SSH

From DreamHost
Jump to: navigation, search

Overview

SSH, or Secure SHell, is a secure alternative to telnet. With SSH, you are able to securely copy/edit files, access SVN, cron jobs, and other DreamHost services via a standard unix command line also known as shell. All SSH traffic travels over a secured connection rather than plain text. Because of this, the connection is encrypted and secure. DreamHost currently uses OpenSSH software on the server end.

Note2 icon.png Note: Before being able to log into your server via SSH, you must update your user to a SHELL user in the Panel. This process is detailed in the Enabling Shell Access wiki.

/Enabling_Shell_Access


When you're finally ready to log into your server via SSH, you'll use the following command in your terminal:

ssh username@server.dreamhost.com  

-or-

ssh username@yourdomain.com

Be sure to change "yourdomain.com" to your actual domain or server.dreamhost.com to the server you're attempting to connect to.


SSH Client Software

Windows is the only commonly-used operating system that does not include a native SSH client. Windows users need to download SSH software separately (see below). Mac OS X and UNIX/Linux users can run the SSH client from any terminal application.

Below are instructions on how to use SSH depending on the operating system or device you are using to connect.

See also: Comparison of SSH clients on Wikipedia

Mac OS X

The simplest way to open terminal on OSX is to use the spotlight search. Press COMMAND (⌘) + SPACEBAR and then type the word terminal:

01 SSH MacOSX Spotlight terminal.fw.png

After you select that, the terminal screen opens:

SSH MacOSX OpenTerminal.fw.png

In terminal, enter your login command which looks like this:

ssh username@server.dreamhost.com

For example, here is a screenshot of a DreamHost user named mywikiuser connecting to a server named charles-pickney:

02 SSH MacOSX terminal connected.fw.png

Unix/Linux

Most distributions of UNIX/Linux come with the OpenSSH package. Any terminal application (xterm, Konsole, etc.) can be used to initiate a secure shell. To log into your web server using SSH in a UNIX/Linux environment, type the following into your shell terminal:

ssh username@yourdomain.com

Be sure to change ‘username’ to your SHELL user in the panel and change ‘yourdomain.com’ to the domain you’re attempting to connect.

For logging in to a VPS, you would use the following format:

ssh username@psxxxxxx.dreamhostps.com

For example, let’s say your VPS is named ps12345. Your login would then be as follows:

ssh username@ps12345@dreamhostps.com

Windows

Every windows SSH client has its own way to be installed and launched, but once you've set it up, there is no difference in further operations. However, each client is suited to specific (or general needs). So, you may wish to try more than one to see what works best for you. Here are a few options:

PuTTY
This is a free and very popular client for Windows users.
WinSCP
This is a free and popular client as well. However it’s not a fully functioning client compared to PuTTY.
CWRSYNC
SmartFTP
SecureCRT
ZOC Terminal
Also available for OS X.

Chrome

Secure Shell is a terminal emulator and stand-alone ssh client for the Chrome web browser. As of January 2015, it's still in beta release with known bugs.

iPhone

An excellent paid SSH app for both iPhone and iPad is Prompt2, by Panic. However, if you don’t want to pay for the premium version, a free app is available through Serverauditor by Cystanix for the iPhone and iPad. This SSH terminal is highly rated by other users and is free to download as well.

You can read more about Serverauditor here:

When you open Serverauditor, the ‘Activity’ page opens which is blank.

    01 SSH iPHone.fw.png
  1. Tap the cloud icon in the top left corner:
    After you tap the cloud icon, a side panel opens which shows various options:
    02 SSH iPHone.fw.png
  2. To connect via SSH, tap the Quick Connect option at the top.
    The Quick Connect screen opens which prompts you for SSH settings:
    03 SSH iPHone.fw.png
  3. Enter the following:
    • username: Enter the username in this field.
    • hostname: Enter the host name or server to connect to here.
    • port setting: Since you’re connecting via SSH, the port setting should be set to 22.
    • password (optional): Enter the user’s password here. This is actually not an optional field like it states.
  4. After filling in the details for your user’s login details, tap the Connect button to connect to the host server.
    After you successfully log in, your user's home directory opens where you can manage the domain's site files:
    04 SSH iPHone.fw.png

You can use standard Linux commands to navigate through your user with this application.

Android

ConnectBot is an SSH application available for free on the Android Market. You can use it to access SSH, Telnet, and local protocols.

Passwordless Login

Once you set up a shell user, you must enter your password each time when logging into the server. If you’d like to avoid entering your password each time, you can set up Passwordless Login. This way, you'll be able to automatically login each time immediately without needing to enter your password.

Passwordless Login for Mac OS X, Linux, Unix and Cygwin

The following are instructions on how to set up Passwordless Login for any Unix, Linux, OSX, or Cygwin machine.

Step one – Generating the key pair

On your home computer, you must first generate an RSA private key using ssh-keygen (unless you have already created one). If you’re using Linux or OSX, open your terminal and run the following command under your username.

ssh-keygen -t rsa

This creates a public/private keypair of the type (-t) rsa.

Once the keypair is created, you are prompted on the following three items:

Generating a public/private rsa key pair.
Enter the file in which you wish to save they key (i.e., /home/username/.ssh/id_rsa).

Click Enter on your keyboard to continue.

Enter a passphrase (leave empty for no passphrase).

Click Enter on your keyboard to continue.

Enter same passphrase again:

Click Enter on your keyboard to continue.


When finished, click Enter on your keyboard.

The following message appears:
Your identification has been saved in /home/username/.ssh/id_rsa
Your public key has been saved in /home/username/.ssh/id_sra.pub

The key fingerprint is:
ar:bc:d3:9e:g3:1f:63:6f:6b:32:2e:97:ee:42:e1:be username@servername

The key’s randomart image is:

Step two – Copying the public key you just created on your home computer to your DreamHost server

Copy the public key on your local computer to DreamHost's server by running the following command: (Mac OS X user see below)

ssh-copy-id -i ~/.ssh/id_rsa.pub user@server.com

Replace user and server.com with your username and server name. For example:

ssh-copy-id -i ~/.ssh/id_rsa.pub mydhuser@flower.dreamhost.com

If you are a Mac OS X user then the above command will not work. Try the following instead:

cat ~/.ssh/id_rsa.pub | ssh [user@]host "cat >> ~/.ssh/authorized_keys"
This replaces the
ssh-copy-id
command for OS X users.

Once you run the ssh-copy-id command, the following prompts appear:

The authenticity of host ‘flower.dreamhost.com’ can’t be established.
Are you sure you want to continue connecting (yes/no)?

Type in the word yes and click Enter.

mydhuser@flower.dreamhost.com’s password

Enter the password for your DreamHost SHELL username.

Step three – Confirming the SSH connection

At this point, a new folder is created under your DreamHost user named /.ssh with 700 permissions.

In that folder is your authorized_keys file which was just copied from your home computer which has 600 permissions.

Note2 icon.png Note: The system automatically creates and names the file ‘authorized_keys’ when you run the command above.


If everything is configured properly, you should now be able to access your DreamHost account through SSH without a password. Run this command on your home computer where you just created the original keypair.


ssh user@server.dreamhost.com

Just change the user to your DreamHost SHELL user and server to your DreamHost servername. This should now log you in automatically without prompting for a password.


If ssh-copy-id does not work

  1. Follow step one in the previous section to create the keypair on your home computer.
  2. If ssh-copy-id doesn’t work for you, then manually upload your public key to your DreamHost server. On your home computer run this command under your username where you created your key pair:
    
    scp ~/.ssh/id_rsa.pub user@server.com: ~/
    
    

    This copies the id_rsa.pub file on your home computer to your DreamHost SHELL user. Just change 'user' to your SHELL user and 'server.com' to the server you're connecting to.

  3. Log into your DreamHost server through your SHELL user.
  4. Once logged into your DreamHost server, you’ll need to append the public key you just uploaded to your authorized_keys file. To do this, first make sure you’re in your users directory:
    pwd
    /home/mydhuser/
    
  5. In that directory, create the /.ssh folder:
    mkdir .ssh
    
  6. Run the following command to create a new file named 'authorized_keys' in the new /.ssh folder. This will also copy your id_rsa.pub file into this new authorized_keys file:
    cat id_rsa.pub >> .ssh/authorized_keys
    
    
  7. Remove the original id_rsa.pub file in your SHELL user’s directory:
    rm id_rsa.pub
    
    
  8. Make sure the permissions are correctly set on the /.ssh folder and /.ssh/authorized_keys file. Run these three commands under your SHELL user:
    chmod go-w ~
    chmod 700 ~/.ssh
    chmod 600 ~/.ssh/authorized_keys
    
    

If everything is configured properly, you should now be able to access your DreamHost account through SSH without a password. Run this command on your home computer where you just created the original keypair.


ssh user@server.dreamhost.com

Just change the user to your DreamHost SHELL user and server to your DreamHost servername. This should now log you in automatically without prompting for a password.

Note2 icon.png Note: For more information, see the man pages for ssh, ssh-keygen, ssh-copy-id, and sshd. “Getting started with SSH” is a step-by-step tutorial which you may find helpful.


Windows PuTTY

For instructions on how to set up and configure PuTTY for Passwordless Login, please review our wiki:

Troubleshooting

Directory/filenames which contain non-english/Asian characters show up as ?????? or are corrupt

If you have problems with your filenames or content not showing up correctly then you will want to add the following to your .bash_profile file to enable UTF support:

export LC_ALL=en_US.UTF-8
export LANG=en_US.UTF-8
export LANGUAGE=en_US.UTF-8
export G_FILENAME_ENCODING=UTF-8\

UTF-8 is most likely enabled already. You can check in your terminal by entering the command ‘locale’:


[horsetail]$ locale
LANG=en_US.UTF-8
LANGUAGE=
LC_CTYPE="en_US.UTF-8"
LC_NUMERIC="en_US.UTF-8"
LC_TIME="en_US.UTF-8"
LC_COLLATE=C
LC_MONETARY="en_US.UTF-8"
LC_MESSAGES="en_US.UTF-8"
LC_PAPER="en_US.UTF-8"
LC_NAME="en_US.UTF-8"
LC_ADDRESS="en_US.UTF-8"
LC_TELEPHONE="en_US.UTF-8"
LC_MEASUREMENT="en_US.UTF-8"
LC_IDENTIFICATION="en_US.UTF-8"
LC_ALL=

You can see the first line is LANG=en_US.UTF-8. If for some reason this still doesn’t work, it’s most likely the terminal client you’re using. For instructions on how to configure this in PuTTY please visit our wiki:

Server unexpectedly closed network connection

If you get this error when attempting to SSH, this can mean your IP has been blocked. Contact support and we will check to see if your IP is blocked. If so, we will be able to whitelist it. If you don't know your IP, visit whatismyipaddress.com.

[User] is not in the sudoers group

Dreamhost does not allow regular shell users sudo access on shared servers for security purposes. While many tasks can be accomplished without the use of sudo, if you do need sudo access, you may wish to check out our DreamHost PS option, where you get full root access through an admin user.

Idle connections are getting dropped

Dreamhost and other ISPs may kill ssh connections that remain idle longer than a certain number of minutes. The fix is simple in Linux or OSX. All you need to do is set up keep-alive by editing the /etc/ssh/ssh_config or ~/.ssh/config file on your computer. In that file, add the following:

  Host *
      ServerAliveInterval 15
      ServerAliveCountMax 4

Now the ssh client will ask the server for a sign of life every 15 seconds, thus keeping the connection open.

For instructions on how to configure this setting in PuTTY, please visit our wiki:

Killed

Running processes via SSH that consume large quantities of memory and/or processor power may lead them to be "Killed" :ndash; See our wiki for further information:

External Links