Comment on page

SSH Access

To enable secure access to your device, we use public-key cryptography rather than a default username and password.
In short this means that you generate what’s known as a key-pair. The pair is made up of two files - a public key and a private key. The public key is transferred to your device, and only your private key will be able to log in to it. Your private key is like an extremely secure password and you should never share this with anyone.

Generating a key-pair


  1. 1.
    Open your terminal and run: ssh-keygen -t rsa
  2. 2.
    You will be asked where to save your new key-pair Leave this blank if you would like to use the default location /home/user/.ssh/id_rsa
  3. 3.
    You can optionally add a passphrase. This is an additional layer of security that will require you to enter your passphrase when using your private key.
  4. 4.
    If you selected the default file path you will have two new files: /home/user/.ssh/id_rsa is your private key - again do not share this. /home/user/.ssh/ is your public key - this can be shared.

Public Key Contents

If you read the contents of your public key it will look something like this:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSUOctoVJ5nwQO0I9c8gIK0ijYbOCZKdVmAu8jG0Znl2zvZLFYI7bGFbt/Rr8vjFVh4I2srFB52duirX53LtZF2ZUKMI+8ivaLk+pD7M0WL+sbG1jU2S/IdCUi7HmZ/fSp89UJb23i9Q9AINFdw+0spCjJSWB8+3wGQ4bPUSbNLCtsYv1anO+B26PIN5E9R0X84IVq+x41B1swvlUt15zfMwA7Jhl5fJgl6XzhNYcMdH/qp+r7Ij2d7NM9YR6/yva4/QLqzbPCoelxJLpVHKZ0ZLnhvYOoxRbLbU46AgTljGM3Z7rcvxm2Vl107ZojljuvF6cMXM4NU4peVimn5XOP gez@example This includes three things:
  • The encryption protocol used - ssh-rsa
  • The public key - a seemingly random string
  • An identifier of the creator - gez@example

Adding your public key to your Mycroft account

Now that you have your key-pair setup, you can add it to any of your Mycroft devices at:
Your Mark II device will then fetch this public key from your Mycroft account.

SSH in to your device

With your public key on your Mark II, and your private key remaining securely on your local machine, you can now SSH into the device.
You can find the IP address of your device by saying "Hey Mycroft, what is my IP Address?".
ssh -p 8222 mycroft@YOUR_IP
You will now be logged in as the mycroft user, with the virtual environment active. Your prompt should look like:
(.venv) mycroft@localhost:~Remove
From here you can interact with the device as you would any other Linux system.

Multiple containers

There are 3 areas that make up the operating system on your Mark II:
  • mycroft container - contains everything you would expect and is built on a base of Ubuntu 20.04.
  • awconnect container - contains the WiFi setup application and manages the network connections.
  • _pv_ (Pantavisor) initrd view - boots the system, manages the other containers as well as updates.
You can SSH into both of these containers and the initrd view by using the container name as the username. For example to SSH into awconnect you would run:
ssh -p 8222 awconnect@YOUR_IP
Or to SSH into the Pantavisor initrd view you would run:
ssh -p 8222 _pv_@YOUR_IP
There is also a BSP layer that can be mounted for inspection on another machine. This contains the kernel, modules and firmware.

Transfer files to or from your device

Now that you have SSH access, you can transfer files to and from your device using scp.To do this, we also need to use the port 8222, however unlike ssh the scp command uses the uppercase -P flag 🤷
Lets transfer my_file from our computer, to the Mark II device:
scp -P 8222 my_file mycroft@YOUR_IP:/destination/path/
We can also transfer files in the other direction. Let's grab all of the Mycroft log files in one command using the -r recursive flag:
scp -rP 8222 mycroft@YOUR_IP:/var/log/mycroft /destination/path/