feat: Add SSH service for local VSCode Remote-SSH access

Add SSH server support to agent-server containers, enabling users to connect
via their local VSCode with the Remote-SSH extension.

## Changes

### Dockerfile
- Install openssh-server package
- Generate SSH host keys (ed25519, rsa, ecdsa) at build time
- Configure sshd for non-root operation (port 2222, key-based auth)
- Set proper permissions on host keys for openhands group

### SSH Service (ssh_service.py)
- New service to manage SSH server lifecycle
- Populates ~/.ssh/authorized_keys from OH_SSH_PUBLIC_KEYS env var
- Starts sshd as non-root user on port 2222
- Integrated with agent-server startup

### Configuration
- Add SSH_PORT (default: 2222) to config
- Add OH_SSH_PUBLIC_KEYS environment variable support

## Technical Details

- SSH server runs on port 2222 (non-privileged)
- Host keys readable by openhands group (mode 640)
- PAM disabled (requires root)
- Public key authentication preferred
- Password authentication available as fallback

Co-authored-by: openhands <openhands@all-hands.dev>

Author: openhands-agent

openhands-agent-server/openhands/agent_server/api.py

@@ -39,6 +39,7 @@
 from openhands.agent_server.tool_router import tool_router
 from openhands.agent_server.vscode_router import vscode_router
 from openhands.agent_server.vscode_service import get_vscode_service
+from openhands.agent_server.ssh_service import get_ssh_service
 from openhands.sdk.logger import DEBUG, get_logger
 
 
@@ -51,6 +52,7 @@ async def api_lifespan(api: FastAPI) -> AsyncIterator[None]:
     vscode_service = get_vscode_service()
     desktop_service = get_desktop_service()
     tool_preload_service = get_tool_preload_service()
+    ssh_service = get_ssh_service()
 
     # Define async functions for starting each service
     async def start_vscode_service():
@@ -87,11 +89,22 @@ async def start_tool_preload_service():
         else:
             logger.info("Tool preload service is disabled")
 
+    async def start_ssh_service():
+        if ssh_service is not None:
+            ssh_started = await ssh_service.start()
+            if ssh_started:
+                logger.info("SSH service started successfully")
+            else:
+                logger.warning("SSH service failed to start, continuing without SSH")
+        else:
+            logger.info("SSH service is disabled")
+
     # Start all services concurrently
     results = await asyncio.gather(
         start_vscode_service(),
         start_desktop_service(),
         start_tool_preload_service(),
+        start_ssh_service(),
         return_exceptions=True,
     )
 

openhands-agent-server/openhands/agent_server/config.py

@@ -152,6 +152,16 @@ class Config(BaseModel):
         default=False,
         description="Whether to enable VNC desktop functionality",
     )
+    enable_ssh: bool = Field(
+        default=True,
+        description="Whether to enable SSH server functionality for local VSCode Remote-SSH access",
+    )
+    ssh_port: int = Field(
+        default=2222,
+        ge=1,
+        le=65535,
+        description="Port on which SSH server should run",
+    )
     preload_tools: bool = Field(
         default=True,
         description="Whether to preload tools",

openhands-agent-server/openhands/agent_server/docker/Dockerfile

@@ -227,11 +227,46 @@ RUN chown -R ${USERNAME}:${USERNAME} ${NOVNC_WEB}
 # Override default XFCE wallpaper
 COPY --chown=${USERNAME}:${USERNAME} openhands-agent-server/openhands/agent_server/docker/wallpaper.svg /usr/share/backgrounds/xfce/xfce-shapes.svg
 
+# --- SSH Server for local VSCode Remote-SSH access ---
+ARG SSH_PORT=2222
+RUN set -eux; \
+    apt-get update; \
+    apt-get install -y --no-install-recommends openssh-server; \
+    apt-get clean; rm -rf /var/lib/apt/lists/*; \
+    # Create SSH runtime directory
+    mkdir -p /run/sshd; \
+    chmod 755 /run/sshd; \
+    # Generate host keys
+    ssh-keygen -A; \
+    # Make host keys readable by openhands user so sshd can run without root
+    chmod 644 /etc/ssh/ssh_host_*_key.pub; \
+    chmod 640 /etc/ssh/ssh_host_*_key; \
+    chgrp ${USERNAME} /etc/ssh/ssh_host_*_key; \
+    # Configure sshd for both password and public key authentication
+    sed -i 's/#PasswordAuthentication yes/PasswordAuthentication yes/' /etc/ssh/sshd_config; \
+    sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/' /etc/ssh/sshd_config; \
+    sed -i 's/#PubkeyAuthentication yes/PubkeyAuthentication yes/' /etc/ssh/sshd_config; \
+    sed -i 's/#AuthorizedKeysFile/AuthorizedKeysFile/' /etc/ssh/sshd_config; \
+    # Configure SSH to listen on custom port (non-privileged port, no root needed)
+    sed -i "s/#Port 22/Port ${SSH_PORT}/" /etc/ssh/sshd_config; \
+    echo "Port ${SSH_PORT}" >> /etc/ssh/sshd_config; \
+    # Allow sshd to run on non-privileged port without root
+    sed -i 's/#UsePAM yes/UsePAM no/' /etc/ssh/sshd_config; \
+    # Set password for openhands user (password: "openhands")
+    echo "${USERNAME}:openhands" | chpasswd; \
+    # Create SSH directory for openhands user
+    mkdir -p /home/${USERNAME}/.ssh; \
+    chmod 700 /home/${USERNAME}/.ssh; \
+    touch /home/${USERNAME}/.ssh/authorized_keys; \
+    chmod 600 /home/${USERNAME}/.ssh/authorized_keys; \
+    chown -R ${USERNAME}:${USERNAME} /home/${USERNAME}/.ssh
+ENV SSH_PORT=${SSH_PORT}
+
 USER ${USERNAME}
 WORKDIR /
 ENV OH_ENABLE_VNC=false
 ENV LOG_JSON=true
-EXPOSE ${PORT} ${NOVNC_PORT}
+EXPOSE ${PORT} ${NOVNC_PORT} ${SSH_PORT}
 
 
 ####################################################################################

openhands-agent-server/openhands/agent_server/ssh_service.py

@@ -0,0 +1,204 @@
+"""SSH service for managing sshd in the agent server."""
+
+import asyncio
+import os
+from pathlib import Path
+
+from openhands.sdk.logger import get_logger
+
+
+logger = get_logger(__name__)
+
+SSH_PORT = 2222
+SSH_PUBLIC_KEYS_ENV = "OH_SSH_PUBLIC_KEYS"
+
+
+class SSHService:
+    """Service to manage SSH server startup."""
+
+    def __init__(self, port: int = SSH_PORT):
+        """Initialize SSH service.
+
+        Args:
+            port: Port to run SSH server on (default: 2222)
+        """
+        self.port: int = port
+        self.process: asyncio.subprocess.Process | None = None
+
+    def _setup_authorized_keys(self) -> int:
+        """Set up authorized_keys file from environment variable.
+
+        Returns the number of keys added.
+        """
+        ssh_keys_str = os.environ.get(SSH_PUBLIC_KEYS_ENV, "")
+        if not ssh_keys_str:
+            return 0
+
+        # SSH keys are passed as newline-separated values
+        ssh_keys = [k.strip() for k in ssh_keys_str.split("\n") if k.strip()]
+        if not ssh_keys:
+            return 0
+
+        # SSH directory for openhands user
+        ssh_dir = Path("/home/openhands/.ssh")
+
+        # Create .ssh directory if it doesn't exist
+        ssh_dir.mkdir(parents=True, exist_ok=True)
+        os.chmod(ssh_dir, 0o700)
+
+        # Write authorized_keys file
+        authorized_keys_path = ssh_dir / "authorized_keys"
+        with open(authorized_keys_path, "w") as f:
+            for key in ssh_keys:
+                f.write(f"{key}\n")
+
+        os.chmod(authorized_keys_path, 0o600)
+
+        # Try to set correct ownership (may fail if not root)
+        try:
+            import pwd
+
+            pw = pwd.getpwnam("openhands")
+            os.chown(ssh_dir, pw.pw_uid, pw.pw_gid)
+            os.chown(authorized_keys_path, pw.pw_uid, pw.pw_gid)
+        except (KeyError, PermissionError):
+            pass
+
+        logger.info(f"Added {len(ssh_keys)} SSH public key(s) to authorized_keys")
+        return len(ssh_keys)
+
+    async def start(self) -> bool:
+        """Start the SSH server.
+
+        Returns:
+            True if started successfully, False otherwise
+        """
+        try:
+            # Check if sshd binary exists
+            if not self._check_sshd_available():
+                logger.warning("sshd binary not found, SSH will be disabled")
+                return False
+
+            # Check if port is available
+            if not await self._is_port_available():
+                logger.warning(
+                    f"Port {self.port} is not available, SSH will be disabled"
+                )
+                return False
+
+            # Set up authorized_keys from environment variable
+            num_keys = self._setup_authorized_keys()
+
+            # Start sshd in the foreground (will be managed by this process)
+            await self._start_sshd_process()
+
+            if num_keys > 0:
+                logger.info(
+                    f"SSH server started on port {self.port} with {num_keys} authorized key(s). "
+                    f"Connect using: ssh -p {self.port} openhands@<host>"
+                )
+            else:
+                logger.info(
+                    f"SSH server started on port {self.port}. "
+                    f"Connect using: ssh -p {self.port} openhands@<host> (password: openhands)"
+                )
+            return True
+
+        except Exception as e:
+            logger.error(f"Failed to start SSH server: {e}")
+            return False
+
+    async def stop(self) -> None:
+        """Stop the SSH server."""
+        if self.process:
+            try:
+                self.process.terminate()
+                await asyncio.wait_for(self.process.wait(), timeout=5.0)
+                logger.info("SSH server stopped successfully")
+            except TimeoutError:
+                logger.warning("SSH server did not stop gracefully, killing process")
+                self.process.kill()
+                await self.process.wait()
+            except Exception as e:
+                logger.error(f"Error stopping SSH server: {e}")
+            finally:
+                self.process = None
+
+    def is_running(self) -> bool:
+        """Check if SSH server is running.
+
+        Returns:
+            True if running, False otherwise
+        """
+        return self.process is not None and self.process.returncode is None
+
+    def _check_sshd_available(self) -> bool:
+        """Check if sshd binary is available.
+
+        Returns:
+            True if available, False otherwise
+        """
+        return Path("/usr/sbin/sshd").exists()
+
+    async def _is_port_available(self) -> bool:
+        """Check if the specified port is available.
+
+        Returns:
+            True if port is available, False otherwise
+        """
+        try:
+            # Try to bind to the port
+            server = await asyncio.start_server(
+                lambda _r, _w: None, "0.0.0.0", self.port
+            )
+            server.close()
+            await server.wait_closed()
+            return True
+        except OSError:
+            return False
+
+    async def _start_sshd_process(self) -> None:
+        """Start the sshd server process."""
+        # Run sshd in foreground mode (-D) on the specified port
+        cmd = f"/usr/sbin/sshd -D -p {self.port}"
+
+        # Start the process
+        self.process = await asyncio.create_subprocess_shell(
+            cmd,
+            stdout=asyncio.subprocess.PIPE,
+            stderr=asyncio.subprocess.STDOUT,
+        )
+
+        # Give sshd a moment to start and check if it's still running
+        await asyncio.sleep(0.5)
+
+        if self.process.returncode is not None:
+            # Process already exited - there was an error
+            if self.process.stdout:
+                output = await self.process.stdout.read()
+                logger.error(f"sshd failed to start: {output.decode()}")
+            raise RuntimeError(f"sshd exited with code {self.process.returncode}")
+
+
+# Global SSH service instance
+_ssh_service: SSHService | None = None
+
+
+def get_ssh_service() -> SSHService | None:
+    """Get the global SSH service instance.
+
+    Returns:
+        SSH service instance if enabled, None if disabled
+    """
+    global _ssh_service
+    if _ssh_service is None:
+        from openhands.agent_server.config import get_default_config
+
+        config = get_default_config()
+
+        if not config.enable_ssh:
+            logger.info("SSH is disabled in configuration")
+            return None
+        else:
+            _ssh_service = SSHService(port=config.ssh_port)
+    return _ssh_service