How to Use SSH in Termux — Connect to Remote Servers from Android
// 00 — Introduction
Learning how to use SSH in Termux is one of the most valuable skills you can pick up as an Android user interested in Linux, networking, or cybersecurity. SSH — Secure Shell — is the industry-standard protocol used by developers, sysadmins, and security professionals every single day to securely connect to remote servers, manage cloud machines, and automate tasks. The best part? You do not need a laptop or a rooted Android device. Termux gives you a full Linux environment right inside your Android phone, and with OpenSSH installed, you have everything you need to SSH into any remote server in the world from the palm of your hand.
Whether you are a complete beginner who has never touched a terminal, or an intermediate user looking to take their Termux setup to the next level, this guide covers everything. By the end of this tutorial, you will be able to install OpenSSH in Termux, connect to remote Linux servers, set up SSH key-based authentication so you never have to type a password again, and even turn your Android phone into an SSH server that other devices can connect to. All of this works without root, without any paid apps, and without any complicated setup.
Rixon Xavier from HYDRA TERMUX has put this guide together as part of the free cybersecurity education series at hydratermux.blogspot.com. Every command in this guide has been tested on a real Android device running Termux in 2026. You will find working examples, real output screenshots described in text, common error fixes, and pro tips that most tutorials skip. Let us get started.
pkg update && pkg upgrade before following this guide.// 01 — What is SSH and Why Use it in Termux?
SSH stands for Secure Shell. It is a cryptographic network protocol that lets you log into another computer over a network connection — securely. Everything sent over SSH is encrypted, which means nobody snooping on your Wi-Fi or mobile data can read your commands or the server's responses. This is in sharp contrast to older protocols like Telnet, which sent everything as plain readable text.
When you SSH into a remote server, you get a terminal session on that machine. You can run commands, edit files, install software, check logs, restart services — everything you would do if you were sitting in front of that computer. This makes SSH the backbone of server management, DevOps workflows, cloud administration, and penetration testing engagements.
Why SSH in Termux Specifically?
Termux transforms your Android phone into a portable Linux workstation. Once you install OpenSSH inside Termux, your phone becomes a fully capable SSH client — and even an SSH server. Here are the most common real-world uses:
- Managing your VPS or cloud server — Connect to DigitalOcean, AWS, Linode, or any Linux server from anywhere.
- CTF (Capture The Flag) competitions — Many CTF challenges require SSH access to remote boxes. Termux handles this perfectly.
- Penetration testing labs — Connect to lab environments like HackTheBox or TryHackMe machines via SSH.
- Connecting to your home PC remotely — SSH into your desktop or Raspberry Pi from outside your home network.
- SSH tunneling and port forwarding — Route traffic securely through encrypted tunnels, bypass firewalls, and access internal services.
- Running Termux as an SSH server — Let your laptop or desktop connect to your phone wirelessly.
How SSH Works — A Simple Explanation
When you connect to a server via SSH, your client and the server perform a handshake using public-key cryptography. The server proves its identity using its host key, and then you authenticate using either a password or your own SSH key pair. Once authenticated, all traffic between your device and the server is encrypted using a symmetric key negotiated during the handshake. This entire process happens in milliseconds and is extremely secure when configured correctly.
There are two main ways to authenticate with SSH: password authentication and key-based authentication. Password authentication is simple but less secure (vulnerable to brute-force attacks). Key-based authentication uses a pair of cryptographic keys — a private key you keep on your device and a public key you upload to the server. Only someone with the matching private key can log in, making brute-force attacks practically impossible. We will cover both methods in this guide.
// 02 — Installing OpenSSH in Termux
OpenSSH is the most widely used SSH implementation in the world. It is open source, actively maintained, and available directly from the Termux package repository. Installing it takes a single command and about 30 seconds on a decent connection.
Update Termux Packages First
Always update your package list before installing anything new. This ensures you get the latest version and avoids dependency conflicts.
pkg update && pkg upgrade -yInstall OpenSSH
This single command installs both the SSH client (for connecting to remote servers) and the SSH server (sshd, for accepting incoming connections).
pkg install openssh -yVerify the Installation
Check that SSH was installed correctly and see its version number.
ssh -VYou should see output similar to:
OpenSSH_9.6p1, OpenSSL 3.2.1 30 Jan 2024ssh, scp, ssh-keygen, and sshd commands available in Termux.What Gets Installed?
The OpenSSH package in Termux gives you several important tools:
ssh— The SSH client for connecting to remote serverssshd— The SSH daemon (server) for accepting connectionsssh-keygen— Generate SSH key pairs for passwordless authenticationssh-copy-id— Easily copy your public key to a remote serverscp— Securely copy files between your device and a remote serversftp— Secure FTP for interactive file transfersssh-agent— Manage your SSH keys in memory so you don't have to retype passphrases
All of these tools work together to give you a complete SSH toolkit, and no root is required for any of them.
// 03 — Connecting to a Remote Server via SSH
Now that OpenSSH is installed, connecting to a remote server with SSH in Termux is straightforward. The basic syntax of the SSH command is simple and follows a consistent pattern across all platforms.
Basic SSH Connection Syntax
ssh username@hostname_or_ipFor example, to connect to a server at IP address 192.168.1.100 as the user ubuntu:
ssh ubuntu@192.168.1.100The first time you connect to a server, SSH will ask you to verify the server's fingerprint:
The authenticity of host '192.168.1.100 (192.168.1.100)' can't be established.
ED25519 key fingerprint is SHA256:abc123xyz...
Are you sure you want to continue connecting (yes/no/[fingerprint])?Type yes and press Enter. The server's key is saved to ~/.ssh/known_hosts and you won't be asked again for that server.
Connecting on a Non-Standard Port
Many servers run SSH on a port other than 22. Use the -p flag to specify the port:
ssh -p 2222 ubuntu@192.168.1.100Connecting with a Private Key File
Cloud providers like AWS, DigitalOcean, and Google Cloud give you a .pem or .key file instead of a password. Transfer that key file to your Termux home directory and use the -i flag:
# Set correct permissions on the key file first
chmod 600 ~/myserver.pem
# Connect using the key
ssh -i ~/myserver.pem ubuntu@your-server-ipchmod 600 keyfile before using a key. If you skip this, you'll see the error "Permissions are too open".Useful SSH Connection Flags
-v— Verbose mode. Shows debug output, helpful for troubleshooting connection issues.-p PORT— Connect to a specific port number.-i KEY— Use a specific private key file for authentication.-L local:remote— Local port forwarding (tunnel a remote port to your local machine).-R remote:local— Remote port forwarding (expose a local port through the server).-D port— Dynamic port forwarding (creates a SOCKS proxy).-N— Do not execute a remote command. Used for pure tunneling.-f— Run SSH in the background after authentication.-X— Enable X11 forwarding (run graphical apps remotely).
Saving SSH Connections with Config File
If you connect to the same servers regularly, typing the full command every time gets tedious. SSH has a config file that lets you create shortcuts. Create or edit ~/.ssh/config:
mkdir -p ~/.ssh
nano ~/.ssh/configAdd an entry like this:
Host myserver
HostName 192.168.1.100
User ubuntu
Port 22
IdentityFile ~/.ssh/id_ed25519
Host vps1
HostName 203.0.113.50
User root
Port 2222
IdentityFile ~/.ssh/vps_keyNow you can connect with just:
ssh myserver
ssh vps1// 04 — SSH Key Authentication — Password-Free Login
SSH key authentication is the gold standard for secure remote access. Instead of typing a password every time (which can be captured by keyloggers or brute-forced), you use a pair of cryptographic keys. The private key stays on your device and never leaves it. The public key is placed on the remote server. When you connect, SSH performs a cryptographic challenge-response — if your private key matches the public key on the server, you are let in instantly with no password required.
Step 1 — Generate an SSH Key Pair in Termux
ssh-keygen -t ed25519 -C "my-termux-key"You will be prompted:
Generating public/private ed25519 key pair.
Enter file in which to save the key (/data/data/com.termux/files/home/.ssh/id_ed25519):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /data/data/com.termux/files/home/.ssh/id_ed25519
Your public key has been saved in /data/data/com.termux/files/home/.ssh/id_ed25519.pubStep 2 — View Your Public Key
cat ~/.ssh/id_ed25519.pubYou will see a single long line starting with ssh-ed25519. This is your public key — it is safe to share.
Step 3 — Copy Your Public Key to the Remote Server
Method A — Using ssh-copy-id (easiest):
ssh-copy-id ubuntu@192.168.1.100Method B — Manual copy (when ssh-copy-id is not available):
# Connect to server and create .ssh directory
ssh ubuntu@192.168.1.100 "mkdir -p ~/.ssh && chmod 700 ~/.ssh"
# Append your public key to authorized_keys
cat ~/.ssh/id_ed25519.pub | ssh ubuntu@192.168.1.100 "cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"Step 4 — Test Passwordless Login
ssh ubuntu@192.168.1.100Using ssh-agent to Manage Keys
If you set a passphrase on your key, you would have to type it every connection. ssh-agent caches the key in memory so you only type the passphrase once per session:
# Start the agent
eval $(ssh-agent)
# Add your key
ssh-add ~/.ssh/id_ed25519
# Now connect — no passphrase required until you close Termux
ssh ubuntu@192.168.1.100// 05 — Running an SSH Server Inside Termux
One of the most powerful features of using SSH in Termux is that you can run Termux as an SSH server. This means your laptop, desktop, or any other device on the same network can connect to your Android phone via SSH and access its Termux environment. This is incredibly useful for transferring files, running scripts remotely, or managing your phone's Termux session from a full keyboard.
Step 1 — Set a Password for Termux SSH
Termux uses a different authentication method. First, set a password using passwd:
passwdNew password:
Retype new password:
New password was successfully set.Step 2 — Start the SSH Server (sshd)
sshdTermux's SSH server runs on port 8022 by default (not 22, because ports below 1024 require root on Android).
Step 3 — Find Your Phone's IP Address
ifconfig | grep inet
# or
ip addr show | grep 'inet 'Look for an IP address starting with 192.168.x.x — this is your phone's local network IP.
Step 4 — Connect From Another Device
From your laptop or any device on the same Wi-Fi network:
ssh -p 8022 192.168.1.xEnter the password you set with passwd and you are in.
Step 5 — Stop the SSH Server
pkill sshdTransferring Files with SCP
Once your SSH server is running, you can use scp to copy files between devices. From your laptop to your phone:
# Copy file from laptop to Termux
scp -P 8022 myfile.txt 192.168.1.x:/data/data/com.termux/files/home/
# Copy file from Termux to laptop
scp -P 8022 192.168.1.x:/data/data/com.termux/files/home/myfile.txt ./scp uses -P (capital P) for port, while ssh uses -p (lowercase p). This is a common gotcha that trips people up.// 06 — Common Errors and Fixes
Error: Connection refused
ssh: connect to host 192.168.1.100 port 22: Connection refusedFix: The SSH server is not running on the remote machine, or it is on a different port. Check that sshd is running on the server (systemctl status ssh). Try specifying the port with -p.
Error: Permission denied (publickey)
ubuntu@192.168.1.100: Permission denied (publickey).Fix: Your public key is not on the server, or the permissions on ~/.ssh or ~/.ssh/authorized_keys are wrong. Run these on the server:
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keysError: WARNING — Remote host identification has changed
WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!Fix: The server's host key changed (server was rebuilt, or IP reassigned). Remove the old entry from known_hosts:
ssh-keygen -R 192.168.1.100Error: Permissions are too open (key file)
Permissions 0644 for 'mykey.pem' are too open.Fix:
chmod 600 mykey.pemError: sshd on Termux not accepting connections
Fix: Make sure both devices are on the same Wi-Fi network. Also confirm you are using port 8022 (not 22) when connecting to Termux. Check sshd is running with ps aux | grep sshd.
Error: No route to host
Fix: The IP address is unreachable. Confirm the IP is correct with ifconfig on the target device. If connecting over the internet (not local network), make sure port forwarding is configured on the router.
// 07 — Pro Tips for SSH in Termux
~/.ssh/config to prevent SSH from timing out due to inactivity:
Host *
ServerAliveInterval 60
ServerAliveCountMax 3
tmux or screen session on the remote server so your tasks keep running even if you disconnect.ssh -L 9000:localhost:3000 ubuntu@your-server
Now open your browser and go to
http://localhost:9000 on your phone.
/etc/ssh/sshd_config on the server and set PasswordAuthentication no, then restart sshd.mosh (Mobile Shell). It is designed for high-latency and intermittent connections. Install it with pkg install mosh.ssh ubuntu@192.168.1.100 "df -h && uptime"
// 08 — SSH vs Other Remote Access Tools
| Tool | Protocol | Encrypted | No Root | Best For |
|---|---|---|---|---|
| SSH (OpenSSH) | SSH | ✅ Yes | ✅ Yes | Server management, CTF, file transfer |
| Telnet | Telnet | ❌ No | ✅ Yes | Legacy systems only (not recommended) |
| Mosh | SSH + UDP | ✅ Yes | ✅ Yes | Unstable/mobile connections |
| Cloudflare Tunnel | HTTPS/Websocket | ✅ Yes | ✅ Yes | Exposing local servers publicly |
| ADB (Android Debug Bridge) | Custom TCP | Partial | ✅ Yes | Android device debugging |
| VNC/RDP | VNC/RDP | Optional | Varies | Graphical desktop access |
| Netcat | Raw TCP/UDP | ❌ No | ✅ Yes | Port scanning, testing, CTF |
// FAQ — SSH in Termux
ifconfig. On Windows, open PowerShell or CMD and run ssh -p 8022 your-phone-ip. Windows 10 and 11 include OpenSSH by default. You can also use PuTTY if you prefer a graphical SSH client.ssh username@public-ip. Make sure port 22 (or your SSH port) is open in the server's firewall and that any router between you and the server has port forwarding configured if the server is behind NAT.ssh command) is what you use to connect to another machine. The SSH server (sshd daemon) is the service that runs on a machine and accepts incoming connections. Termux can act as both — use ssh to connect to remote servers, and start sshd to let other devices connect to your phone.ServerAliveInterval 60 to your SSH config. For a more permanent solution, switch to mosh (pkg install mosh), which is specifically designed to survive network changes and reconnections.// 09 — Conclusion
Mastering SSH in Termux turns your Android phone into a genuinely powerful remote administration and security research tool. You have learned how to install OpenSSH, connect to remote servers with both password and key-based authentication, configure SSH shortcuts with the config file, run an SSH server inside Termux, transfer files securely with SCP, and troubleshoot the most common errors. These are skills that professional sysadmins and security engineers use every single day.
SSH key authentication is the single most impactful upgrade you can make to your workflow — once you set it up, connecting to your servers becomes instant, secure, and effortless. Take the time to generate your ED25519 key pair and deploy it to every server you manage regularly.
If you found this guide helpful, explore more free Termux and cybersecurity tutorials right here on HYDRA TERMUX. Check out our guides on Nmap, Netcat, and setting up a complete penetration testing environment in Termux — all free, no root required, and tested on real Android devices in 2026.
ssh-keygen -t ed25519 and deploy it to your first server. Once you experience passwordless SSH login, you will never go back.
Nice work 😍
ReplyDelete