Securely Connecting to Your Virtual Server (SSH and Console)
Posted by on 01 December 2011 05:37 PM
|
|||||||||||||||||
Applicable Plans - All Cloud Hosting PlansSecurely Connecting To Your Virtual Server (SSH and Console)OverviewAll Linux based Virtual Servers have command line access available by default. You can connect from the Customer Portal, your Control Panel (ISPmanager 4 only), and also from an SSH client on your local computer. Connecting to your Virtual Server from the Customer Portal Connecting to your Virtual Server using an SSH client Connecting to your Virtual Server using SSH Using SSH keys Connecting to your Virtual Server from the Customer PortalThe Customer Portal contains a Console application that can be used to connect to the command line of your Virtual Server. This console application allows out-of-band access to the Virtual Server, meaning that you can connect even if there is a software or networking misconfiguration that has disabled external access (SSH not working, network interfaces down, etc). To access the Console, log in to the Customer Portal - https://portal.eapps.com. All Virtual Servers are found under the My Cloud > Virtual Servers menu on the top navigation bar of the Portal. Depending on the age of your account, you may have Virtual Cloud Server or Virtual Machine in the Cloud headings, or both. To access the Virtual Server for either platform, click on the magnifying glass to the right of the Virtual Server listing.
Connecting to your Virtual Server from a Control PanelConnecting to your Virtual Server using the ISPmanager Control PanelThere is an SSH client available in the ISPmanager Control Panel that can be used to connect to the command line of the Virtual Server. How to determine which version of ISPmanager you are using can be found here - ISPmanager versions. Using ISPmanager 4ISPmanager 4 uses the MindTerm (SSH Client) which is a Java based SSH client. This allows you to work at the command line of your Virtual Server without having to leave your browser. This is useful if you are on a computer that does not have an SSH client installed. In ISPmanager 4, MindTerm is accessed from Extra Applications > MindTerm (SSH Client). Click on the link to MindTerm (SSH Client), and depending on how your browser configured this will either open a new tab or a new window. You may need to allow the Java applet access to your computer for it to work correctly. MindTerm will log you in as the user you connected to ISPmanager with. You will need to enter the password for that user to be able to connect. You can work from the command line in MindTerm just like you would in a normal SSH client. If the window for MindTerm is too small, click on another browser tab, and then back on the browser tab for MindTerm. This will usually force MindTerm to go full screen.
Using ISPmanager 5ISPmanager 5 uses the Shell client which is a Javascript based SSH client. This allows you to work from the command line of your Virtual Server without having to leave your browser, and is useful if you are on a computer that does not have an SSH client installed. In ISPmanager 5, the Shell client is accessed from Tools > Shell client. Click on the link to Shell client, and depending on your browser configuration this will either open a new browser tab or new browser window. Shell client will present you with a login prompt. Log in as the user you need to connect to the command line with. You can work from the command line in the Shell client as you would with a normal SSH client. Connecting to your Virtual Server using an SSH clientUsing an SSH client such as PuTTY (Windows), SecureCRT (Windows, Mac OS X, Linux), Terminal.app (Mac OS X), or an xterm (Linux, Mac OS X), you can connect to the command line of your Virtual Server. The advantage of an SSH client over a Java and browser-based solution like the Virtual Server Console is that a standalone client is not affected by Java or browser version issues, or problems or conflicts with installed browser extensions or plug-ins. If you find yourself working from the command line on a regular basis, you should be using an actual SSH client. SSH ClientsThere are SSH clients available for every major operating system: Windows, Mac OS X, Linux, and *BSD. Windows SSH ClientsThere are several Windows SSH clients, both free and commercial.
UNIX SSH Clients (including Mac OS X, Linux and *BSD)For operating systems based on a UNIX variant, such as Mac OS X, Linux, or one of the *BSD flavors, there is usually an SSH client built into the system in the form of a terminal emulator. There should be no software to install in order to have an SSH client. For UNIX, Linux and *BSD systems, the type of terminal emulator available will vary depending on the window manager installed. These systems will also have the ability to connect via SSH directly from the console or command line of the operating system. For Mac OS X systems, the terminal emulator is the Terminal application, which is located in the Applications > Utilities. This is NOT the Console application - use only the Terminal application as an SSH client. Mac OS X users can also purchase SecureCRT, or use the free iTerm2 client.
Connecting to your Virtual Server using SSHOnce you have located an SSH client to use, you can connect to your VS using the SSH protocol. You will need to know the following information:
Using PuTTY (Windows)To connect to your Virtual Server using PuTTY, you will need to add the settings for the VS to the PuTTY configuration. More information on configuring PuTTY can be found at the official documentation - PuTTY Documentation Page. You will need to know the IP address of the Virtual Server, and once you are connected via PuTTY you will need to know the username and password for the user. Using a Terminal Emulator program (Mac OS X, UNIX/Linux, *BSD)Open the Terminal Emulator program, and at the command prompt enter the following command, making sure to substitute the IP address of your Virtual Server for IP_ADDRESS: Login using the correct username and password, and you should be at the command prompt for the VS. Using SSH keysIf you are a frequent SSH user, you may want to consider using SSH keys so that you are not prompted for a password every time you log in to your Virtual Server. This is quite useful if you want to set up some type of automated and unattended connection to the VS, such as a backup script. If you manage several servers, SSH keys allows you to quickly log in to each server, and helps to avoid the common shortcut of having the same password on each server. SSH keys are also used by applications such as Git, so that you can commit and clone from a repo without having to enter a password every time. SSH keys work by using a public and a private key. When you connect via SSH from your local computer to the remote server, the SSH protocol matches the private key and the public key together, and then allows the connection to continue without asking for a password. If the public and private key don't match, or if you are connecting to the remote server from a computer other than your local computer where your SSH private key is located, you will be prompted for a password. To set this up, you will need to generate an SSH key pair on your local computer. This creates a private key, and a public key. The private key stays on your local machine, and the public key is placed on the remote server that you want to connect to. You can have your public key on any number of remote servers, but you will have only one private key. Remember to always keep your private key secure. If someone has your private key, they can connect to any remote server where your public key is located without being prompted for a password. Only share your public key.
If you want more information on SSH, there are quite a few resources available online. There are also two books written about SSH: SSH, The Secure Shell: The Definitive Guide, and SSH Mastery: OpenSSH, PuTTY, Tunnels and Keys. Using SSH keys - Mac OS X/Linux/UNIXCreating SSH keys - Mac OS X/Linux/UNIXThis example assumes that you do not already have an SSH key pair generated. If you do, these steps will potentially overwrite them. If you have already set up SSH keys on your local computer, skip this step and go to Moving your public key to the remote server
To generate the SSH key pair, use the This example is from CentOS Linux. Your output may be slightly different on Mac OS X or a different Linux/UNIX OS, but the command and the end result are the same. At the prompt for Enter file in which to save the key, just hit enter. When asked for a passphrase, just hit enter.
There are two files for the SSH key pair - id_rsa and id_rsa.pub.
Moving your public key to the remote server - Mac OS X/Linux/UNIXOnce you have generated your SSH key pair, you can place your public key (id_rsa.pub) on any remote server that you have SSH access to. You can also give the public key to the system administrator of a server where you need to connect to in order to use an application like Git. In this example, you are placing your public key on your Virtual Server, named webhost.vm-host.net. Your user on that VS is webmaster, and your home directory is /var/www/webmaster/data. Remember that this is just an example, you will need to substitute your actual VS, user, and home directory accordingly. If you have a VPS or a VS using the Webmin Control Panel, your home directory would be /home/username. Note that your username on your local computer and your username on the remote server do not have to be the same. The SSH protocol is looking to see if the private and public keys match, it is not looking at the usernames. First, log in to the remote server as your user. Once you are logged in, see if a .ssh directory already exists. Note that the directory is .ssh, not ssh. You will need to use the -a switch to your ls or ll command to see this directory. If the directory does not exist, create it with the mkdir .ssh command. Once you've created the directory, you will need to create the authorized_keys file where your public SSH key will be. Do this with the touch .ssh/authorized_keys command. And then change the permissions on the authorized_keys file with the chmod 600 .ssh/authorized_keys command.
The full command syntax to use is For this example, the command would be This will copy the public key from the .ssh directory to the .ssh directory on the VS, as the webmaster user. Remember to substitute your own details as needed.
To move the public key into the authorized_key file, use the cat id_rsa.pub >> authorized_keys command. Note the two greater than symbols (>>) - this appends the key to the file, instead of overwriting anything that might already be in the file.
Connecting to the remote server - Mac OS X/Linux/UNIXTo test, open a new SSH terminal window, and try to connect to the Virtual Server using SSH. It is important that you leave your existing connection open and connected - if you did something wrong, and your test fails, you may find yourself locked out of the VS as that user.
Notice how there was no password prompt. This is because the SSH protocol compared the public and private keys, found that they matched, and allowed the connection. If the keys had not matched, you would have been prompted for a password before being allowed to log in. Using SSH keys - WindowsThese examples use PuTTY, a free SSH client for Windows. If you use a different SSH client, you will need to consult the documentation for that client to find out how to generate and use SSH keys. Creating SSH keys on Windows with PuTTY Key Generator (PuTTYgen)To generate an SSH key pair on Windows, go to Start > All Programs > PuTTY > PuTTYgen This opens the PuTTY Key Generator. ![]() Under the Actions menu you will see Generate a public/private key pair. Click on the Generate button to the right of that.
![]()
![]() To save the public key, copy and paste the public key from the section titled Public key for pasting into OpenSSH authorized_keys file into a file called id_rsa.pub, and save this file into your Documents folder. DO NOT USE the Save public key option - this saves the file in a format that is not compatible with your system. For the private key, the Save private key function works correctly. You will be asked if you want to save the key without a passphrase, click on Yes. You will be presented with a dialog box where you can name the file and the location. PuTTY saves private keys as a file type of PuTTY Private Key Files (.ppk)* - do not change the file type. Moving your public key to the remote server - WindowsOnce you have generated your SSH key pair, you can place your public key (id_rsa.pub) on any remote server that you have SSH access to. You can also give the public key to the system administrator of a server where you need to connect to in order to use an application like Git. In this example, you are placing your public key on your Virtual Server, named webhost.vm-host.net. Your user on that VS is webmaster, and your home directory is /var/www/webmaster/data. Remember that this is just an example, you will need to substitute your actual VS, user, and home directory accordingly. If you have a VPS or a VS using the Webmin Control Panel, your home directory would be /home/username. Note that your username on your local computer and your username on the remote server do not have to be the same. The SSH protocol is looking to see if the private and public keys match, it is not looking at the usernames. First, log in to the remote server as your user. Once you are logged in, see if a .ssh directory already exists. Note that the directory is .ssh, not ssh. You will need to use the -a switch to your ls or ll command to see this directory. If the directory does not exist, create it with the mkdir .ssh command. Once you've created the directory, you will need to create the authorized_keys file where your public SSH key will be. Do this with the touch .ssh/authorized_keys command. And then change the permissions on the authorized_keys file with the chmod 600 .ssh/authorized_keys command. ![]()
Go to Start > All Programs > PuTTY > PSFTP. When the program opens, you will see a window that looks like this. ![]()
For this example, the command would be open webmaster@webmin.vm-host.net This will log you in as the webmaster user, to the home directory. Once you've connected, change directories to the .ssh directory with the cd .ssh command. ![]()
For this example, if the public key was located in your user's Documents folder, you would use put C:_name_rsa.pub ![]()
To move the public key into the authorized_keys file, use the cat id_rsa.pub >> authorized_keys command. Note the two greater than symbols (>>) - this appends the key to the file, instead of overwriting anything that might already be in the file. ![]() Connecting to the remote server - WindowsTo test the connection to the remote server, you will need to exit your current PuTTY session, start Pagent, and then reconnect using PuTTY. To start Pagent, go to Start > All Programs > PuTTY > Pagent When Pagent starts, it puts an icon in the Notification Area of the Taskbar, which is circled in blue in this screenshot. ![]()
![]()
![]() Once you find the file, click on it to highlight it, and click on Open.
![]()
![]() If the public and private keys do not match, or your are connecting from a different computer, you will have to enter a password to log in. | |||||||||||||||||
|