# sshnpd configuration ### TL;DR ``` sshnpd -m @<_client> -a @<_device> -d ``` {% hint style="info" %} Replace the \ with your specific atSign details {% endhint %} ### Overview sshnpd is the daemon that runs on a device to facilitate access using NoPorts. ### The three main parameters These mainly mirror the parameters from [sshnp](/usage/basic-usage-1.md), but there's one fewer as the socket rendezvous is only ever set by the client. ### 1. -a, --atsign This argument is the device address, a.k.a. the to address, since this is the address that the device is associated with. This argument is mandatory, in the form of an atSign. For example: ``` sshnpd ... -a @alice_device ... ``` ### 2a. -m, --manager, --managers This is the address of the client(s) that will be allowed to connect to the device. For example: ``` sshnpd ... -m @alice_client ... ``` ### 2b. -p, --policy-manager As an alternative to defining a list of managers a policy manager can be used, and the policy defined on that manager will describe which clients are allowed to connect. For example: ``` sshnpd ... -p @alice_policy ... ``` ### 3. -d, --device The device name. This is used to associate multiple devices with the same atSign. By default the value is `default` so unless you want that as the device name you will need to include this parameter. For example: ``` sshnpd ... -d my_device ... ``` ### Putting it all together An example of a complete command might look like this: ``` sshnpd -a @alice_device -m @alice_client -d my_server ``` ### Running the daemon as a service The daemon should normally be run as a service so that it starts up automatically and can be restarted if it should fail. Most mainstream Linux distributions use [systemd](https://en.wikipedia.org/wiki/Systemd) to manage services, and we provide a systemd unit file that's configured by the universal installer. That file can be edited after installation to customize or add additional options. For distributions such as OpenWrt we provide config and init files that can be customized with a text editor or configured through the web admin interface. ### Additional Configuration The rest of the configuration for `sshnpd` is contained in a separate guide: {% content-ref url="/pages/N7gnKkd0tRPYMzr0OkVT" %} [Daemon Additional Configuration](/usage/sshnpd-configuration/daemon-additional-configuration.md) {% endcontent-ref %} ### Modifying your device's systemd unit If you installed sshnpd through the universal installer, then you can modify the `/etc/systemd/system/sshnpd.service.d/override.conf` file to take advantage of the configurations and options listed above to tailor sshnpd to your needs. Lots of configuration can be done to sshnpd by editing this file, such as changing the user that sshnpd runs as, changing the atSigns, enabling/disabling verbose logging, and more. Sample `override.conf`file: ```sh # MANDATORY: User to run the daemon as User=bob # MANDATORY: Manager (client) or policy manager address (atSign) Environment=manager_atsign="@alice" # MANDATORY: Device address (atSign) Environment=device_atsign="@bob" # OPTIONAL: Delegated access policy management Environment=delegate_policy="" # Device name Environment=device_name="atsign" # Comment if you don't want the daemon to update authorized_keys to include # public keys sent by authorized manager atSigns Environment=s="-s" # Comment to disable verbose logging Environment=v="-v" # Any additional command line arguments for sshnpd Environment=additional_args="" ``` Adding additional arguments is as simple as modifying the `Environment=additional_args=""`string found inside of `override.conf` . The example adds the `--permit-open` to the string of additional args which enables clients to access ports 22, 3389, and 2221 on localhost. ```sh # Any additional command line arguments for sshnpd Environment=additional_args="--permit-open \"localhost:22,localhost:3389,localhost:2221\"" ``` Don't forget to update sshnpd by executing (may require sudo): ```sh systemctl daemon-reload systemctl restart sshnpd.service ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.noports.com/usage/sshnpd-configuration.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.