MODX Cloud supports using SSH public key authentication to connect to the Clouds you manage, automatically. This works across all accounts and Clouds.
What is Public Key Authentication?
Public key authentication provides a secure way to login to a server which exceeds the security of passwords that are even hundreds of characters long. In today’s world where every website and server is a target for bad actors, this is a very good thing.
Public key authentication also allows people to log in without entering a password. In short, you should use SSH keys as they both improve security and make accessing servers more convenient. Learn more about SSH Public Key authentication.
How it Works in MODX Cloud
When attempting to connect via public key authentication, MODX Cloud checks to make sure you have access to the account, groups and the Cloud within the account. If you do, it uses the public key in your user profile to complete the authentication. There is no need to manually upload public keys to each project, or remove them if access is later revoked.
Uploading Public Keys
You can upload one or more of the public (“*.pub”) keys to your profile in the MODX Cloud Dashboard.
- Login to the MODX Cloud Dashboard.
- In the upper-right, click the small triangle next to the account name and click on the Profile link to update your Profile.
- Click the SSH Keys tab.
- Click the green Add Key button.
- Give it an optional name—it will default to any comment section of the public key otherwise—and paste your public key into the text box.
- Press the green Save button.
Deleting Public Keys
- From the SSH Keys tab in your Profile, right-click the key you would like to delete.
- In the confirmation dialog box, confirm the deletion, or click the cancel button to leave it in place.
Log into a Cloud with SSH
With your SSH public key(s) added to MODX Cloud, you will not need to provide a password to the ssh command or when using SFTP clients. You can log in with just the username and the hostname, as in the following example:
Note: For the hostname connection, you can use the internal Cloud hostname per the example above or the custom domain names assigned to a Cloud.
Creating Secure SSH Keys
We encourage users to use strong keys when creating SSH keys, e.g. 4096-bit RSA keys or 521-bit ECDSA keys (which are not the same thing as insecure DSA keys).
Using a passphrase (make sure you can recall it!) when creating SSH keys adds another layer of security. With a passphrase, even if your private SSH key is obtained it cannot be used without knowing your passphrase.
The tradeoff to this is, however, that you can’t “automatically” login without a prompt.
While there are many options to consider—learn more about creating SSH keys for Mac, Windows, and Linux at Github.com—we suggest using one of the following two commands to create a key pair if you don't already have an SSH key pair for use in MODX Cloud:
ssh-keygen -t rsa -b 4096 ssh-keygen -t ecdsa -b 521
Having Trouble Connecting Via SSH?
If you're having issues connecting to your MODX Cloud site via SSH, see our document on Troubleshooting SSH and SFTP Connections.