Per site generated SSH key pair

From VUB Hosting
Jump to: navigation, search

For each hosting instance, we provide an automatically generated SSH key pair.

How it works

In the main directory of your hosting (eg. /var/www/local/yoursite), there is a directory ".ssh" (this is a hidden directory, so you will need to enable viewing hidden files in your sftp client, or manually type the address).

Therein are 3 files: id_rsa,, and authorized_keys. The public key is added to the authorized_keys file. This means the private key can be used to log on to the site over SFTP.

The most important application of this key pair is the Wordpress update plugin, because of the way it works. When installing an update, the updater will log on to itself over SFTP and upload the new program files to itself. Since we exclusively work with SSH keys, an SSH key pair that allows logging in to the site is necessary. Because it is not safe to use your own (secret) private key for this purpose, we put one in place upon installation.

How to use

  • Navigate to the .ssh directory
  • Copy the id_rsa file to a location outside this directory, eg in the main directory of the hosting. Be sure NOT to put it in the (public) "www" directory!!
  • The permissions on the copied file need to be at least "readable for group" (see File Management). If not, your Wordpress installation will not be able to read it.
  • When the Wordpress updater asks the location of the private file, you can point it to /var/www/local/yoursite/id_rsa

Perhaps it will be necessary to perform the same operation with

Also consider removing the permissions you have your copied id_rsa file again after using it. Thus, Wordpress won't be able to SSH to itself in case a security hole is abused.