Remote access is important in the AniNIX, and so we support the use of the [OpenSSH](https://wiki.archlinux.org/index.php/Secure_Shell) protocol to supporting hosts.
Most of this service's configuration lives in [sshd_config](files/sshd_config) as specified in [sshd_config(5)](https://man.archlinux.org/man/core/openssh/sshd_config.5.en). This includes match statements on what groups are allowed to connect, allowed protocols, and somewhat importantly the ForceCommand directives that hold certain users captive to specific operations.
VNC and X11 forwarding can be used over SSH to allow graphical clients. X11 forwarding without SSH compression is generally slower. To allow VNC, log in over SSH and forward remote port 5901 to localhost port 5901. Start the VNC server on the remote, and use a VNC viewer like tightVNC portable to view the remote desktop.
This role does expect that you have a public key in your `.ssh` folder named `deploy.pub`. This public key will be put on all servers, and as such it is intrinsically necessary that there be a passphrase on the private key to protect it from compromise. [AniNIX/ShadowArch](/AniNIX/ShadowArch) will provide a convenient [service file](/AniNIX/ShadowArch/src/branch/main/EtcFiles/ssh-agent@.service) to wrap the ssh-agent service for you to make working with this key easier.
