If you need to access an instance in your application's environment, you can log in via SSH.
Engine Yard enables login access to application instances via SSH. We have standardized the secure practice of using key-based authentication. This protects our customers’ instances from brute force attacks against a user/password-based authentication. An added benefit of key-based authentication is the ability to log in to an instance without a password.
Create a local SSH keypair
In order to SSH into an Engine Yard Cloud slice, you’ll need an SSH keypair on your local machine.
To check for existing SSH keypairs:
$ ls -la ~/.ssh
and look for private keys and their corresponding public keys, e.g. id_rsa and id_rsa.pub.
If you already have a key that you wish to use then move on to the Adding SSH Keys to Engine Yard Cloud article. If you do not have any keys or you wish to generate a new key to use, then you can generate it using multiple methods:
Method 1: *nix Based CLI
This method is used when working from a Unix-like operating system, such as Linux, or when using WSL (Windows Subsystem for Linux). From the CLI, run the following command:
$ ssh-keygen -t rsa
You should see a similar output to the following:
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/tbird/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/tbird/.ssh/id_rsa.
Your public key has been saved in /Users/tbird/.ssh/id_rsa.pub.
The key fingerprint is:
c9:26:4a:1b:7d:35:9f:c3:c2:b0:b4:5a:7c:8c:65:d9 tbird@jupiter
The key's randomart image is:
+--[ RSA 2048]----+
| |
| o |
| o * E |
| . + % + . |
| o o S = = |
| . + * . . . |
| o . |
| |
| |
+-----------------+
- The command prompt should ask you where to save the key, the default path is fine if you have no other keys. If generating additional keys then ensure this filename is different from existing keys.
- Entering a passphrase is more secure. You can use an ssh-agent so that you won’t have to type your passphrase every time you connect.
- The rest of the output will automatically be generated.
Outcome
Upon completion of the key generation command, two files have been generated in the location you specified to save the key. Assuming you accepted the default file to save the key to, then the location is in a .ssh directory in your home directory, and you should see the following files in ~/.ssh:
id_rsa
id_rsa.pub
The id_rsa.pub file is the public key file that you’ll upload to Engine Yard Cloud.
If you are using WSL, you can access WSL files from Windows by running the following command in the Ubuntu terminal.
explorer.exe .
This will open the Linux directory in Windows Explorer, with the WSL prefix “\wsl$\Ubuntu-18.04\home\<username>”. You can then navigate to the .ssh directory.
Method 2: PuTTYgen
If you are using Windows, you can easily generate an SSH pair using Putty:
- Download and install the PuTTY SSH Client for Windows.
- Navigate to Start menu -> All Programs -> PuTTY -> PuTTYgen.
- Click Generate to generate the key and follow the instructions.
Outcome
After the key has been generated, it will be displayed on the Publick key field. You can enter a passphrase in the Key passphrase and Confirm passphrase fields to protect the key, and then click on the Save the public key and Save private key options. You will need to select a location for both files.
Next step
After your SSH key pair has been generated, you will need to add your public key to Engine Yard Cloud.
If you have feedback or questions about this page, add a comment below. If you need help, submit a ticket with Engine Yard Support.
Following github online help explain about SSH Keys.
Generating SSH Keys
https://help.github.com/articles/generating-ssh-keys
各種 OS 上での SSH 鍵の作り方については、GitHub の
http://github.com/guides/providing-your-ssh-keyに詳しく説明されています。Hi Mr. Shindo,
Thank you so much for your comment. It's helpful for everyone.
Takahiro Imanaka
進藤 様
この度は本記事に関連する有益な情報をお書き込みいただきまして有難うございました。
今後ともよろしくお願いいたします。
Engine Yard 今中
Hi, I have a little bit of critique.
1) Your directions presume a singular RSA key is installed onto a users' computer and fail to provide any additional information on how to handle the situation where a user may already have another SSH key in place for another site/purpose. (Almost overwrote the RSA key that I'd already created for github using their specified syntax including the "-b 4096" suffix - and a different user identity - due to that omission)
I realize that it might be presumed to be "given" knowledge, at least for IT support staff who work in your company and hosting industry, but it's not the case for everyone who patronizes your company's services, at a guess, especially for the "little guys".
2) You forget to remind the user that following addition of the new key, they need to APPLY to the instance(s) for which it will be used.
Again, this might be considered "apriori" for IT people who do this stuff over and over and over again, day in day out, (figuratively speaking) but not necessarily for the outside world. Personally, I've performed this process less times than I have fingers over the past 10 years.
thanks,
Andrew Jenkins
Hi Andrew,
Thanks for you feedback. I've updated the document to cover handling existing keys. With regards to the required Apply run, this is covered in the document https://support.cloud.engineyard.com/hc/en-us/articles/205407248-Add-an-SSH-Key, which should be worked through as the next stage of the process.