====== SSH: Secure Shell ======
===== Direct Root Access =====
By default, direct SSH root access to Brightboxes is limited to key authentication, which is far stronger than using passwords.  By default there are no ssh keys installed for the root user, so you'll need to generate and install one yourself.  Follow the instructions on [[#generating_a_new_ssh_key|generating a new key]] then follow the instructions on [[#installing_a_new_ssh_key|installing the key]] but run the commands in a root shell (''sudo bash'').

You now need to tell ssh which IP addresses you'll be logging in as root from.  Add ''AllowUsers'' directives at the bottom of the ssh config file (''/etc/ssh/sshd_config'') for every IP, hostname or network you'll need access from:
<code>
AllowUsers root@208.75.86.244
AllowUsers root@70.84.143.*
AllowUsers root@*.leed.cable.ntl.com.
</code>

Or allow it from everywhere:
<code>
AllowUsers root@*
</code>

Then reload ssh:
<code>
sudo /etc/init.d/ssh reload
</code>

==== Root password access ====
If you really want to access the root account directly using only a password, edit the ''/etc/ssh/sshd_config'' file and change the line ''PermitRootLogin without-password'' to ''PermitRootLogin yes'', then reload ssh.

===== Generating a new ssh key =====

==== Linux/UNIX/MacOSX command line ====
To generate a new private key named ''brightbox-key'' and matching public key named ''brightbox-key.pub'' run the following command.
<code>
ssh-keygen -f brightbox-key -C "My brightbox key"
</code>
You will then need to include the name of your private key when you ssh to your brightbox:
<code>
ssh -i brightbox-key rails@username-001.vm.brightbox.net
</code>

===== Installing a new ssh key =====

Copy your public key up to your Brightbox:
<code>
scp brightbox-key.pub rails@user-001.vm.brightbox.net:
</code>

Make sure the ''.ssh/'' directory exists in the ''rails'' user home directory on your Brightbox, and has the correct permissions:
<code>
mkdir ~/.ssh
chmod 0700 ~/.ssh
</code>

Add your public key to the <code>authorized_keys</code> file on your Brightbox, and make sure it has the correct permissions:
<code>
cat brightbox-key.pub >> ~/.ssh/authorized_keys
chmod 0600 ~/.ssh/authorized_keys
</code>

You can add multiple keys with this method.