SSH: Secure Shell
Using SSH Key Authentication For ''rails'' User
To avoid having to enter the
rails user password to access the server or when deploying using Capistrano see the section about installing a new ssh key.
You can also add an SSH public key to your profile within the control panel. This key will automatically be added to any new Brightboxes that are provisioned where you are the account owner or have a technical role.
authorized_keys file is only generated when a Brightbox is created. There are no further automatic updates to the
authorized_keys file so it is safe to manually add or remove keys. If you update your profile's SSH key later then existing boxes will not see the change.
This allows you to enter your key once and your key will be added to the
rails user's account for any new server you manage.
Generating a new ssh key
Linux/UNIX/MacOSX command line
To generate a new private key named
brightbox-key and matching public key named
brightbox-key.pub run the following command.
ssh-keygen -f brightbox-key -C "My brightbox key"
You will then need to include the name of your private key when you ssh to your brightbox:
ssh -i brightbox-key email@example.com
Installing a new ssh key
Copy your public key up to your Brightbox:
scp brightbox-key.pub firstname.lastname@example.org:
Make sure the
.ssh/ directory exists in the
rails user home directory on your Brightbox, and has the correct permissions:
mkdir ~/.ssh chmod 0700 ~/.ssh
Add your public key to the
~/.ssh/authorized_keys file on your Brightbox, and make sure it has the correct permissions:
cat brightbox-key.pub >> ~/.ssh/authorized_keys chmod 0600 ~/.ssh/authorized_keys
You can add multiple keys with this method.
Direct Root Access
By default, direct SSH root access to Brightboxes is limited to key authentication, which is far stronger than using passwords. By default there are no ssh keys installed for the
root user, so you'll need to generate and install one yourself. Follow the instructions on generating a new key then follow the instructions on installing the key but run the commands in a root shell (
You now need to tell ssh which IP addresses you'll be logging in as root from. Add
AllowUsers directives at the bottom of the ssh config file (
/etc/ssh/sshd_config) for every IP, hostname or network you'll need access from:
AllowUsers email@example.com AllowUsers firstname.lastname@example.org.* AllowUsers root@*.leed.cable.ntl.com.
Or allow it from everywhere:
Then reload ssh:
sudo /etc/init.d/ssh reload
Root password access
If you really want to access the root account directly using only a password, edit the
/etc/ssh/sshd_config file and change the line
PermitRootLogin without-password to
PermitRootLogin yes, then reload ssh.
Then just set a password for the root account using the
sudo passwd command.