mac-termux-ssh-setup.md

Complete Guide: SSH from Android Termux to Mac using NordVPN Mesh

This guide covers setting up SSH access from Android Termux to macOS, including NordVPN Mesh configuration for remote access.

Table of Contents

• Prerequisites
• Mac Setup
• NordVPN Mesh Setup
• Termux Setup
• SSH Key Configuration
• Connection Methods
• Troubleshooting
• Security Tips

Prerequisites

• macOS with admin access
• Android device with Termux installed
• NordVPN subscription (for Mesh feature)
• Local network access (for initial setup)

Mac Setup

1. Enable SSH on Mac

1. Open System Settings → General → Sharing
2. Toggle ON "Remote Login"
3. Note which users are allowed (select "All users" or specific users)

2. Install NordVPN (if not already installed)

brew install --cask nordvpn

3. Verify SSH Configuration

Check SSH daemon settings:

cat /etc/ssh/sshd_config | grep -E "PubkeyAuthentication|PasswordAuthentication|AuthorizedKeysFile" | grep -v "^#"

Expected output:

AuthorizedKeysFile	.ssh/authorized_keys

4. Prepare SSH Directory

# Create SSH directory if it doesn't exist
mkdir -p ~/.ssh
chmod 700 ~/.ssh

# Create authorized_keys file
touch ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys

5. Get Mac Information

# Get username
whoami

# Get hostname
hostname

# Get local IP address
ifconfig | grep -E "inet " | grep -v 127.0.0.1

NordVPN Mesh Setup

On Mac:

1. Open NordVPN application
2. Log in with your credentials
3. Go to Settings → Meshnet
4. Toggle Meshnet ON
5. Note your device's Mesh name (usually shows as hostname)
6. Keep NordVPN running

On Android:

1. Install NordVPN from Google Play Store
2. Log in with the same account
3. Go to Settings → Meshnet
4. Enable Meshnet
5. Find your Mac in the device list
6. Enable route traffic for the Mac device

Termux Setup

1. Install Required Packages

# Update package repository
pkg update && pkg upgrade -y

# Install OpenSSH
pkg install openssh -y

# Install additional tools (optional)
pkg install openssh-tools -y

2. Generate SSH Key Pair

# Create SSH directory
mkdir -p ~/.ssh
chmod 700 ~/.ssh

# Generate ED25519 key (recommended)
ssh-keygen -t ed25519 -C "termux@android"

When prompted:

• File location: Press Enter for default
• Passphrase: Leave empty for passwordless (or set one for extra security)

3. Display Your Public Key

cat ~/.ssh/id_ed25519.pub

Copy the entire output (starts with ssh-ed25519)

SSH Key Configuration

Method 1: Manual Copy-Paste

1. On Termux: Copy the public key output from above
2. On Mac: Add the key to authorized_keys:

# On Mac
echo "YOUR_TERMUX_PUBLIC_KEY_HERE" >> ~/.ssh/authorized_keys

Method 2: Using ssh-copy-id

From Termux (requires password once):

# Using local IP
ssh-copy-id [email protected]

# Or using Meshnet
ssh-copy-id [email protected]

Method 3: One-liner Command

From Termux (requires password once):

cat ~/.ssh/id_ed25519.pub | ssh [email protected] "cat >> ~/.ssh/authorized_keys"

4. Verify Permissions

On Mac:

ls -la ~/.ssh/
# Should show:
# drwx------ for .ssh directory
# -rw------- for authorized_keys

Connection Methods

1. Direct Connection (Same Network)

ssh [email protected]

2. Using NordVPN Meshnet (Remote Access)

ssh [email protected]

3. Create SSH Config for Easy Access

In Termux, create ~/.ssh/config:

cat > ~/.ssh/config << EOF
Host mac
    HostName 192.168.4.52
    User sandeepvishnu
    IdentityFile ~/.ssh/id_ed25519
    IdentitiesOnly yes

Host mac-mesh
    HostName your-mac-name.nord
    User sandeepvishnu
    IdentityFile ~/.ssh/id_ed25519
    IdentitiesOnly yes
EOF

chmod 600 ~/.ssh/config

Now connect with:

ssh mac        # Local network
ssh mac-mesh   # Via Meshnet

Troubleshooting

SSH Still Asking for Password

1. Check verbose output:

   ssh -vvv [email protected]

2. Verify SSH agent (Termux):

   eval $(ssh-agent)
   ssh-add ~/.ssh/id_ed25519
   ssh-add -l  # Should show your key

3. Restart SSH service (Mac):

   sudo launchctl stop com.openssh.sshd
   sudo launchctl start com.openssh.sshd

4. Check file permissions (Mac):

   ls -ld ~
   ls -la ~/.ssh/
   # Home directory should not be writable by others
   # .ssh should be 700, authorized_keys should be 600

5. Specify identity file explicitly:

   ssh -i ~/.ssh/id_ed25519 [email protected]

Connection Refused

1. Verify SSH is enabled in Mac System Settings
2. Check firewall settings:
   • System Settings → Network → Firewall
   • Ensure "Block all incoming connections" is OFF
3. Verify both devices are on Meshnet

Connection Timeout

1. Ensure both devices have NordVPN running
2. Check Meshnet is enabled on both
3. Verify devices are linked in Meshnet
4. Try using local IP first to test

Permission Denied

1. Check username is correct
2. Verify user has SSH access in Mac settings
3. Check authorized_keys has correct content
4. Look for ACL issues: ls -ld ~ | grep +

Security Tips

1. Use Strong SSH Keys

• ED25519 is recommended over RSA
• Consider using a passphrase for the private key

2. Limit SSH Access

• Only allow specific users
• Consider changing default SSH port
• Use fail2ban or similar for brute-force protection

3. Keep Software Updated

# Mac
brew update && brew upgrade

# Termux
pkg update && pkg upgrade

4. Monitor Access

# Check SSH logs on Mac
log show --predicate 'process == "sshd"' --last 1h

5. Disable Password Authentication (Optional)

Once key-based auth works, edit /etc/ssh/sshd_config:

PasswordAuthentication no
PubkeyAuthentication yes

Quick Reference

Mac Info (example)

• Username: sandeepvishnu
• Hostname: Personal-MacBook-Pro.local
• Local IP: 192.168.4.52
• Mesh name: personal-macbook-pro.nord

Essential Commands

# Generate SSH key (Termux)
ssh-keygen -t ed25519

# Copy key to Mac
ssh-copy-id user@host

# Connect with verbose output
ssh -v user@host

# Connect via Meshnet
ssh [email protected]

# List active SSH sessions (Mac)
who | grep pts

Additional Resources

• Termux Wiki - SSH
• NordVPN Meshnet Documentation
• OpenSSH Documentation
• macOS SSH Setup Guide