SSH access

OrbStack includes a built-in SSH server that can be used to access all Linux machines. This makes it easy to use tools that work with SSH, such as Ansible and Visual Studio Code remote editing.

The server is automatically added to your SSH config as the orb host for easy access.

TIP

The SSH server is primarily intended for use with other tools. For interactive use, the orb command provide a more seamless experience.

Examples

To log in to the default machine:

bash

ssh orb

ssh orb

To use a specific machine or user:

bash

ssh machine@orb
ssh user@orb
ssh user@machine@orb

ssh machine@orb
ssh user@orb
ssh user@machine@orb

Use orb default to change the default machine.

Remote code editors

To develop in Linux, you can use the SSH server with code editors or IDEs that support remote development, such as Visual Studio Code.

VS Code

Install the Remote - SSH extension and connect to the orb host.

Fleet

Connect to the orb host.

JetBrains IDEs

Use the host, port, user, and key below.

Connection details

For apps that don't use OpenSSH, you can use the following connection details:

Host: localhost
Port: 32222
User: default (or any of the examples above)
Private key: ~/.orbstack/ssh/id_ed25519

For security, password authentication is disabled and a unique private key is generated for use with OrbStack. You can replace or symlink the private and public keys in ~/.orbstack/ssh and restart the app to use your own keys.

Ansible

To use Ansible to configure OrbStack machines, specify hosts like this in the inventory:

ini

[servers]
ubuntu@orb  ansible_user=ubuntu

[servers]
ubuntu@orb  ansible_user=ubuntu

where ubuntu is the name of the machine.

To specify a username:

ini

[servers]
root@ubuntu@orb ansible_user=root@ubuntu

[servers]
root@ubuntu@orb ansible_user=root@ubuntu

Remote access

For security, OrbStack's SSH server only allows connections from localhost. If you want to access the server from another device, you can use SSH port forwarding or install your own SSH server in your Linux machine.

Authentication

OrbStack's SSH server only accepts public/private key authentication. It generates a keypair specifically for this purpose at ~/.orbstack/ssh/id_ed25519. You can replace it with a link to your preferred key.

To add additional authorized keys, edit ~/.orbstack/ssh/authorized_keys and restart OrbStack. You can also symlink it to ~/.ssh/authorized_keys to authorize the same keys as your Mac.

ECDSA and RSA keys are supported in authorized_keys, and id_ed25519 can also be symlinked to a key of any type. This is useful for FIPS compliance.

Port forwarding

Port forwarding is typically unnecessary because OrbStack already makes servers accessible from Mac via localhost, but SSH port forwarding with -L and -R is also supported.

Agent forwarding

OrbStack forwards your SSH agent to Linux machines automatically. There's no need to use agent forwarding with the SSH server.

SSH access ​

Examples ​

Remote code editors ​

VS Code ​

Fleet ​

JetBrains IDEs ​

Connection details ​

Ansible ​

Remote access ​

Authentication ​

Port forwarding ​

Agent forwarding ​