This feature is only available on Cervantes, Kobo, Kindle, and PocketBook

The SSH server is dropbear. OpenSSH's SFTP server is also installed.

In KOReader, the SSH server settings are located under Tools menu (Cog icon) -> Network -> SSH server.

This menu contains the following items:

• The SSH server checkbox allows you to start the SSH server. After starting, a message will pop up with relevant information about the server, such as its IP address.
• The SSH port menu item allows you to specify the SSH port.
• SSH public keys must be placed under the folder detailed by the SSH public key menu item.
• The Login without password (DANGEROUS) menu item lets you log in with any password.

Connecting through SFTP - without password

You can connect to device when it is online (in your home WiFi network) with SFTP if you setup your SSH to allow root logins without password. NB On PocketBook the username is typically reader.

First setup SSH to allow connecting without password in SSH menu (which is WiFi menu):

After that setup any standard SFTP client to connect using the device's specific IP address (this is shown when starting the SSH server and also available under network info), and using port 2222 (standard SFTP port is 22). Like shown on image below (leave password field empty):

After that you can transfer your files to and from your device with SFTP client.

Secure your SSH Server with a ecdsa key pair

It's not advised that you leave your kindle ssh server unsecured. This text will briefly explain how to secure it using a ecdsa ssh key pair.

Generate a ecdsa key pair using ssh-keygen -t ecdsa

On windows, mac and linux you should be able to generate a ssh key pair with the command ssh-keygen -t ecdsa. You can skip the passphrase prompt. The ssh-keygen program will tell you where it stores your "identification" and "public key" files.

Copy the contents of your .pub file to your authorized_keys file in your koreader installation

The key pair file that ends in .pub is the public portion of your key pair. Open this file with a text editor and copy it's contents (a single line). On your device access the main koreader directory. Inside it you will find the directory settings/SSH If a authorized_keys file doesn't exist then create it. Paste the single line from your .pub key pair to this file. Note, the authorized_keys file doesn't have an extension. If you want to add other public keys to it you can add each one on a new line.

Put your private key in a safe place and direct your SFTP client to it

When ssh-keygen generates the key pair files the file without a .pub extension is your private key. Move this file to a location where you can keep it safe and point your SFTP client to it. On filezilla you will select Logon Type -> Key file. And then click browse and select the key file. By default the filezilla application will likely only show .PPK files. Toggle this extension filter to show All Files (.) and then select your freshly generated private key.

That's it! Disable login without password and test it!

On koreader disable the SSH server and then disable the login without password option. Re-enable the ssh server. Now, you should only be able to connect with the private key selected as authorization.

Troubleshooting

ssh fails with error message `packet_write_wait: Connection to ... port 2222: Broken pipe

Try disabling TTY with option -T and disabling X11 forwarding with -x:

ssh -T -x -v -p 2222 user@ip

scp fails with error message scp: not found and lost connection

The scp command is not installed / not supported on your device.

Workaround 1

You can use the following workaround to transfer a file with ssh:

cat src_file | ssh -T -x -p 2222 user@ip 'cat > dst_file'

The parent directory of dst_file must exist.

Workaround 2

For more comfort, you can use lsyncd to send modified files automatically to the target. You can find an example configuration file for this purpose at lsyncd-workaround.

ssh doesn't recognize a public key

Ensure your ssh key is inside a file called authorized_keys, not a directory, and that multiple ssh keys are separated by newlines.

Ensure your ssh key algorithm is ecdsa or otherwise configured (see #8370)