Bundling OpenSSH with an app

I am working on an app which will need to include a native OpenSSH binary.

In order to build OpenSSH from source, I also need to provide OpenSSL (or LibreSSL) and zlib. However, building them for Android is not straightforward, to say the least. On the other hand, F-Droid doesn’t like binary blobs (for a good reason) – so shipping a prebuilt binary (if I can find one at all) isn’t particularly nice either.


  • The Android NDK includes a prebuilt version of zlib – would it be OK to include that in an app that i to be made available via F-Droid?
  • A prebuilt OpenSSL is available as a native dependency in Android Studio.
    • Would it be OK for F-Droid to use that?
    • If yes, I would probably have to use it in a different way than Google intended: download the dependency, then launch a native build for OpenSSH and point it to the dependency, and only then launch Gradle to build the final app – is that doable? How?
  • Does anyone know of an app that already does that in a way that is compatible with F-Droid’s guidelines, and in a way which can easily be copied in another app (preferably without too many bells and whistles – just the bare minimum to get OpenSSH and its dependencies to build for Android) – or a step-by-step instruction on how to accomplish this?

We have apps that build openssl… it’s not hard.

Can you give some examples?

grep -i openssl metadata/*.yml


Thanks, ru.evgeniy.dpitunnel.yml did indeed have a working build recipe for the OpenSSL library, at least in the sense that the build completes without errors.

Unfortunately, that still leaves me with having to build OpenSSH itself. Grepping build recipes did not provide anything useful… anyone have any pointers for me?

No idea on openssh, just build as you’d do… but for Android. See the openssh documentation for this platform I guess.

Most apps use libs such as GitHub - hierynomus/sshj: ssh, scp and sftp for java instead of openssh. You can take a look at GitHub - PhateValleyman/MagiskSSH.

1 Like

Thanks, MagiskSSH indeed got me one step further. I really need an SSH binary, since it is going to be called by another ported Unix binary.

After a lot of try and error, it seems that OpenSSH is not compatible with the Android toolchain as of now. OpenSSL and zlib can be built with the toolchain, but OpenSSH will run into build errors unless it is carefully hand-massaged.

MagiskSSH seems to do that. While I am somewhat reluctant to include “some OpenSSH fork” or “some project that builds a slightly modified OpenSSH”, since you never know for how long these projects are going to stay around, MagiskSSH currently seems the most feasible solution.

As of this writing, ee5c721 (which should correspond to release 0.15, the latest as of this writing) is the latest version that builds successfully.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.