SSH (also known as Secure Shell) is a secure method of logging in to your assigned server so that you can execute commands, manage files, and run programs directly on the server command-line.
Before you can access your server with SSH, you must first create a shell user. Instructions for creating shell users are available here: Adding a Shell User
After you've created your shell user, make a note of the following information:
- The shell user's name
- The shell user's assigned server
- The shell user's password
Most operating systems, including Linux, MacOS, and Windows 10, include a command-line SSH client that you can use to log in to your Opalstack server.
To do so, open your terminal application (usually Terminal or similar on MacOS and Linux, or Powershell on Windows 10) and execute the
ssh command with your shell user's name and server.
In this example, the shell user name is "myuser" and the server is "opal1.opalstack.com":
Enter your shell user's password when prompted, and you'll then be logged in to your home directory on the server.
You can also use SSH to run single commands instead of a full interactive shell session. For example, if you wanted to use "myuser" from the previous example to read the date from your Opalstack server:
ssh firstname.lastname@example.org date
If you're using a GUI SSH client, then you will need to supply your shell user's name, server, and password in the connection parameters for your client.
For example, if you are using PuTTY to log into "opal1.opalstack.com" as the "myuser" shell user:
- Launch PuTTY.
- Enter "opal1.opalstack.com" as the hostname.
- Click "Open".
- Enter "myuser" as the username when prompted.
- Enter the password for the "myuser" shell user when prompted.
If you are using some other GUI SSH client, then consult your client documentation or its help menu for more specific instructions.
Your SSH password is the password for the shell user that you're using to make the SSH connection.
Please refer to Changing a Shell User's Password for more information.
SSH keys can be used to log in to the server securely without using a password. This is useful for running unattended local scripts that execute commands on your server or simply for speeding up your daily workflow.
Open your terminal application and execute the following command:
ssh-keygen -t rsa
You'll be prompted to enter the key file location and an optional passphrase.
It's generally safe to accept the default values for these prompts - that is, a key located at
~/.ssh/id_rsaand a blank passphrase.
Passphrases are completely optional. They do enhance the security of your key, in that if someone steals your computer or the key itself, they won't be able to use the key without the passphrase. However, using a passphrase means you'll need to enter the passphrase when you use SSH, which negates the convenience of using a key. It's up to you!
The rest of this procedure assumes that you've accepted the defaults.
Once you're done, you'll have a new keypair (private and public keys) in your local
Now that you have created your key, you need to upload the public key to your Opalstack server. There are a few different ways to do this.
The easiest way to do this is by using
ssh-copy-id. Most modern Linux distributions have this tool installed, and Mac users can install it with these instructions.
Once you have
ssh-copy-idinstalled on your computer, you can upload your key with a single command. The following example will upload a key for a shell user named "myuser" to its assigned server "opal1.opalstack.com". Note
The program will generate a series of messages and will then prompt you for your shell user's password. Enter the password, and the program will then upload your key.
Once the key is uploaded, you should be able to login as described under "Logging in via SSH" above - minus the password, of course!
If you're not able to use
ssh-copy-id, then you can use a SSH command to upload your key to the server. Here is an example of the command using "myuser" and "opal1.opalstack.com" from our previous examples:
cat ~/.ssh/id_rsa.pub | ssh email@example.com \ "mkdir ~/.ssh && chmod 700 ~/.ssh && touch ~/.ssh/authorized_keys && \ chmod 600 ~/.ssh/authorized_keys && cat >> ~/.ssh/authorized_keys"
You'll be prompted for the shell user's password. Enter the password, and the key will then be uploaded.
Launch Puttygen from your start menu.
Click the 'Generate' button to generate a new key. Be sure to follow the onscreen instructions to move your mouse cursor around while the key is being generated.
Click "Save private key" and save the key to a secure location on your computer.
Select the public key text from the box labeled "Public key for pasting into OpenSSH authorized_keys file" and copy it by pressing
CTRL-Cor by right-clicking the selected text and choosing "Copy" from the menu.
Log into a SSH session on your server with PuTTY as described above on this page.
Once you have established your SSH session execute the following commands:
mkdir ~/.ssh chmod 700 ~/.ssh touch ~/.ssh/authorized_keys chmod 600 ~/.ssh/authorized_keys
In your SSH session, open
~/.ssh/authorized_keysin your preferred text editor. For example, if you use the
nano -w ~/.ssh/authorized_keys
Paste your public key (which you copied in step 4) into the text editor. It should be pasted as a single line of text.
Save the file and exit the editor.
Configure PuTTY to use your key:
- Launch PuTTY.
- Select "Connection > Data" from the Category sidebar in the PuTTY configuration window.
- Enter your shell user's username in the "auto-login username" field.
- Select "Connection > SSH > Auth" from the Category sidebar in the PuTTY configuration window.
- Click the "Browse" button next to the "Private key file for authentication" field.
- Select the private key that you saved in step 3 above.
- Select "Session" from the Category sidebar in the PuTTY configuration window.
- Enter your hostname, eg opal1.opalstack.com, in the field labeled "Host Name (or IP address)". Leave the port setting at 22.
- Enter a name for your connection in the field labeled "Saved Sessions".
- Click "Save" to save the connection information.
- Double-click the connection name in the session list to connect.