Skip to content

SSH access

OrbStack includes a built-in SSH server that can be used to access all Linux machines. This makes it easy to use tools that work with SSH, such as Ansible and Visual Studio Code remote editing.

The server is automatically added to your SSH config as the orb host for easy access.


The SSH server is primarily intended for use with other tools. For interactive use, the orb command provide a more seamless experience.


To log in to the default machine:

ssh orb
ssh orb

To use a specific machine or user:

ssh machine@orb
ssh user@orb
ssh user@machine@orb
ssh machine@orb
ssh user@orb
ssh user@machine@orb

Use orb default to change the default machine.

Remote code editors

To develop in Linux, you can use the SSH server with code editors or IDEs that support remote development, such as Visual Studio Code.

VS Code

Install the Remote - SSH extension and connect to the orb host.


Connect to the orb host.

JetBrains IDEs

Use the host, port, user, and key below.

Connection details

For apps that don't use OpenSSH, you can use the following connection details:

  • Host: localhost
  • Port: 32222
  • User: default (or any of the examples above)
  • Private key: ~/.orbstack/ssh/id_ed25519

For security, password authentication is disabled and a unique private key is generated for use with OrbStack. You can replace or symlink the private and public keys in ~/.orbstack/ssh and restart the app to use your own keys.


To use Ansible to configure OrbStack machines, specify hosts like this in the inventory:

ubuntu@orb  ansible_user=ubuntu
ubuntu@orb  ansible_user=ubuntu

where ubuntu is the name of the machine.

Remote access

For security, OrbStack's SSH server only allows connections from localhost. If you want to access the server from another device, you can use SSH port forwarding or install your own SSH server in your Linux machine.


OrbStack's SSH server only accepts public/private key authentication. It generates a keypair specifically for this purpose at ~/.orbstack/ssh/id_ed25519. You can replace it with a link to your preferred key.

To add additional authorized keys, edit ~/.orbstack/ssh/authorized_keys and restart OrbStack. You can also symlink it to ~/.ssh/authorized_keys to authorize the same keys as your Mac.

ECDSA and RSA keys are supported in authorized_keys, and id_ed25519 can also be symlinked to a key of any type. This is useful for FIPS compliance.

Port forwarding

Port forwarding is typically unnecessary because OrbStack already makes servers accessible from Mac via localhost, but SSH port forwarding with -L and -R is also supported.

Agent forwarding

OrbStack forwards your SSH agent to Linux machines automatically. There's no need to use agent forwarding with the SSH server.