Introduction #

Here is simple way to listen to self-hosted music on Android without installing specific streaming software on your server.

This method relies 100% on SSH.

Table of contents #

Software needed #

GNU/Linux #

Android #

Install these apps from F-Droid

Configuration #

Introduction #

At the time of writing VLC for Android does not support public key authentication with SFTP. To solve this problem, we will use ConnectBot to:

  • connect to the server
  • make a local SSH tunnel for VLC

The following instructions apply to a GNU/Linux system.

New user #

Connect to the server.

For sake of security I created a new user called music:

useradd -m -s /bin/bash music
passwd music

I then moved all the music files in a directory called /home/music/files.

OpenSSH #

To further harden the server in terms of security we must disable TTYs and force the internal SFTP server for the SSH daemon. Here is what I added to /etc/ssh/sshd_config:

Match User music Address
    PasswordAuthentication yes
    IPQoS throughput
    PermitTTY no
    ForceCommand internal-sftp

Match User music
    X11Forwarding no
    AllowTcpForwarding yes
    PermitTTY no
    ForceCommand internal-sftp
    IPQoS throughput

Now, restart OpenSSH

systemctl restart ssh

ConnectBot #

Key pair generation #

Open ConnectBot on your phone and generate a key pair:

  1. tap the menu icon, in the top right of the screen
  2. Manage Pubkeys
  3. tap the [+] button
  4. set these values
    • Nickname: myserver
    • Type: RSA
    • Bits: 4096
    • Password: <a password>
    • Load key on start: true

The encryption password will be prompted unless it has not been previously unlocked, for example by a previous connection.

Unlock the key by tapping it. Tap the key longer and select Copy public key.

You now have to copy the public key to the server (/home/music/.ssh/authorized_keys). You can send it by email for example (it is now in Android’s copy-paste buffer).

Add a new host to ConnectBot #

Now we need to add an SSH host on ConnectBot. Go back to Connectbot’s home screen and tap on the + button. Add the host and tap Use pubkey authentication.

Enable these flags:

  • Compression
  • Stay connected

Disable this flag:

  • Start shell session

Set the myserver public key by tapping Use pubkey authentication.

Test #

Disconnect from the server and reconnect to it. If everything works as expected you won’t see any errors.

Port forwarding #

Make a long tap on the host and select Edit port forwards and then tap the + button.

To be able for VLC to connect to the server we need to create a port forward, like this:

  • Nickname: vlc
  • Type: Local
  • Source Port: 2222
  • Destination:
connectbot port forwarding
ConnectBot port forwarding


Open the VLC app.

Go to the Browse section and tap the + button. Select SFTP as protocol and edit the fields like this:

  • Port: 2222
  • Server address (domain name):
  • Username: music
  • Folder path (optional): /home/music/files
  • Server name, for conveniency: MUSIC

Once you add the server tap the new directory icon you find in VLC Browse page. The first time you do this you will be prompted for the music user’s password.

You should now be able to see and play the music files.

Final testing #

Close ConnectBot and VLC and retry everything.

Problems #

  • Not bandwidth efficient.
  • No transcoding is possible using this method.