Learn more about installation requirements

Read the Installation FAQ

Please note: We strongly discourage installing SSH No Ports as root. If you don't have another user account available, we recommend creating one first. (A quick web search will help you find steps for your operating system.)

Before you begin, you'll need to set up curl and sshd on both your client and your remote device.

curl
Simply type the following command into your terminal:
‍
curl

You should be greeted with this message: "curl: try 'curl --help' for more information"

If you see something like "command not found" a quick web search will show you how to install curl on your machine.

Have both your client and device ready—prior to installation make sure the following is installed and configured accordingly:

sshd
‍SSH No Ports needs to be able to SSH to localhost. To test for this, start by running the following command:

ssh 0

If it asks for a password, or greets you with an SSH session, you are good to go.

If you see something like: "ssh: connect to host 0.0.0.0 port 22: Connection refused" then you will either need to install or enable sshd. The method can vary depending on the platform; some common solutions to this are:

macOS:
Turn on remote login in System Settings
‍
Linux Desktop

sudo apt install openssh-server
sudo service ssh restart
‍
Systemd based servers

sudo systemctl enable sshd.service

The following steps require that you alternate between client and device. It is best if you have two terminals open, one for each.

Once you have the above prerequisites setup on both the client and device, get your addresses by purchasing SSH No Ports from my.noports.com. You will receive both a client and device address.
‍

All directions in Section 2 refer to the device.

Run the following command to install the device daemon:

bash -c "$(curl -fsSL https://getsshnpd.noports.com)" -- --args "-s -u -v"

The program will ask you for some input. First enter your client and device addresses from step 1. You will also need to pick a unique device name using only alphanumeric characters and “_” with a maximum length of 15 characters.

Client address (e.g. @alice_client): <client address>
Device address (e.g. @alice_device): <device address>
Device name: <device name>

Security notice: passing `-- –args “-s -u -v”` will append flags to the sshnpd binary call where `-s` will add any new ssh public keys to the device’s authorized_keys, `-u` will share the sensitive device information (such as the username) with the client address, and `-v` will enable logging.

Example:

Client address (e.g. @alice_client): @alice_client
Device address (e.g. @alice_device): @alice_device
Device name: raspberry_pi

If you would like to automate this in a script, pass the input as arguments like so:
‍
bash -c "$(curl -fsSL https://getsshnpd.noports.com)" -- -c <client address> -d <device address> -n <device name>


Example:

bash -c "$(curl -fsSL https://getsshnpd.noports.com)" -- -c @alice_client -d @alice_device -n raspberry_pi

This step is optional, but highly recommended. If you skip this step, you must prefix all of the SSH No Ports binaries (at_activate, sshnp, sshnpd, etc.) with the following path: “~/.local/bin/”.

‍Add the following line to your shell’s rc file to add all of the newly installed binaries to your path:

export PATH="$HOME/.local/bin:$PATH";

If you use bash (most Linux distributions by default) add the above line to '~/.bashrc'.
If you use zsh (most macOS distributions by default) add the above line to '~/.zshrc'.

All directions in Sections 3 refer to the client.

Run the following command to install the client:
‍
bash -c "$(curl -fsSL https://getsshnp.noports.com)"

The program will ask you for some input. First enter your client and device address from Step 1. You will also need to pick a default region, ideally this is the closest to your physical location.

Client address (e.g. @alice_client): <client address>
Device address (e.g. @alice_device): <device address>
Pick your default region:  
am: Americas
ap: Asia Pacific
eu: Europe
> <region code>

Example:

Client address (e.g. @alice_client): @alice_client
Device address (e.g. @alice_device): @alice_device
Pick your default region:  
am: Americas  
ap: Asia Pacific  
eu: Europe
> am

If you would like to automate this in a script, pass the input as arguments like so:

bash -c "$(curl -fsSL https://getsshnp.noports.com)" -- -c <client address> -d <device address> -h <region code>


Example:

bash -c "$(curl -fsSL https://getsshnp.noports.com)" -- -c @alice_client -d @alice_device -h am

This step is optional, but highly recommended. If you skip this step, you must prefix all of the SSH No Ports binaries (at_activate, sshnp, sshnpd, etc.) with the following path: “~/.local/bin/”.

‍Add the following line to your shell’s rc file to add all of the newly installed binaries to your path:

export PATH="$HOME/.local/bin:$PATH";

If you use bash (most Linux distributions by default) add this line to '~/.bashrc'.
If you use zsh (most macOS distributions by default) add this line to '~/.zshrc'.

Before the sshnp client  can be used, it must be activated. Use the at_activate utility that comes with sshnp. It requires the device address as input (you must include the “@” prefix).

at_activate -a <client address>

Example:

at_activate -a @alice_client

Then a one-time password will be sent to your email address to confirm activation. Note that this part cannot be automated for security reasons.

Exactly like the last step, activate the device address on your client machine. Your client machine will hold both the client and device keys. It requires the device address as input (you must include the "@" prefix). Successful activation will result in your device's keys being generated in ~/.atsign/keys.

at_activate -a <device address>

Example:

at_activate -a @alice_device

Then a one-time password will be sent to your email address to confirm activation. Note that this part cannot be automated for security reasons.

[!] This is a temporary step.

For features that are currently being worked on, this is a temporary step. The device keys should from now on be activated on your client machine, and future Atsign features will allow you to authenticate other devices from your client. For now, secure copy your device keys from your client machine to your device machine.

On your client machine, SCP (Secure Copy) the device's keys (which can be found on the client machine's ~/.atsign/keys/directory) into the same directory on your device's machine (~.atsign/keys). It requires the device address and the user and host of your device as input.

scp ~/.atsign/keys/<device address>_key.atKeys <user>@<host>:<device home directory>/.atsign/keys/<device address>_key.atKeys

Example:

scp ~/.atsign/keys/@alice_device_key.atKeys
alice@123.456.789:/alice/.atsign/keys/@alice_device_key.atKeys

It is important that the keys are secure copied to the path: <home directory>/.atsign/keys on the device machine. The ~/.atsign/keys/ directory should have already been created on the device's machine after running the first install command.

All directions in Section 4 refer to the device.

[!] This is a temporary step.

Versions <=v3.3.0 will experience a bug which requires a manual restart sshnpd on the device. This bug only affects the initial run of sshnpd, and will be fixed in the next release.

killall -u "$(whoami)" -r "sshnpd$"
‍

All directions in Section 5 refer to the client.

$(sshnp@<device address> -d <device name>)

Example:
‍
$(sshnp@alice_device -d raspberry_pi)

Updating your installation

To update the device, run the following command:

bash -c "$(curl -fsSL https://getsshnpd.noports.com)" -- --update

This will update all services installed under the current user.

To update the client, run the following command:

bash -c "$(curl -fsSL https://getsshnp.noports.com)" -- --update

This will update the sshnp client for the current user.