Skip to main content

How can I connect through SSH?

Updated

You can connect with your hosting package through SSH. It is possible then to use the system user which belongs to your hosting package for commands directly to the server. This can be used for simple management tasks such as moving, renaming or adjusting files, or for example to push and manage websites and applications using git.

What you will need

To use SSH, you will need two things. You need to use a SSH client. This should be connected through a valid, cryptographic key.

SSH client

There is a wide variety of possible clients. In principle, there is no restriction there. Widely used clients are for example PuTTY (Windows) or the standard built-in SSH functionality in the terminal for macOS and Linux. In this manual, PuTTY (download here) and the terminal for macOS and Linux are used as examples and explained below.

Generating a private / public key

To connect through SSH, the connection needs to be encrypted. This is done by using a private / public key pair, of which the public key is used on the server of your hosting package. The private key is always stored locally and is used by the SSH client. It is important that the private key remains exactly that: private. Never share this key and store it safely.

The private key is named for that reason, keep it strictly private! The security of the encryption relies on the fact that this is safely stored on your own local device, and in no circumstances is it shared with others. Take therefore extreme care when storing your private key.

Windows

  1. In Windows, you can generate cryptographic keys with PuTTYgen - the key generator included within PuTTY. PuTTY and PuTTYgen can be downloaded here. Once you have downloaded it, start the program.

  2. Choose the parameters for the to be generated key pair, for example RSA and 4096 bits. The PuTTY client will then ask you to move your mouse randomly over the window, to help generate randomness for generating the keys.

     

    Kies de parameters voor het aan te maken key pair. bijvoorbeeld RSA en 4096 bits.

    3. When the keys have been generated, they appear in the window. Fill out a strong, made up passphrase and, if you want, a comment.

For security reasons, it is vital to choose a strong passphrase. If you do not do so, then a leaked private key can give anyone who has ill intentions access to your hosting environment. By setting up a good passphrase. access is only possible through the private key and passphrase combination. 



 

4. Click on 'Save private key'. Choose a good location to save it. The private key has now been stored.

The public key is shown in the top of the window. You can copy it; you need this in the steps to follow to enable SSH access from DirectAdmin. 


 

If you want, you can also save the public key by clicking 'Save public key', or you can generate this later again by loading in the existing private key with 'Load'.

5. Then add your public key within DirectAdmin.

Connecting with PuTTY

  1. Connecting with PuTTY entails a number of steps. First, open the PuTTY client. You will get the following interface:
    De interface van de PuTTY client.
     

  2. On the left hand side, under 'Category', there is a menu with settings for the connection. We will only need three, the first one being the top-most, 'Session'. 


     

  3. Fill out under 'Host name (or IP address)' your domain name. If your domain points to an external location, but you want to use SSH anyway to connect to your hosting package, you can consider using a subdomain through DNS-management and use that one as hostname, so for example sub.example.com. You can leave the port on 22. Then, go to 'Data' which you can find under 'Connection'. 


     
  4. In the 'Data' screen, fill out your DirectAdmin username. 

    The next step is to enter the private key which we generated earlier, and of which the public key has been added within DirectAdmin. Go to 'SSH', unfold this in the menu and click on 'Auth'.

    Bij „Authentication parameters”, kies je voor de „Browse”-knop en zoek je de private key op die je eerder met PuTTYgen hebt gegenereerd.

     
  5. Click in the third block, 'Authentication parameters' on 'Browse...' and select the location of your private key you generated earlier with PuTTYgen. By selecting the private key, PuTTY will use that key for connecting.



     
  6. The last course of action is to save the session, so you can easily start this on repeated use. Go back to the first menu-item, 'Session'. Fill out a name of your own choosing, for example 'YourdomainhereSSH' and click on 'Save' to save your session.
  7. You can now start the connection by clicking on 'Open' within PuTTY. Your terminal will start and it will ask for the passphrase you have chosen. 

 

macOS and/or Linux

  1. On macOS and Linux, you can generate the SSH key directly through the command line. You can use the SSH-keygen command for this. Open a terminal, and use the following command:

     

    $ ssh-keygen -t rsa -b 4096 -f ~/.ssh/myhostingpackage-ssh

     

  2. The SSH-keygen command will ask for a 'passphrase'. Choose a strong password for this.

For security reasons, it is vital to choose a strong passphrase. If you do not do so, then a leaked private key can give anyone who has ill intentions access to your hosting environment. By setting up a good passphrase. access is only possible through the private key and passphrase combination. 

Note down the location to which the private key has been stored. 
 

   3. You can then request the generated public key within the same terminal.

 

$ cat ~/.ssh/myhostingpackage-ssh.pub

 

Copy this public key; you need it in later steps when adding the public key to DirectAdmin. 

 

Connecting through the terminal

Setting up the SSH connection via macOS or Linux can be done through the terminal. This can be done via the 'ssh' command, in which you enter the previously generated private key for authentication. The full command has the shape of the following:

 

$ ssh -i <pathtoprivatekey> <username@hostname>

 

If for example your username is user12345, your domain is example.com and you saved the private key as the previous example as ~/.ssh/myhostingpackage-ssh, then the command becomes the following:

 

$ ssh -i ~/.ssh/myhostingpackage-ssh user12345@example.com

Run this command, accept the fingerprint of the server, and enter the passphrase you have chosen. You are now successfully connected with your hosting package.

 

DirectAdmin

To connect safely through SSH, the server needs to grant you access. It needs to identify your SSH client to do so. We can do this by adding the generated public key within DirectAdmin.

For extra security, there is a restriction in place based on the used IP-address. It is therefore possible that you need to grant access through DirectAdmin again, when your IP-address changes or when you connect through a different network or location.

  1. Log onto DirectAdmin.
  2. In the menu on the left hand side, click on 'Extra Features' and then on 'SSH'.


     
  3. You will get the following screen:



    Fill out the relevant IP-address. Then, choose when the address expires, give the key a name, and paste the public generated key within the 'Key' field. Make sure you never paste your private key there. Below, the different fields are explained further.

    IP: This is the IP-address from which the SSH client needs to connect. This is empty per standard, but you can click 'Use current IP address' to use the IP address with which you logged onto DirectAdmin. A single SSH-key can be used by multiple IP-addresses, so you can use the same device to connect through SSH, even if you are at home or at work.

    Expires in: This is the expiration period of the access. SSH-access with a specific key or IP is valid for a set period, varying from one minute until one year. When a key is expired, it is not being removed, but is shown as 'expired' under 'Current access', and can no longer be used to connect. 

    Add to: Here you can indicate to which existing key you want to connect the IP, or you can choose 'New key' to add an entirely new key. When you choose the option 'New key', the fields below become visible.

    Key name: Here you can name the saved key, so you can recognize it later. For example, 'Laptop Jack' or 'Desktop work' - a name with which you can trace the origin of the device/client.

    Key: This is the field in which you paste the earlier generated public key. See above in this manual for generating such a key.

    Is everything according to your wishes, click on 'Add IP to key'. The public key and IP-address are then saved, and from then on connecting through SSH is possible.

     

Adding multiple IP-addresses to a key

It is possible to, as described earlier, add a new IP to an existing key. You can do this so that you can connect through your laptop from different locations. 

This is possible by filling out the new IP-address and then in the dropdown behind 'Add to', select an existing key. Finally, click on 'Add IP to key'.

Expiration and denying access

It is possible that a key in DirectAdmin has expired, or you want to deny access from a key to SSH. In both cases, you can delete saved keys. 

Under 'Current access', you can see the access currently granted for SSH. You can then check the entire key or just a specific address. Click on 'Remove keys and/or IPs' to remove your selection.

Keep in mind

Through SSH, you have full control over the webspace of your hosting package. This is of course a huge advantage, and a reason to use SSH instead of FTP-clients or DirectAdmin itself. 

This freedom however, comes at a cost. The wrong command or a typo can, for example, delete the entire hosting package or make sure that your hosting package is no longer functional. 

We recommend therefore not to use SSH, unless you know what you are doing. Even if that is the case, do be careful and create good and reliable back-ups which you store elsewhere than the hosting package. With the greater freedom SSH offers, the importance of responsible use is increased as well. 

Related articles