Web Hosting - (LAMP) Key-based authentication
This document describes how customers can use public key authentication (aka: ssh key auth ) to send and receive files via their SFTP accounts on DoIT Shared Hosting's Linux/Apache platform. One of the main features of public key authentication is that the user does not need to remember a password to connect.
For Work Load Automation Services (Secure File Transfers, Scheduler, Document conversion, etc.) please see:
https://it.wisc.edu/services/workload-automation/
Set up a key-based connection from your computer to the web site
- Using your SFTP application or the Admin Control Panel's File manager (see Web Hosting - Publishing and Managing Your Web Account), locate the authorized_keys file in the .ssh directory located at the root of your webspace.
- Copy the contents of your computer's the public key (~/.ssh/id_rsa.pub, C:\Users\<username>/.ssh/id_rsa.pub) into the authorized_keys file. The authorized_keys file can have many keys in it, but each key must be on its own line of the file.
- Consult the documentation for your SFTP application for how to integrate your private key into the client's SFTP connection if needed.
Set up a key-based connection from the web site
This is a less common scenario, but it might come up if, for example, you have an automated process that offloads files from your web site to another machine.
- To find the public key for your web site, use your SFTP application or the Admin Control Panel's File manager (see Web Hosting - Publishing and Managing Your Web Account) to locate the id_rsa.pub file in the .ssh directory located at the root of your webspace.
- Paste the contents of this file into the authorized_keys file on the destination machine.
- Obtain three pieces of information about the destination machine: A) its public key, B) its domain name and C) its IP address.
- Copy the public key from the destination machine and paste it into the known_hosts file in your web site's .ssh directory, making sure the whole key is on a single line.
- Edit the beginning of the line to include the domain name of the destination machine followed by a comma, then the IP address of the destination machine and a single space. The beginning of the line should look like this:
destination.domain.wisc.edu,
144.92.9.70
ssh-rsa AAAAB3Nz
... - Contact Web Hosting if you're interested in creating a scheduled task (Web Hosting - Scheduled Tasks and Crontab) that automates the transfer of files from your web site to another machine.
Note for Git users: Follow steps 1 and 2 of GitHub's instructions to find or generate an SSH keypair using the steps for your computer's operating system. (NOTE: If you want to be able to use key-based authentication with no password required, do not enter a passphrase during the keypair generation process.)
Update ssh keypair in Plesk with Git extension
- This requires that you are using Plesk's Git extension. Click on the Git Icon from your Plesk Dashboard.
- Click on the "Switches" Icon to edit the configuration.
- Click "Add New Deploy Key"
- Copy the contents of this new key.
- In GitLab from your repository, navigate to "Settings" -> "Repository" -> "Deploy keys" and add the new key.
- From Plesk, try to "Pull Now" to confirm the new key is working.