Steam Deck `ssh` instructions

steamdeck_ssh_instructions.md

These are manual instructions on enabling SSH access on your Steam Deck, adding public key authentication, and removing the need for a sudo password for the main user (deck).

This gist assumes the following:

• you have a Steam Deck
• you have a home PC with access to a Linux shell that can ssh, ssh-keygen, and ssh-copy-id
• your Steam Deck and home PC are on the same local network, with standard SSH traffic (tcp/22) allowed over that network from the PC to the Steam Deck

NOTE: @crackelf on reddit mentions that steamOS updates blow away everything other than /home, which may have the following effects:

• removing the systemd config for sshd.service, which would prevent the service from automatically starting on boot
• removing the sudoers.d config, which would reenable passwords for sudo

---

Instructions:

• On your Steam Deck, switch to "Desktop Mode" (Steam > Power > Switch to Desktop)
• On your Steam Deck, open a terminal (eg Steam Icon > System > Konsole or Steam Icon > System > fish)
• On your Steam Deck, set a temporary passwd for the current user, deck (use Steam + X On your Steam Deck to bring up the on-screen keyboard):

(deck@steamdeck ~)$ passwd
New password:
Retype new password:
passwd: password updated successfully

• On your Steam Deck, enable and start the sshd.service (use the password above when prompted):

(deck@steamdeck ~)$ sudo systemctl enable sshd.service
Created symlink /etc/systemd/system/multi-user.target.wants/sshd.service → /usr/lib/systemd/system/sshd.service.
(deck@steamdeck ~)$ sudo systemctl start sshd.service

• On your Steam Deck, determine your steamdeck's LAN IP:

(deck@steamdeck ~)$ ip addr | grep inet | grep wlan0
    inet 192.168.1.106/24 brd 192.168.1.255 scope global dynamic noprefixroute wlan0

• On your PC, verify you can ssh into the Steam Deck using your password:

[andygeorge@home-pc ~]$ ssh -o PreferredAuthentications=password -o PubkeyAuthentication=no deck@192.168.1.106
deck@192.168.1.106's password:
Last login: Thu Jul 21 12:51:20 2022 from 192.168.1.115
(deck@steamdeck ~)$

• On your PC, generate an SSH keypair to use for authentication, eg:

[andygeorge@home-pc ~]$ ssh-keygen -t ed25519 -C "email@example.com"
Generating public/private ed25519 key pair.
Enter file in which to save the key (/home/andygeorge/.ssh/id_ed25519): /home/andygeorge/.ssh/steamdeck_ed25519
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/andygeorge/.ssh/steamdeck_ed25519
Your public key has been saved in /home/andygeorge/.ssh/steamdeck_ed25519.pub
The key fingerprint is:
SHA256:k email@example.com
The key's randomart image is:
k

This will create two files, a private SSH key file, and its corresponding public key with a .pub extension:

[andygeorge@home-pc ~]$ ls -al ~/.ssh/steamdeck*
-rw------- 1 andygeorge andygeorge 411 Jul 21 12:42 /home/andygeorge/.ssh/steamdeck_ed25519
-rw-r--r-- 1 andygeorge andygeorge 100 Jul 21 12:42 /home/andygeorge/.ssh/steamdeck_ed25519.pub

• On your PC, run ssh-copy-id to copy the public key of the keypair you generated above to the Steam Deck (using the password you created above):

[andygeorge@home-pc ~]$ ssh-copy-id -i ~/.ssh/steamdeck_ed25519.pub deck@192.168.1.106
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/andygeorge/.ssh/steamdeck_ed25519.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
deck@192.168.1.106's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'deck@192.168.1.106'"
and check to make sure that only the key(s) you wanted were added.

• On your PC, test the SSH using key auth:

[andygeorge@home-pc ~]$ ssh -i ~/.ssh/steamdeck_ed25519 deck@192.168.1.106
Last login: Thu Jul 21 13:32:25 2022 from 192.168.1.115
(deck@steamdeck ~)$

• On your Steam Deck, disable the sudo password for your deck user:

(deck@steamdeck ~)$ echo "%wheel ALL=(ALL) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/wheel >/dev/null

• On your Steam Deck, delete your deck user's password:

(deck@steamdeck ~)$ sudo passwd -d deck
passwd: password expiry information changed.

---

You should now be able to ssh in using key auth and sudo without a password!

Thanks for this! If you wanted an easy way to reset this after updates, I think all you would need to do is leave the root password set (just not required, so skip the last step) and do:

touch ~/Desktop/EnableSSH.sh && chmod +x ~/Desktop/EnableSSH.sh && tee -a ~/Desktop/EnableSSH.sh << END
#!/bin/bash
sudo systemctl enable sshd.service
sudo systemctl start sshd.service
echo "%wheel ALL=(ALL) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/wheel >/dev/null
END

You could also add a .desktop file and make it point to any scripts to run after install (or make a single script which branches out, etc.) so all you need to do is double click + enter password:

tee ~/Desktop/AfterUpdates.desktop << END
#!/usr/bin/env xdg-open
[Desktop Entry]
Type=Application
Encoding=UTF-8
Name=AfterUpdates
Exec=pkexec ~/Desktop/EnableSSH.sh
Terminal=false
END

I would suggest as an optional recommendation to update ~/.ssh/config file as well.
Something simple to avoid userName specification and ed25519 path:

HostName 192.168.1.106
	User deck
	IdentityFile ~/.ssh/steamdeck_ed25519