6 Mar 2014

An OpenSSH Package for Nexus 5 Phones Running the Stock ROM

If you are looking for an OpenSSH package for Nexus 5 devices running the stock ROM, then you've come to the right place. I have made a recovery package that anyone may use to add OpenSSH to their Nexus 5. This package allows a Nexus 5 user to make outgoing scp, sftp, and ssh connections from the phone, as well as incoming scp, sftp, and ssh connections into the phone. Public key authentication is used from incoming connections to the phone.

Puffy and Bug Droid, a match made in heaven for convenience.

A few weeks ago I realized that the stock ROM on the Nexus 5 does not include OpenSSH. I needed to make a quick SSH connection to my home server. I was shocked to learn that it wasn't included in the stock ROM. Before my Nexus 5, I'd been using OpenSSH for months with my LG Optimus 2X running Cyanogenmod. Living without OpenSSH is like living without air!

I wasn't particularly keen on installing Cyanogenmod on my Nexus 5. I've rooted the phone and installed SuperSU, BusyBox, the Xposed framework, and GravityBox. With this setup I'm missing very little that I want from the custom ROM scene, and my mighty Nexus 5 runs rock solid. Much better than Cyanogenmod ever did.

So I did what made the most sense: I downloaded the latest M-release of CM11 and copied out the OpenSSH binaries. I cleaned up the mess that Cyanogenmod has made of the port as best as I could without going to the lengths of patching and compiling the source code myself. Right now I don't have time for that much extra-curricular work.

However, the work I have done has brought some sanity to the OpenSSH file locations. Additionally, the package does something that Cyanogenmod's current port does not do: by default it supports SFTP connections to the phone.

Since I managed to get OpenSSH working decently well, it just made sense to bundle it into a recovery package and share it with the world. Anyone interested may download it from the link below.

The package is limited to the Nexus 5 handset and the KitKat release in three ways:
  1. The updater-script checks the device and refuses to install if it is not identified as a "hammerhead" device (the Nexus 5 code name);
  2. The updater-script uses the set_metadata method for updating the file permissions once the package is extracted, which is not compatible with pre-KitKat recovery systems; and
  3. The scripts installed by the package may make assumptions specific to the Nexus 5 stock ROM.
These obstacles are not insurmountable given enough experience or persistence, but please be aware that you are on your own should you choose to try this where it is not intended.

Furthermore, consider yourself on your own no matter what your situation. I'll make reasonable efforts to assist, but reasonable efforts are very minimal given that I am not doing this for compensation. All comers are assumed to be competent and able to manage this on their own. At minimum, your skills should include:
  1. an understanding of how to configure public key authentication with OpenSSH and any third party SSH client. This package does not include support for password authentication (a limitation imposed by Android design); and
  2. knowledge of how to get around in the shell, including basic knowledge of Unix commands.
It should go without saying that your phone will also need a good terminal app.

With all that out of the way, the link you have been waiting for is just a few lines further. Before you flash the ZIP file I recommend having a look at:
  • the USAGE file;
  • the README file, if you are interested in more details about the current version of OpenSSH offered in the package; and
  • the LICENCE file, so that you can see all the fine and good people that have contributed to OpenSSH over the years.
These documentation files are also installed in the folder "/data/.ssh", but they are much easier to read on a computer monitor. The files are Unix encoded text files, so you may need to view them in your browser if you are using a Windows OS. No preview of text files on Google Drive. Can you believe it?! Really Google?!.

Flash the ZIP file in the usual manner: Nexus 5 OpenSSH package.


  1. Replies
    1. Unlike SSHDroid, this has no "PRO" version that must be purchased to get all the features. Plus, I trust my security more to the OpenSSH developers, who release their source code with a solid track record, than to some random person on the Play store.

  2. Hi, can you update this for Lollipop? I've tried and failed (SELinux problem, i guess)

    1. Sorry, I simply pulled binaries from the latest CyanogenMod 11 build and then created the package using those files. I suspect that you will need to port the source code from CM 11 and build it for Lollipop to get working binaries. Otherwise, you will need to wait for a build of CM 12 and then build a new package from that OpenSSH build.

      I don't plan to move to Lollipop until Xposed Framework and GravityBox (or something similar) is ported to Lollipop. I loose too much desired functionality if I "upgrade" to Lollipop now. As such, I am not in a position to test your SELinux theory. If you find that SELinux is the only impediment to getting this package working, please feel free to report back your findings and fix.

      Such is the risk of living on the bleeding edge, I suppose. Good luck!

  3. I think this is an informative post and it is very useful and knowledgeable. therefore, I would like to thank you for the efforts you have made in writing this article. best android phones under 9000 in india

  4. I’m going to read this. I’ll be sure to come back. thanks for sharing. and also This article gives the light in which we can observe the reality. this is very nice one and gives indepth information. thanks for this nice article... best mobile smartphone under 4000