How to access your account using SSH keys
This article describes how to create and deploy SSH keys. With SSH keys, you can automate logins to your A2 Hosting account, or use two-factor authentication for increased security.
This article describes how to configure SSH keys using the command line. Alternatively, if your hosting account includes cPanel, you can use its graphical user interface to configure SSH keys. For more information, please see
this article.
Using SSH keys
When you log in to your account interactively using an SSH client as described in this article, you must enter a password every time. But what if you want to run an automated process? Perhaps you want to automatically download a database backup at certain times to your local computer. In this scenario, you don't want to have to manually type your SSH password every time the backup process runs.
Or what if you want to allow multiple users to transfer files securely using SFTP, as described in this article? You would need to give them your cPanel password, which would give them complete access to your account.
You can solve these problems by using SSH keys to connect to your account. SSH keys enable your computer to log in to your A2 Hosting account automatically without you typing a password. To use SSH keys, you must first create a public key and private key (also known as a key pair). The client's private key stays on your local computer, while the public key resides on the A2 Hosting server.
Alternatively, you can also create SSH keys and protect them with a passphrase for two-factor authentication. Although this configuration does not enable automatic logins, it does provide an extra layer of security, because you must have the correct key file and know the correct passphrase to access the account.
To set up SSH keys, follow the appropriate procedure below for your computer's operating system.
Windows operating systems
Older Windows versions
Older versions of Microsoft Windows do not include the SSH suite of programs, so you must download an SSH key generator program first. A2 Hosting recommends PuTTYgen, a free program that you can download here. After you have downloaded the PuTTYgen executable to your local computer, you can use it to generate a key pair.
Although PuTTY and PuTTYgen work on Windows 10, as of April 2018 there are native SSH programs included in Windows 10. For more information, see the next section.
To generate and configure a key pair, follow these steps:
- Start PuTTYgen.
- Under Parameters, click the SSH-2 RSA radio button.
- Confirm that the Number of bits in a generated key value is set to 2048.
- Click Generate.
- Move the mouse around to generate random data. After a few seconds, PuTTYgen creates the key.
- You can optionally add a passphrase to the key. If you are generating keys to use for automated processes, you should skip this step. However, if you want to set up two-factor authentication by using key files and a passphrase, then type a password for the key in the Key Passphrase and Confirm Passphrase text boxes.
- Click Save public key, choose the folder, type id_rsa.pub in the File name text box, and then click Save.
- Click Save private key, choose the folder, type id_rsa.ppk in the File name text box, and then click Save.
If you did not specify a key passphrase, PuTTYgen displays a warning. Click Yes to dismiss the warning.
- Select all of the text in the Public key for pasting into OpenSSH authorized_keys file text box, right-click on the text, and then click Copy.
- Log in to your A2 Hosting SSH account using PuTTY.
- At the command line on the server, type the following commands:
mkdir ~/.ssh
nano ~/.ssh/authorized_keys
In the nano text editor, paste the public key text that you copied in step 9.
If you are setting up multiple key pairs, the authorized_keys file may already contain data for other key pairs. If this is the case, then just append the new public key text to the file; do not delete the existing key information.
- Press Ctrl+x, type y to save the file, and then press Enter. nano saves the file and exits.
At the command line on the server, type the following commands to set the correct file permissions:
chmod 600 ~/.ssh/authorized_keys
chmod 700 ~/.ssh
- To close the connection, type exit and then press Enter.
At this point, you have created the SSH key pair and deployed the client's public key to the A2 Hosting server. You are now ready to configure the PuTTY client to connect to your SSH account using the private key.
The following procedure assumes that you have already downloaded and installed the PuTTY client. If you have not already done this, follow the PuTTY setup procedures in
this article before proceeding.
To configure PuTTY to use your private key, follow these steps:
- Start PuTTY.
- In the Category pane, expand SSH, and then click Auth.
- Under Authentication Parameters, click Browse.
- Locate the id_rsa.ppk file that you created in the previous procedure.
- In the Category pane, click Session.
- In the Host Name (or IP address) text box, type username@example.com. Replace username with your A2 Hosting username, and replace example.com with your site's domain name.
- In the Port text box, type 7822.
The default port for SSH is 22. However, A2 Hosting uses a different port for security reasons.
- Confirm that the Connection type radio button is set to SSH.
- In the Saved Sessions text box, type a name for the connection. For example, type A2 account.
- Click Save.
- To connect to your SSH account, double-click the connection name in the list. PuTTY should connect without asking you to type your account password. If you set a passphrase for the key, however, you must type the key passphrase.
Windows 10
As of April 2018, Windows 10 includes native SSH programs. To generate and configure a key pair, follow these steps:
- To open the Run dialog box, press Windows key+r.
- In the Run dialog box, type cmd and then click OK to open a command prompt window.
- At the command prompt, type the following command:
ssh-keygen
- Press Enter when you are asked where to save the key.
- You can optionally add a passphrase to the key. If you are generating keys to use in automated processes, you should just press Enter. However, if you want to set up two-factor authentication by using key files and a password, then type a password for the key and then press Enter.
At the command line, type the following command:
more .ssh/id_rsa.pub
- Select the text listed in the file and copy it.
Log in to your A2 Hosting account using SSH. At the command line, type the following command, replacing username wih your A2 Hosting username, and example.com with your site's domain name:
ssh -p 7822 username@example.com
At the command line on the server, type the following commands:
mkdir ~/.ssh
nano ~/.ssh/authorized_keys
In the nano text editor, paste the public key text that you copied in step 7.
If you are setting up multiple key pairs, the authorized_keys file may already contain data for other key pairs. If this is the case, then just append the new public key text to the file; do not delete the existing key information.
- Press Ctrl+x, type y to save the file, and then press Enter. nano saves the file and exits.
At the command line on the server, type the following commands to set the correct file permissions:
chmod 600 ~/.ssh/authorized_keys
chmod 700 ~/.ssh
- To close the connection, type exit and then press Enter.
At this point, you have created the SSH key pair and deployed the client's public key to the A2 Hosting server. You are now ready to connect to your SSH account using the private key. To do this, follow these steps:
- At the command prompt, type the following command. Replace username with your A2 Hosting username, and replace example.com with your site's domain name:
ssh -p 7822 username@example.com
The SSH client should connect without asking you to type your account password. If you set a passphrase for the key, however, you must type the key passphrase. When you are connected, the remote server's command line prompt appears:
username@hostname [~]#
- You can now run commands on the remote server. For example, to see a listing of the current directory, type ls and then press Enter.
- To close the SSH connection when you are done, type exit and then press Enter.
- To close the command prompt window, type exit and then press Enter.
Mac OS X and Linux operating systems
Both Mac OS X and Linux include SSH support, so you do not have to download any special programs to generate SSH keys.
To create and configure SSH keys, follow these steps:
- Open a terminal window. The procedure to do this depends on the operating system and desktop environment.
- On Mac OS X, click Applications, click Utilities, and then click Terminal.
At the command prompt, type the following command:
ssh-keygen -t rsa
- Press Enter when you are asked where to save the key.
- You can optionally add a passphrase to the key. If you are generating keys to use in automated processes, you should just press Enter. However, if you want to set up two-factor authentication by using key files and a password, then type a password for the key and then press Enter.
At the command line, type the following command:
cat ~/.ssh/id_rsa.pub
- Select the text in the file and copy it.
Log in to your A2 Hosting account using SSH. At the command line, type the following command, replacing username wih your A2 Hosting username, and example.com with your site's domain name:
ssh -p 7822 username@example.com
At the command line, type the following commands:
mkdir ~/.ssh
nano ~/.ssh/authorized_keys
In the nano text editor, paste the public key text that you copied in step 6.
If you are setting up multiple key pairs, the authorized_keys file may already contain data for other key pairs. If this is the case, then just append the new public key text to the file; do not delete the existing key information.
- Press Ctrl+x, type y to save the file, and then press Enter. nano saves the file and exits.
At the command line, type the following commands to set the correct file permissions:
chmod 600 ~/.ssh/authorized_keys
chmod 700 ~/.ssh
- To close the connection, type exit and then press Enter.
At this point, you have created the SSH key pair and deployed the client's public key to the A2 Hosting server. You are now ready to connect to your SSH account using the keys.
To connect to your SSH account using the keys, follow these steps:
- Open a terminal window. The procedure to do this depends on the operating system and desktop environment.
- On Mac OS X, click Applications, click Utilities, and then click Terminal.
- At the command prompt, type the following command. Replace username with your A2 Hosting username, and replace example.com with your site's domain name:
ssh -p 7822 username@example.com
In this command, we explicitly specify the port number, the username, and the hostname. However, you can also define the settings for a remote host in your
~/.ssh/config file as follows:
Host example
Hostname example.com
Port 7822
User username
The
Host value can be any name you want; it is simply a label for the other settings. The
Hostname value is the remote host you want to access, the port number is 7822, and the
User value specifies your A2 Hosting account username. With this configuration defined, you can connect to the account by simply using the
Host value. You do not have to type the port number, username, and hostname each time. The following command demonstrates how to do this:
ssh example
- The SSH client should connect without asking you to type your account password. If you set a passphrase for the key, however, you must type the key passphrase.
If you are using a passphrase, you may not want to have to re-type it every time you connect to the remote server. If your computer has OpenSSH version 7.2 or later, you can automatically store the passphrase in the SSH authentication agent. (To determine the OpenSSH version installed on your computer, type
ssh -V at the command prompt.) Then when you connect to the remote server, you must type the passphrase the first time, but not for any subsequent connections.
To do this, add the following lines to your
~/.ssh/config file:
Host *
AddKeysToAgent yes
If you are using Mac OS X, add the following line as well:
UseKeychain yes
Alternatively, if you have an older version of OpenSSH installed on your computer, you can type the
ssh-add command to manually store the passphrase in the SSH authentication agent for the duration of your login session.
If your computer has OpenSSH version 8.8 or later, you may be unable to connect to the server. (To determine the OpenSSH version installed on your computer, type
ssh -V at the command prompt.) This is because by default, OpenSSH 8.8 and later versions disable RSA signatures using the SHA-1 hash algorithm.
To enable RSA signatures with SHA-1 hashes so you can connect to the server, add the following lines to your
~/.ssh/config file:
HostKeyAlgorithms +ssh-rsa,ssh-dss
PubkeyAcceptedAlgorithms +ssh-rsa,ssh-dss