Why Immich Does Not Have a Default SSH Login Explained

Why Immich Does Not Have a Default SSH Login Explained

Immich is like a smart photo garden for your own server. It helps you back up photos and videos. It gives you a clean web app. It also gives you mobile apps. But many new users ask one funny question: “What is the default SSH login for Immich?” The simple answer is: there is none.

TLDR: Immich does not have a default SSH login because Immich is not a full server operating system. It is an app that usually runs inside Docker containers. SSH belongs to the host machine, not to Immich itself. This is also safer, because default SSH passwords are a big security risk.

Immich Is an App, Not a Magic Server Box

Let’s make this very simple.

Immich is a photo and video backup app. Think of it as your own private Google Photos style service. You install it on a server, NAS, mini PC, Raspberry Pi, VPS, or another machine. Then you use it from a browser or mobile app.

But Immich is not the whole machine.

It is not like buying a router with a sticker that says:

  • Username: admin
  • Password: admin

Immich does not take over your server. It does not create a secret back door. It does not install a hidden SSH account named immich. It just runs as software.

That means your SSH login is controlled by the system where you installed Immich.

If you installed Immich on Ubuntu, your SSH login is your Ubuntu login. If you installed it on Debian, it is your Debian login. If you installed it on a NAS, it is your NAS login. Immich is not the boss of SSH. Your server is.

What Is SSH, Anyway?

SSH stands for Secure Shell. That sounds like a turtle with a password. Cute, but also powerful.

SSH lets you connect to a server command line from another computer. You type commands. The server obeys. If you know what you are doing, it is great. If you do not, it can feel like asking a dragon to make toast.

People use SSH to:

  • Install software.
  • Edit files.
  • Restart services.
  • View logs.
  • Manage Docker containers.
  • Fix broken things at 2 a.m.

SSH is not the same as logging into the Immich web page. Immich has its own user accounts for the web app. Those are for photos, albums, users, and sharing. SSH is for the server itself.

So if you ask, “What is the Immich SSH password?”, it is like asking, “What is the Netflix password for my refrigerator?” The two things are not part of the same system.

Why There Is No Default SSH Login

There are several reasons. They are all good. Some are boring. Some are spicy. Let’s walk through them.

1. Default Logins Are Dangerous

Default usernames and passwords are loved by hackers. They are like free candy on the internet sidewalk.

If every Immich install had this login:

  • Username: immich
  • Password: immich

Then attackers would try it everywhere. All day. Every day. Robots would scan the internet for exposed servers. They would knock on port 22. They would shout, “Hello? Is immich home?”

That would be very bad.

Immich stores personal photos and videos. That can include family pictures, travel memories, documents, pets, screenshots, and maybe 800 pictures of your lunch. These files matter. They are private.

So Immich avoids default SSH access. That is a smart move.

2. Immich Usually Runs in Docker

Most people run Immich with Docker or Docker Compose. Docker puts apps into containers. A container is like a lunchbox for software. It keeps the app, tools, and settings together.

But a Docker container is not normally a full computer. It usually does not run SSH. It does not need to.

Immich has several parts. For example:

  • The Immich server.
  • The machine learning service.
  • The database.
  • Redis.
  • Sometimes a reverse proxy.

These parts talk to each other inside Docker. They do their jobs. They do not sit there waiting for someone to SSH into them.

If you need to look inside a container, you usually use Docker commands from the host. For example, an admin might use commands like docker ps, docker logs, or docker exec. That is different from SSH.

Image not found in postmeta

3. SSH Belongs to the Host Machine

The host machine is the computer running Immich. It might be a small home server. It might be a Linux box in a closet. It might be a NAS under your desk making tiny spaceship noises.

That machine decides who can log in with SSH.

Immich does not decide that. Immich is just a guest at the party.

Imagine your server is a hotel. SSH is the front door. Immich is one room inside the hotel. The room does not make keys for the front door. The hotel does.

So if you cannot SSH into the machine, check the host system. Ask:

  • Is SSH installed?
  • Is the SSH service running?
  • What user account exists on the host?
  • Is the firewall blocking port 22?
  • Am I using the right IP address?
  • Does my NAS allow SSH?

None of those questions are really Immich questions. They are server questions.

But I Installed Immich. How Do I Log In?

You log into Immich through the web interface.

Open your browser. Go to the address where Immich is running. It might look like:

  • http://serverip:2283
  • http://yourserver.local:2283
  • https://photos.yourdomain.com

The first time you open Immich, you create the first admin user. That is the Immich web admin. It is not an SSH user. It only controls Immich inside the app.

That web account lets you:

  • Upload photos.
  • Invite users.
  • Manage libraries.
  • Change app settings.
  • Use albums.
  • View memories.

It does not give you a Linux shell. It does not let you run server commands. That is by design.

What If I Need Server Access?

Then you need to log into the host, not Immich.

Use the username and password you set when you installed the operating system. If you use a cloud VPS, use the SSH key or login from your cloud provider. If you use a NAS, use the admin tools from the NAS brand.

Common examples include:

  • Ubuntu server: Use your Ubuntu user.
  • Debian server: Use your Debian user.
  • Unraid: Use Unraid’s console or SSH settings.
  • TrueNAS: Use TrueNAS users and shell access.
  • Synology: Enable SSH in Synology settings if needed.
  • VPS: Use the provider’s SSH key or root login rules.

If you forgot your host login, Immich cannot recover it. Immich does not own that account. You will need to recover access through the operating system or server provider.

Does Immich Have a Container Shell?

Sort of. But again, it is not SSH.

Docker lets administrators open a shell inside a running container. This is useful for troubleshooting. It is not meant to be a normal login path.

For example, you might use a command like docker exec to enter a container. The exact command depends on your setup and container names.

This is usually for advanced tasks. Most Immich users do not need it. You can manage most things from the web app, Docker Compose files, and normal update commands.

Think of a container shell like opening the hood of a car. It is useful. But you do not drive from inside the engine.

Why This Design Is Better

No default SSH login may feel confusing at first. But it is actually a good sign.

It means Immich is not trying to control your whole server. It keeps its job clear. It manages your photos. Your operating system manages access to the machine.

This gives you better security. It also keeps things cleaner.

Here is why it helps:

  • Less attack surface: No extra SSH service inside Immich.
  • No shared default password: Attackers cannot guess one magic login.
  • Clear responsibility: Immich handles photos. The host handles SSH.
  • Better Docker practice: Containers do not need SSH to work.
  • More control: You choose how your server is accessed.

Common Confusions

Let’s clear up a few mix-ups.

“I see an Immich container. Can I SSH into it?”

Usually, no. Containers are not normally SSH servers. Use Docker commands from the host if you need to inspect them.

“Is the Immich admin account also a Linux account?”

No. The Immich admin account is only for the Immich web app.

“Can Immich reset my server password?”

No. Immich cannot reset host users, root passwords, SSH keys, or NAS admin accounts.

“Should I expose SSH to the internet?”

Be careful. If you do, use strong keys, disable password login if possible, and use a firewall. Many home users should avoid exposing SSH directly.

Good Security Tips

If you run Immich at home, treat it like a treasure chest. A treasure chest full of baby photos, dog photos, vacation photos, and blurry pictures of receipts.

Here are simple tips:

  • Use strong passwords for Immich users.
  • Keep Immich updated.
  • Keep Docker updated.
  • Back up your Immich database and upload folder.
  • Do not publish random ports to the internet.
  • Use HTTPS if accessing Immich remotely.
  • Protect your host SSH with SSH keys.
  • Do not reuse passwords.
  • Read update notes before major upgrades.

Backups are very important. Immich is not a backup by magic. It can store your media, but you should still back up the server itself. If the disk breaks, the photo goblin wins. Do not feed the photo goblin.

The Simple Mental Model

Here is the easiest way to remember it:

  • Immich web login: For photos and app settings.
  • SSH login: For the server operating system.
  • Docker commands: For managing containers.

These are three different doors.

Do not look for the SSH key under the Immich doormat. There is no doormat. There is no key. There is only your server, your setup, and your chosen login method.

Final Thoughts

Immich does not have a default SSH login because it should not have one. It is not a server appliance. It is not an operating system. It is a self hosted photo app that usually runs in Docker.

This design keeps things safer. It also follows good container habits. You manage SSH on the host. You manage photos in Immich. You manage containers with Docker.

Once that clicks, the whole thing feels much less mysterious. Immich is not hiding a secret login from you. It is simply saying, “SSH is not my department.”

And honestly, that is a very healthy boundary for a photo app.

Avatar for Khera
Khera

Related Posts