SSH & SFTP using SSH Keypairs

SSH Keypairs allow you to login to your MODX Cloud instances, without having to lookup the SSH credentials. It also allows you to give a collaborator (temporary) access without disclosing confidential information about the MODX Cloud instance. If you have a team that regularly collaborates on sites, this can make adding them to work with SSH or SFTP much more convenient and quick.

Only add RSA public keys, preferably 4096-bit, for security purposes. DSA keys are hack-fodder, and sadly still commonly used.

Give SFTP or SSH access without giving away your password

To add additional users for SSH/SFTP access:

  1. First, connect to your instance using the SSH credentials found in your MODX Cloud Dashboard.
  2. Once connected, type in the following to update the list of allowed SSH keys which can connect to your instances:
    nano ~/.ssh/authorized_keys
  3. Go to the end of this file—a list of authorized public keys which can connect to the instance using the SSH user show in your Dashboard—by pressing the down-arrow key, and add a new line with the enter-key. You'll want to copy/paste an RSA public key from your team member onto this line. You can add multiple keys at once, just put each one on a new line.
  4. To save the authorized_keys file, press ctrl+x when you are done adding keys, at the save prompt press y, then press the enter-key when it asks if you want to save over the file. 

Testing SSH Connections

First, add your own public key to using the instructions above.

Assuming your cloud instance to which you are granting users access is, enter the following command after doing so at your terminal (modified to match your actual internal MODX Cloud URL):


If your key is valid, you will be prompted to add the host to your local ~/.ssh/known_hosts file; do so. If this works you can then add additional team members to your instance in the same way as above.

Have more questions? Submit a request


Please sign in to leave a comment.