├── README.md
├── installer.sh
├── sshd
    └── sshd_config
└── systemd
    └── sshd-user.service


/README.md:
--------------------------------------------------------------------------------
 1 | # Run SSH server as user, no sudo, no password or SteamOS developer mode required
 2 | 
 3 | This scripts installs and enables a systemd unit in `~/.config/systemd/user/sshd-user.service`, which runs the SSH server as the current user.
 4 | 
 5 | This was built for the Steam Deck (SteamOS) but it should work on other platforms too. You may need to change the sftp subsystem path in the ssh server configuration file.
 6 | 
 7 | For the Steam Deck the service will start both in Desktop and Steam modes.
 8 | 
 9 | Configuration and host keys are found in: `~/.config/sshd`.
10 | 
11 | Default port is 2022.
12 | 
13 | ## Install
14 | 
15 | Before installing, you can customize the file `sshd/sshd_config` to suit your needs, or you can do it
16 | after installation in `~/.config/sshd/sshd_config` and restart the service.
17 | 
18 | HostKeys will be automatically generated during install, if they do not exist in `~/.config/sshd/`
19 | 
20 | Run the installer
21 | 
22 | ```sh
23 | ./install.sh install
24 | ```
25 | 
26 | The installer enables and starts the service automatically, to check its status use:
27 | 
28 | ```sh
29 | systemctl --user status sshd-user
30 | ```
31 | 
32 | To login from a remote system, without password, you need to add your SSH public keys to `~/.ssh/authorized_keys`
33 | 
34 | If you need to change the SSH server configuration edit `~/.config/sshd/sshd_config` and restart the service with:
35 | 
36 | ```sh
37 | systemctl --user restart sshd-user
38 | ```
39 | 
40 | ## Uninstall
41 | 
42 | To uninstall the service run
43 | 
44 | ```sh
45 | ./installer.sh uninstall
46 | ```
47 | 
48 | SSH server configuration and host keys won't be removed.
49 | 
50 | If you want to remove them, delete the entire `~/.config/sshd` directory.
51 | 
52 | If you delete the host keys, when you reinstall they will be regenerated and you may need to reauthorized them from any connecting client.
53 | 
54 | ## Tips
55 | 
56 | ### SSH service logs
57 | 
58 | To check the log for any errors:
59 | 
60 | ```sh
61 | journalctl --user -xeu sshd-user
62 | ```
63 | 
64 | Everytime you login/logout, you may see an error like _"Attempt to write login records by non-root user (aborting)"_ in the log, which is "normal" when OpenSSH is run as non root. (<https://github.com/openssh/openssh-portable/blob/master/loginrec.c#L439>)
65 | 
66 | ### SSH authorized_keys
67 | 
68 | If you added public keys to your GitHub account, you can download them from: `https://github.com/<username>.keys` and use those as your SSH authorized_keys file.
69 | 
70 | Example:
71 | 
72 | ```sh
73 | curl -o ~/.ssh/authorized_keys https://github.com/<yourusername>.keys
74 | ```
75 | 
76 | ### Control systemd user services from SSH
77 | 
78 | If you use `systemctl --user` from an SSH session you may run into the error _"Failed to connect to bus: No medium found"_.
79 | 
80 | This is because the environment var `XDG_RUNTIME_DIR` needs to be set to the user run dir.
81 | 
82 | You can add the following to your `~/.bash_profile` to have it set and exported automatically for bash
83 | 
84 | ```sh
85 | [[ -z "$XDG_RUNTIME_DIR" ]] && XDG_RUNTIME_DIR=/run/user/$UID
86 | 
87 | export XDG_RUNTIME_DIR
88 | ```
89 | 


--------------------------------------------------------------------------------
/installer.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | 
 3 | set -e
 4 | 
 5 | SSHD_DIR="$HOME/.config/sshd"
 6 | SSHD_CONF="$SSHD_DIR/sshd_config"
 7 | SYSTEMD_UNIT="sshd-user.service"
 8 | SYSTEMD_USER_DIR="$HOME/.config/systemd/user"
 9 | 
10 | install_systemd_service() {
11 |     echo "Installing systemd user service"
12 |     mkdir -p "$SYSTEMD_USER_DIR"
13 |     install -v -p "systemd/$SYSTEMD_UNIT" "$SYSTEMD_USER_DIR/$SYSTEMD_UNIT"
14 | 
15 |     echo "Reloading systemd user daemon"
16 |     systemctl --user daemon-reload || true
17 | 
18 |     echo "Enabling and starting $SYSTEMD_UNIT"
19 |     systemctl --user enable --now "$SYSTEMD_UNIT" || true
20 | }
21 | 
22 | install_sshd() {
23 |     if [ -f "$SSHD_CONF" ]; then
24 |         echo "Skipping sshd configuration: sshd configuration already exists at $SSHD_CONF."
25 |     else
26 |         install_sshd_config
27 |     fi
28 | 
29 |     generate_host_key ecdsa
30 |     generate_host_key ed25519
31 |     generate_host_key rsa -b 4096
32 | }
33 | 
34 | install_sshd_config() {
35 |     mkdir -p "$SSHD_DIR"
36 |     echo "Installing new configuration file at: $SSHD_CONF"
37 |     cat > "$SSHD_CONF" <<CONF
38 | HostKey $SSHD_DIR/ssh_host_ecdsa_key
39 | HostKey $SSHD_DIR/ssh_host_ed25519_key
40 | HostKey $SSHD_DIR/ssh_host_rsa_key
41 | CONF
42 |     cat ./sshd/sshd_config >> "$SSHD_CONF"
43 |     echo
44 |     cat "$SSHD_CONF"
45 |     echo
46 | }
47 | 
48 | generate_host_key() {
49 |     key_file="$SSHD_DIR/ssh_host_$1_key"
50 |     if [ ! -f "$key_file" ]; then
51 |         echo "Generating ssh host key type: $1"
52 |         ssh-keygen -q -N "" -t "$@" -f "$key_file"
53 |     fi
54 | }
55 | 
56 | do_help() {
57 |     2>&1 echo "Please specify either install or uninstall"
58 | }
59 | 
60 | do_install() {
61 |     install_sshd
62 |     install_systemd_service
63 | }
64 | 
65 | do_uninstall() {
66 |     echo "Stopping, disabling and removing systemd unit"
67 |     systemctl --user disable --now "$SYSTEMD_UNIT" || true
68 |     rm -v "$SYSTEMD_USER_DIR/$SYSTEMD_UNIT" || true
69 | 
70 |     if [ -d "$SSHD_DIR" ]; then
71 |         echo
72 |         echo "Found SSHD files in $SSHD_DIR."
73 |         echo "If you don't need them please remove the directory or the files manually."
74 |     fi
75 | }
76 | 
77 | cd -- "$(dirname -- "$0")"
78 | 
79 | [[ -z "$XDG_RUNTIME_DIR" ]] && XDG_RUNTIME_DIR=/run/user/$UID
80 | export XDG_RUNTIME_DIR
81 | 
82 | for arg; do
83 |     [ "$arg" == "--help" ] && do_help && exit
84 | done
85 | 
86 | case "$1" in
87 |     install) do_install ;;
88 |     uninstall) do_uninstall ;;
89 |     help|--help) do_help ;;
90 |     *) do_help; exit 1 ;;
91 | esac
92 | 


--------------------------------------------------------------------------------
/sshd/sshd_config:
--------------------------------------------------------------------------------
1 | Port 2022
2 | UsePAM no
3 | KbdInteractiveAuthentication no
4 | PasswordAuthentication no
5 | PubkeyAuthentication yes
6 | X11Forwarding yes
7 | AuthorizedKeysFile .ssh/authorized_keys
8 | Subsystem sftp /usr/lib/ssh/sftp-server


--------------------------------------------------------------------------------
/systemd/sshd-user.service:
--------------------------------------------------------------------------------
 1 | [Unit]
 2 | Description=OpenSSH Daemon as user
 3 | After=network.target
 4 | 
 5 | [Service]
 6 | ExecStart=/usr/bin/sshd -D -f %h/.config/sshd/sshd_config -o PidFile=%t/sshd.pid
 7 | ExecReload=/bin/kill -HUP $MAINPID
 8 | KillMode=process
 9 | Restart=always
10 | 
11 | [Install]
12 | WantedBy=default.target


--------------------------------------------------------------------------------