Using SSH keys allows greater security than a password when remoting into a machine, using SFTP, or WP CLI on a remote machine – however, they do require more work to setup.
For security reasons, I generate a new key pair for each site I work on. To generate a new key pair I do the following.
$ cd ~/.ssh
$ ssh-keygen -t rsa -b 4096 -f sal-example-site-rsa -N "my passphrase is sal is awesome" -C sal@example.com
Note: Replace:
- “example-site” with the actual site name
- “my passphrase is sal is awesome” with a randomly generated phrase
- “sal@example.com” with the relevant email address
This creates two new files:
sal-example-site-rsa
sal-example-site-rsa.pub
Putting the Files in Place
Quick Way
You can quickly copy your SSH key to the remote server with the following command
ssh-copy-id myuser@example.com -i ~/.ssh/sal-example-site-rsa
Long Way
Alternatively, you can copy your file to the server the long way. After creating these files, on the remote server I create a ~/.ssh
directory if one doesn’t exist. (e.g. by SSHing into the account and trying cd ~/.ssh
and if that fails (mkdir ~/.ssh
).
Then I upload sal-example-site-rsa.pub
into the new directory renaming it to authorized_keys
.
If ~/.ssh/authorized_keys
already exists on the server, I append my new key.
Now I can SSH in without using my password, e.g.
ssh myuser@example.com -i ~/.ssh/sal-example-site-rsa
ssh shortcut
We can reduce this further by using the ~/.ssh/config
file.
By adding the following to the end of the file
Host example
HostName example.com
User myuser
IdentityFile ~/.ssh/sal-example-site-rsa
I can now SSH in with
ssh example
Leave a Reply