How to setup OpenSSH daemon on the Steam Deck

To setup an OpenSSH daemon on your Steam Deck most guides suggest you do the following:

1. Set a password using passwd.
2. Use sudo and systemctl to start and enable the system wide sshd service.

While this certainly works and only requires a few simple shell commands, I don't think it's the right way to setup the OpenSSH daemon, because it comes with some drawbacks:

• The above commands modify the root filesystem, these changes may be lost when updating SteamOS.
• The default OpenSSH daemon configuration will be used which may contain insecure settings.

If you want to know how I setup the OpenSSH daemon on my Steam Deck, continue reading.

Setting up a systemd user service

From the Arch Linux wiki:

systemd offers the ability to manage services under the user's control with a per-user systemd instance, enabling them to start, stop, enable, and disable their own user units.

And this is exactly what we are going to do.

To set up a systemd user service for the OpenSSH daemon on your Steam Deck, create a new systemd unit file at ~/.config/systemd/user/sshd.service with the following contents:

      [Unit]
Description=OpenSSH Daemon
After=network.target

[Service]
ExecStart=/usr/bin/sshd -D -f %h/.config/ssh/sshd_config
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=always

[Install]
WantedBy=default.target
    

Configuring the OpenSSH daemon

Create a new configuration file for the OpenSSH daemon at ~/.config/ssh/sshd_config.
This is how I configured the OpenSSH daemon:

      Port 2222

PrintMotd no
UsePam no

HostKey /home/deck/.config/ssh/host_key
AuthorizedKeysFile /home/deck/.config/ssh/authorized_keys

PasswordAuthentication no
KbdInteractiveAuthentication no

Subsystem sftp /usr/lib/ssh/sftp-server
    

This will start the OpenSSH daemon on port 2222. It also disables authentication via password and instead enforces public key based authentication.

Next create the host key for the OpenSSH daemon using ssh-keygen, for example:

      $ ssh-keygen -t rsa -b 2048 -o ~/.config/ssh/host_key
    

Now append any public keys you want to use for authentication to the authorized_keys file located in the ~/.config/ssh/ directory.

The last step is to enable and start the systemd user service:

      $ systemctl --user enable sshd.service
$ systemctl --user start sshd.service
    

That's it.
You should now be able to connect via SSH to your Steam Deck using public key based authentication.