshooting

ssh fails with error message `packet_write_wait: Connection to ... port 2222: Broken pipe

Try disabling TTY with option -T and disabling X11 forwarding with -x:

ssh -T -x -v -p 2222 user@ip

scp fails with error message scp: not found and lost connection

The scp command is not installed / not supported on your device.

Workaround 1

You can use the following workaround to transfer a file with ssh:

cat src_file | ssh -T -x -p 2222 user@ip 'cat > dst_file'

The parent directory of dst_file must exist.

Workaround 2

For more comfort, you can use lsyncd to send modified files automatically to the target. You can find an example configuration file for this purpose at lsyncd-workaround.

ssh doesn't recognize a public key

Ensure your ssh key is inside a file called authorized_keys, not a directory, and that multiple ssh keys are separated by newlines.

Ensure your ssh key algorithm is ecdsa or otherwise configured (see #8370)