You can use SSH keys to connect with Terminal to your hosting account, and also to connect with SFTP programs like FileZilla. Using SSH keys is more secure than using a password, with either SFTP (secure FTP, the data is encrypted) or the terminal. Instead of a hacker needing your password, they need to get both your SSH private key and the SSH key’s password.

Any Linux or macOS computer can generate SSH keys using steps I’ll cover; WIndows computers need a similar process.

You need to have one format of SSH key for FileZilla, and one for Terminal to connect to SiteGround. Most other SFTP programs, and most other website hosting companies, use these same two formats.

These instructions for making keys are standard Linux commands; they should work for almost any flavor of Linux, any FTP program and almost any website host. (I’ll give instructions for installing the keys in FileZilla FTP and in SiteGround hosting. You can ask your hosting company for instructions for their SSH and other file transfer programs.)

The generated files are simply text format. You can copy your private key to your other computers (with pretty much any operating system) if you want, although for even better security you use different keys for each device. You can also restrict the IP address (or IP range) that can access a key; if you are using home internet providers, be prepared for the company to change your IP address without warning, which would make your login fail.

Quick version, if you only need the commands

cd ~/.ssh
ssh-keygen -t rsa -b 4096 -C "glerner.info SG" -f gli-sg
puttygen gli-sg -C "glerner.info SG" -O private -o gli-sg.ppk

Here’s the brief version, then I’ll give an explanation of each of the steps.

Substitute your abbreviation for your site and hosting company where I have “gli-sg”, and substitute your comment in double quotes (I use the comment to keep track of which domain name and host the key is for).

You will be prompted for a password for the SSH key; I advise using one generated by and stored in your password keeper. (I advise against using no password, even though it is permitted.)

Those commands generate a private key file (gli-sg with no extension), a public key file (gli-sg.pub) and a Putty-format key file (gli-sg.ppk), all in your ~/.ssh folder.

To see the key details including comment:

ssh-keygen -l -f gli-sg

All SSH keys should have strict permissions (probably set automatically, check your system):

chmod 600 gli-sg*

in SiteGround Site Tools, Dev section, SSH Keys Manager section, in the Add New section click the Import tab, and then click “Import Key from File” and browse to the public key you created (with the .pub extension).

While you are in SSH Keys Manager, in the Manage SSH Keys section, click the “hamburger” 3 dots under “Actions” at the right of the key you just generated, click “SSH Credentials”. I paste this information into LastPass, in the Notes for the SSH record for this site. You will use it in FileZilla and in your SSH Config file.

In FileZilla, import the .ppk file (gli-sg.ppk) in Site Manager, General tab, Logon Type: key file, specify the Key file. Fill in the other SSH Credentials. In the Advanced tab, fill in the path on your computer and on the server to your WordPress public_html folder.

Add the SSH details to your ~/.ssh/config file. For Host, put the initials you use for your site; you will be typing this in the SSH terminal command. Fill in your hosting company’s connection info (user, host, port). For IdentityFile, put the path to your private key file. For my convenience, I put the two forms of path to WordPress as comments:

Host GLI
    User YOURUSER
    Hostname YOURHOSTNAME
    Port YOURPORT
    Compression yes
    IdentityFile /home/YOURCOMPUTERNAME/.ssh/gli-sg
# ~/www/YOURHOSTNAME/public_html/wp-content
# /home/YOURUSER/www/YOURHOSTNAME/public_html/wp-content

A good tutorial on .ssh/config, see https://linuxize.com/post/using-the-ssh-config-file/

With that in your .ssh/config file, you would connect via SSH with simply:

ssh GLI

Your scp commands would reference GLI: for example copy a file from your computer’s ~/sites/ folder to your hosting WordPress folder

scp ~/sites/mysite/file1.txt GLI:/home/YOURUSER/www/YOURHOSTNAME/public_html/file1.txt

Tip: I add a line on my hosting account’s ~/.bashrc file

WP="$HOME/www/YOURDOMAIN/public_html"

Substitute the path to your WordPress, inside the double quotes.

Reload .bashrc without logging out and back in

source ~/.bashrc

With this, cd $WP is really nice.

Can’t You Use Keys from Your Host?

These commands might not be needed for your hosting. Your hosting might provide SSH keys that work with your FTP program.

As of June 2021, I’m using Linux Mint 19 Tara with Cinnamon version 3.8.9 and Linux Kernel 4.15.0-142-generic. I want to connect to SiteGround hosting, with Filezilla 3.28.0 (the newest in the Mint repository, though it was built 2017-10-18, ancient). I also want to connect to SiteGround with Terminal (SSH connections and SCP file copy).

The SSH key currently generated with SiteGround’s Site Tools, in the Dev menu, SSH Keys Manager, does work with SSH from Mint’s Terminal, but FileZilla does not recognize that key format. FileZilla doesn’t even give a message about it. (You can check if it works, SiteGround will hopefully update this soon.)

Note: as of May 2021, https://my.siteground.com/support/tutorials/ssh/putty says SiteGround generates OpenSSH format, and Putty can read it and convert it. Nope, puttygen release 0.70 can’t. And FileZilla can’t read it either, it only uses Putty format.

Save Your SSH Key Info in LastPass

Any password keeper that generates passwords, stores other kinds of private information, and is accessible from all your devices, would work. I use the free version of LastPass.

Make sure you use a highly secure password for your password keeper’s master password; see my article on Making a Secure Memorable Password Phrase.

I immediately copy the generated password, paste it into a SSH record in LastPass, in the Passphrase field; then paste it into Terminal when prompted (twice).

Remember, in Terminal you need to press Shift-Ctrl-C to copy and Shift-Ctrl-V to paste (or use the menu); Ctrl-C in Terminal is for canceling the current task.

LastPass has two things very useful for SSH keys:

1) I use LastPass to generate a random password, with upper and lower case letters and numbers and no special characters. Some versions of Putty (on some operating systems) don’t like passwords with a few of the special characters that LastPass could include.

2) LastPass has fields for saving SSH Information, so I don’t have to put everything in the notes area. I save the password in LastPass, and paste the private and public keys, and save the connection information from SiteGround in the Notes. I also put the SSH command to connect to SiteGround in the Notes, for use if I’m away from my computer. Tip: The Private Key section in LastPass looks like a single line, and that your pasting didn’t work; however, if you use arrow keys to scroll up inside the field, you see all of your key.

You can have the same password and SSH key for each website in a single hosting account. (Use a single LastPass entry for them.) You should never use the same password on websites on different hosting accounts.

Tip: some web browsers and operating systems prompt for passwords in a way that is difficult to switch windows to get your password, so get your password from LastPass into your clipboard, before you connect to SSH. The LastPass add-on for Firefox lets me move around with the mouse to copy the password, but I can’t type in it while Terminal has the password dialog open.

To make a key for Terminal SSH, using your Linux Mint terminal:

cd ~/.ssh
ssh-keygen -t rsa -b 4096 -C "glerner.info SG" -f gli-sg

~/.ssh is the folder to store your SSH keys in.

ssh-keygen is the command to generate SSH keys.

-t rsa is the type of SSH key to generate, RSA keys are very common. Use RSA unless the server you are connecting to uses a different type; ask their technical support people.

-b 4096 is the number of bits to use. (The only other common number to use is -b 2048, there is no reason to use lower bits unless the server you’re connecting to doesn’t yet take 4096 bits.)

-C “glerner.info SG” is a comment, substitute your domain name and hosting company, inside the double quotes, for your keeping track of your keys.

-f gli-sg is the base file name to save to; again, substitute a short way to know which website and host the key is for. You’ll be typing the file name often, so keep it short.

To make a key for FileZilla, using your Linux Mint terminal:

You will make the Putty-format key from the key you just generated, with the password you just created:

cd ~/.ssh
puttygen gli-sg -C "glerner.info SG" -O private -o gli-sg.ppk

(Yes, puttygen can generate a key directly, if you only need a key for FileZilla; I’m going to keep these instructions clearer with only one method.)

Start in the ~/.ssh folder.

puttygen will convert a key to Putty format

gli-sg specify the file name of the existing (RSA format) key

-C “glerner.info SG” is a comment. That’s an upper-case C. Specify your domain name and hosting company, inside double quotes, for your keeping track of your keys.

-O private is the output format. That’s an upper-case oh.

-o gli-sh.ppk is the output file name. That’s a lower-case oh.

Adding Your SSH Key in SiteGround

In SiteGround’s Site Tools, Devs menu, SSH Keys Manager, in the Add New section click the Import tab. Type a name for the key, and click “Import Key from File”.

Select the public key you created (with the .pub extension).

In SiteGround’s Site Tools, Devs menu, SSH Keys Manager, in the Manage SSH Keys section, click the “hamburger” 3 dots icon under “Actions” at the right of the key you just generated, click “SSH Credentials”. I paste this into LastPass, in the Notes for the SSH record for this site.

You will use this information in FileZilla and in connecting via SSH.

You’ll also use this in your ~/.ssh/config file (if you don’t have one, create it).

SiteGround information looks like this:

Hostname: YOURDOMAIN
Username: YOURUSERNAME
Password: The SSH key password
Port: The SSH and FTP port

Installing Your SSH Key in FileZilla

Now in FileZilla Site Manager, select the site (or add a new site), and in the General tab set the Host and Port that SiteGround says for the site.

Set the Protocol to “SFTP – SSH File Transfer Protocol”.

Set the Logon Type to “Keyfile”. Then click Browse by the Key file line, and select the file you created with puttygen (with the .ppk extension).

Set the User that SiteGround says for the site. (SiteGround used to have a single user for all your sites, now it has a different user for each site on your account.)

in the Advanced tab, you can set the “Default local directory” (browse on your computer), and the “Default remote directory” which for WordPress would be /home/customer/www/YOURDOMAIN/public_html if you’re hosting on SiteGround. You could also use the Username that SiteGround gave for your site, instead of “customer”.

Save the settings, as soon as you install the key in SiteGround you will be able to connect with FileZilla.

Making SSH Easier From Your Computer

In ~/.ssh/config you will put this, substituting what SiteGround provided for your site:

fill in those lines. For IdentityFile, put the path to your private key file. For my convenience, I put the two forms of path to WordPress as comments:

# YOURDOMAIN on SiteGround
Host INITIALSFORYOURSITE
    User YOURUSERNAME
    HostName YOURDOMAIN
    Port YOURPORT
    Compression yes
    IdentityFile /home/YOURCOMPUTERUSERNAME/.ssh/gli-sg-rsa.ppk
# ~/www/YOURDOMAIN/public_html
# /home/YOURUSERNAME/www/YOURDOMAIN/public_html

For Host, put the initials you use for your site; you will be typing this in the SSH terminal command.

From your hosting company’s connection info (user, host, port), substitute your values for YOURDOMAIN, YOURUSERNAME, and YOURPORT.

For IdentityFile, specify the full path on your computer of the .ppk file you just created.

The lines that start with # are comments.

~/www/YOURDOMAIN/public_html is what you’ll most often type for changing folders to your WordPress files.

/home/YOURUSERNAME/www/YOURDOMAIN is what you would use in scripts, or for settings in WordPress plugins, for example where to store backup files or log files.

With that in your .ssh/config file, you would connect via SSH by copying your SSH key password to the clipboard, and typing:

ssh GLI

Remember, in Terminal you need to press Shift-Ctrl-C to copy and Shift-Ctrl-V to paste (or use the menu); Ctrl-C in Terminal is for canceling the current task.

This is much simpler than the normal way of connecting via SSH, ssh USER@HOST_NAME -pPORT with an optional path:

ssh YOURUSERNAME@YOURDOMAIN~/www/YOURDOMAIN/public_html -p18765

You’re done. You now have secure FTP file transfer, and a secure shell connection to your hosting account. Your SSH connection command is very simple.

Viewing Key Information

ssh-keygen -l -f ~/.ssh/gli-sg
(If you leave off the file, ssh-keygen prompts you to enter file in which the key is.)

Displays as
BITS ENCRYPTION:KEYFINGERPRINT YOURCOMMENT (ENCRYPTION TYPE)
e.g.
4096 SHA256:6cbM3giCtcUuS8VipCQDF9Xdsx+LWVeayxpvespHgrM glerner.info SG (RSA)

Restrict Access to Specific IP Addresses

You edit the server’s ~/.ssh/authorized_keys file. In front of the relevant entry, you add the IP address or IP range. For example

from="192.168.1.0/24" ssh-rsa AAAAB3NzaC...

That would restrict access to the local network.

Pin It on Pinterest

Share This