Introduction

    SSH stands for Secure Shell Handler and is a protocol used to connect securely to a remote server and execute commands. It is the equivalent of opening a terminal window on the remote server. To connect to a BitNami hosted server, you will need a special file named "Private Key". 

    SSH Private Key

    The most secure way to access your server via SSH is by using the SSH Key - password-based authentication is not secure. Each cloud account has an associated SSH key file ("Private key") that you can use to connect remotely to the servers launched using that cloud account credentials. This file needs to be protected, as anybody who has access to it can access your servers. On Linux and OS X, it is necessary to change the file's permissions, so it is only readable by you.

    $ chmod 600 bitnami-hosting.pem
    

    Otherwise you may get a 'bad permissions: ignore key' error.

    How can I download my private SSH key

    BitNami Hosting

    Go to the Servers section, select your server, click 'Manage Server' and use 'Connect'  button. In case you don't have any servers, you can download his file going to Clouds > Manage, clicking on the appropriate cloud account. Click on the appropriate format to start the download: 

    • Select PEM format if you are going to connect from Linux, OS X or other Unix systems
    • Select PPK for Windows Putty, FileZilla and WinSCP. 

    bch_server_manage_connect2.png

     

    AWS Console

    It is not possible to download the SSH key from the Amazon EC2 Control Panel once it has been created. If you launched your server using the Amazon EC2 Control Panel and selected the option to generate a new key pair, it would have been available for download at that time.
    Tabs end
     
    Store the SSH key file in a secure place on your local machine!

    How can I get my private SSH key in PPK format?

    PPK is the private key format used by Windows programs Putty, FileZilla and WinSCP.

    BitNami Hosting

    If you are a BitNami Cloud Hosting client, you can download your key in this format directly: click "Connect" in "Server Manage" view and use "PPK" button. 

    Others

    Otherwise, you will need to convert your downloaded key to PPK format as described here: http://the.earth.li/~sgtatham/putty/0.60/htmldoc/Chapter8.html#puttygen-conversions

    putty-download.png

    putty-conversion.png  putty-conversion2.png

    Tabs end

    How to connect to my server

    Windows & Putty

    Windows does not come with a bundled SSH client by default. It is recommended that you use the freely available Putty utility, which can be downloaded from:

    http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

    You will need to get your SSH key in PPK format

    Once you have your key in PPK format, you can connect following these steps: 

    • Start Putty ( Start Menu -> Programs -> Putty -> Putty ).
    • Enter your machine IP address or public domain name in the Session section. You can find out the hostname of a server by going to the Servers page, selecting the server and clicking 'Manage Server'. The hostname will appear next to Public DNS and it will be similar to 'xyz.bitnamiapp.com. Of course a server needs to be running so you can connect to it.

    • Go to Connection -> SSH -> Auth and add the path to your private SSH PPK key. More Info

    • Go to Connection -> Data using the left menu.
    • Enter "bitnami" as the "Auto-login username".
    • At this point you may save the configuration for future connections: Go to "Sessions", enter a name in the "Saved Sessions" field and click "Save"
    • Click "Open" to start the SSH session.
    • Click "yes" to accept server key if it is the first time you are accessing the server. (more info)

    Note: If you want to connect to another server, you will just need to load the saved connection, change the domain and click "Open"

    If you prefer to use putty from the command line, you should include '-i' and '-l' options as follows:

    > putty -i "C:\Path\To\bitnami-hosting.ppk" -l bitnami example.com
    

    Windows & MobaXTerm

    MobaXTerm is an enhanced terminal with an X server and a set of Unix commands (GNU/Cygwin) packaged in a single portable exe file. You can dowload it at:

    http://mobaxterm.mobatek.net

    You will need to get your SSH key in PEM format. In this case it is not necessary to import your private key into the application, you can use it directly.

     

          

    You can copy files to the machine using the right panel or you can connect to the machine through SSH:

    $ ssh -i private_key bitnami@your-machine-hostname
    

    Linux or Mac OS X

    You will need to get your SSH key in PEM format.

    Linux and Mac OS X come bundled with SSH clients by default. To connect to your server using SSH, you need to open a Terminal and type the following:

    $ ssh -i bitnami-hosting.pem bitnami@xyz.bitnamiapp.com
    

    You will need to replace bitnami-hosting.pem with the path to your private key file and replace example.com with the IP address or hostname of your server.  You can find out the hostname of a server by going to the Servers page, selecting the server and clicking 'Manage Server'. The hostname will appear next to Public DNS and it will be similar to 'xyz.bitnamiapp.com. Of course a server needs to be running so you can connect to it.

    Make sure your SSH key bitnami-hosting.pem has proper permissions. You can set the permissions using the command below:

    $ chmod 600 bitnami-hosting.pem
    
     

    Tabs end

    How can I access my server as the root user?

    By default, you can only log in as the bitnami user to a BitNami-backed machines (VM, AWS, Azure or BitNami Cloud Hosting). Once logged in, you can use the 'sudo' utility to become the super user or execute.

    sudo su
    

    SSH tunnel

    If you want to connect to the local port which is not available from outside, you can use SSH encrypted tunnel. Assuming that your server application is running at the port 9990 and that you want to have access to it from your local port 9991.

    Windows

    If you are using Windows in your local machine you can create the tunnel as follows:

    • Follow the steps to connect using Putty
    • Before opening the connection. Go to Connection -> SSH -> Tunnels, enter the values below and click "Add" button:
      • Source port: "9991"
      • Destination: "localhost:9990"

    A different workaround is using "plink.exe" tool from the Windows command line.

    > plink.exe -i your_key.ppk -N -L 9991:127.0.0.1:990 bitnami@xyz.bitnamiapp.com

     

    Linux and Mac OS X

     If you are in Linux or Mac you can run the following in a console in your local machine (using your Public DNS instead of xyz.bitnamiapp.com):

    $ ssh -v -N -L 9991:127.0.0.1:9990 -i bitnami-hosting.pem bitnami@xyz.bitnamiapp.com
    

    Tabs end

    While the tunnel is active you can connect to your server port 9990 at 127.0.0.1:9991

    Troubleshooting

    The SSH warning: REMOTE HOST IDENTIFICATION HAS CHANGED

    It is normal when you are trying to connect to the same IP but the machine is different, for instance when you assign the static IP address to another server. You can fix the problem by removing the IP address (you are trying to connect) line from your ~/.ssh/known_hosts file.

    If you use Putty, then ssh key mismatch warning looks like below:

    WARNING - POTENTIAL SECURITY BREACH! 
    [...]
    

    In this case click Yes, if you know the reason for the key mismatch (IP address assigned to another server, machine replaced, etc.)

     

    Give SSH access to the another person or your customer

    You should ask your customer to send to you his own public ssh key generated on Linux/Unix/OS X, this way you can give him an access to your machine without sharing your or his private key. 

    Create private/public keys

    If the person to whom you are going to give access doesn't have a private/public key pair yet, he should generate them as described below .

    On Windows he can use PuttyGen. This page explains the process in detail.

    On a Linux/Unix/OS X machine he should use the ssh-keygen command..

    ssh-keygen -b 2048 -t rsa -f ~/newuser_id
    

    When executing this command you will prompted to enter a passphrase to protect the private key.

    This command will generate two files:

    newuser_id: This is the private key. It is personal and your customer should not share it with anyone else. He will use it to access your machine.

    newuser_id.pub: This is the public key. It is the file that your customer will share with you so you can give him access to your machine.

    Copy this file newuser_id.pub to your server.

    Now you have two options:

    • you can create a separate account for him (RECOMMENDED)
    • or just allow him to log into the server using the 'bitnami' account
    Create a separate account

    First you need to connect to your machine as "bitnami" user via SSH. More info how to do so at this wiki page.

    Once you are logged in, to create a new user that will share the same user privileges as "bitnami", you could use the command below:

    sudo useradd -s /bin/bash -o -u `id -u` -g `id -g` new_username

    That will create an alias user for "bitnami". That means it will be able to write into directories such as htdocs or use sudo.

    Now you can configure ssh access for that user. To do that, you can simply copy the bitnami .ssh folder to the new user home directory:

    sudo mkdir ~new_username/ 
    sudo cp -rp ~bitnami/.ssh ~new_username/
    sudo cp -rp ~bitnami/.bashrc ~new_username/
    sudo cp -rp ~bitnami/.profile ~new_username/

    Now you should add the content of the newuser_id.pub file in the /home/new_username/.ssh/authorized_keys file.

    cat ~/newuser_id.pub >> /home/new_username/.ssh/authorized_keys
    

    If you want another person to access your machine using this same account you just need to repeat this last step to add his public key in the authorized_keys file.

    If you want that you user is able to run commands as root user, it is necessary to add your new user to the "bitnami-admins" group. Run the following command as "bitnami" user in your machine:

    sudo usermod -G bitnami-admins new_username
    
    Deleting the additional user account

    The account created following the instructions above shares the same ID that the bitnami user account. If you want to delete this account you need to execute the following command:

    sudo userdel new_username -f
    

    You can confirm that the account has been successfully removed by executing:

    id new_username
    
    Use the 'bitnami' account

    Backup your old authorized_keys:

    $ cp /home/bitnami/.ssh/authorized_keys /home/bitnami/.ssh/authorized_keys.bak
    

    Add your customer public key to authorized_keys (PLEASE BE EXTREMELY CAREFUL to avoid losing ssh access at all)

    $ cat ~/newuser_id.pub >> /home/bitnami/.ssh/authorized_keys
    

    Now you both are able to access the machine as "bitnami".

    You can revert the changes by removing the last line from the /home/bitnami/.ssh/authorized_keys file or by restoring the old authorized_keys file:

    $ cp /home/bitnami/.ssh/authorized_keys.bak /home/bitnami/.ssh/authorized_keys
    
     

    Comments

    You must login to post a comment.