Using SSH keys allows greater security than a password when remoting into a machine, using SFTP, or WP CLI on a remote machine – however, they do require more work to setup.
For security reasons, I generate a new key pair for each site I work on. To generate a new key pair I do the following.
$ cd ~/.ssh $ ssh-keygen -t rsa -b 4096 -f sal-example-site-rsa -N "my passphrase is sal is awesome" -C email@example.com
- “example-site” with the actual site name
- “my passphrase is sal is awesome” with a randomly generated phrase
- “firstname.lastname@example.org” with the relevant email address
This creates two new files:
Putting the Files in Place
You can quickly copy your SSH key to the remote server with the following command
ssh-copy-id email@example.com -i ~/.ssh/sal-example-site-rsa
Alternatively, you can copy your file to the server the long way. After creating these files, on the remote server I create a
~/.ssh directory if one doesn’t exist. (e.g. by SSHing into the account and trying
cd ~/.ssh and if that fails (
Then I upload
sal-example-site-rsa.pub into the new directory renaming it to
~/.ssh/authorized_keys already exists on the server, I append my new key.
Now I can SSH in without using my password, e.g.
ssh firstname.lastname@example.org -i ~/.ssh/sal-example-site-rsa
We can reduce this further by using the
By adding the following to the end of the file
Host example HostName example.com User myuser IdentityFile ~/.ssh/sal-example-site-rsa
I can now SSH in with