How do I allow multiple people to connect using SSH?
Our instructions for using SSH to make shell connections explain how to connect using your master account password.
It’s also possible to connect using a different method, called SSH keys. Using keys has a big advantage over using a single password: multiple people can each have their own key, so you don’t need to share passwords at all. And if you have multiple domain names hosted with us, each domain name can have its own keys.
SSH keys can also be used to provide key-based secure SFTP access to multiple users.
To use SSH keys, you first need to “generate” them. Each person who will connect should have their own key.
While we don't have detailed instructions explaining how to generate a key on this page, here are third-party pages that explain the process:
- Generating a key on Windows using PuTTYgen
- Generating a key on a Mac using ssh-keygen
- Generating a key on a Linux computer
We strongly recommend protecting each key with its own passphrase (which can be completely different from any password you have with our company).
Once you've generated the key, you’ll get a “public key” part that looks something like this example:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0X5UPVf+m8a2+X0iSKoqiCKvWw3U5i9yod G/Q0xSg9fNHyRwGFXBdeI61N4fH1y6efafRjXsf7U4NeuyHQRG3MwHSiDUyDmukcuOmOZVUqS dBoxJRdHztetxtbrm0ye1YsYrw9MrFgSAtT8F firstname.lastname@example.org
Add your public key (as a single line) to the file ~/.ssh/authorized_keys of your account on our servers. You can create the directory and edit it from the shell with these commands:
mkdir -p ~/.ssh editor ~/.ssh/authorized_keys
(You’ll still need to use your master password to login for this initial shell connection, of course.)
If you’re adding multiple keys, put each key on its own single line. The most common mistake is accidentally splitting a single key into multiple lines, or adding multiple keys on to the same line.
That’s all it takes. Once you’ve done this, following our SSH connection instructions from a computer that has the key will no longer require a password — but will still be completely secure because nobody else knows the “private” part of the key that‘s stored on your own computer. That key uses much stronger encryption than a password, and is additionally protected by a local passphrase on your computer if you followed our recommendation above.
Other advantages of using SSH keys
Using SSH keys has other advantages beyond “you don’t need to share passwords”. For example, you can restrict certain keys so that they can only login from certain IP addresses, like this:
from="192.0.2.0/24" ssh-rsa AA...8F email@example.com
This example allows connections only from IP addresses with reverse DNS ending with “comcast.net”:
from="*.comcast.net" ssh-rsa AA...8F firstname.lastname@example.org
And this allows connections from any IP addresses except ones with reverse DNS entries ending in “.cn” or “.ru”:
from="*,!*.cn,!*.ru" ssh-rsa AA...8F email@example.com
There are many other options available, described on the authorized_keys man page.