How to SSH to your deploy user

Use the official OpenSSH ssh client for following these instructions. Other tools (such as GUI tools) may also work, but we do not normally provide support for them.

We have create a unix user called deploy for you to deploy your source code into. This user has deliberately restricted privileges in order to prevent privilege escalation attacks.

Once you have connected initially, we recommend that you restrict access to the master SSH key for the  deploy user and set up individual SSH keys for each of your developers. This article explains how to do this: How to manage deploy user SSH keys for multiple developers.

Using SSH on Windows

We recommend that you use one of these SSH clients for Windows:

We recommend not using the Windows Executable builds of the OpenSSH Client, because they have not been maintained for many years. We have been unable to find a recent working build of OpenSSH for Windows.

Install SSH keypair

We provide you with a set of SSH keys specifically for connecting to your deploy user on each machine that we have set up for you. This is a separate keypair which will go alongside your default keypair (usually id_rsa) and any other keypairs you might have installed.

Copy the SSH keypair into place:

cd [the location where you downloaded and extracted your credentials]
cp example.medstack.net-deploy_ssh_key* ~/.ssh/

If you have multiple machines, copy each of the keypairs into ~/.ssh/.

Install ~/.ssh/config settings

Check if you already have a file called ~/.ssh/config.

cat ~/.ssh/config

If you don't have it, create one:

touch ~/.ssh/config

This is a very useful file that can configure all SSH settings or settings for specific hosts. For full documentation about what you can do, use man ssh_config.

Your credentials package contains a file config. To install the SSH configuration for deploy, open the provided config file in your favorite editor and copy the contents.

Then open the ~/.ssh/config file and paste at the end of the file (don't replace anything that's already there).

Example ~/.ssh/config

Here's an example of what it will look like:

[any previous contents of ~/.ssh/config]

Host deploy-example.medstack.net
    User deploy
    IdentityFile ~/.ssh/example.medstack.net-deploy_ssh_key
    HostName example.medstack.net

The Host statement defines a name/alias that you can connect to from ssh on the command line, e.g. ssh deploy-example.medstack.net.

User defines the username to connect to, which is the special deploy user that we have created for you.

IdentifyFile is the path to the private key for the deploy account on this specific machine.

HostName is the actual domain name of the server.

SSH to your deploy account

This installed a special Host block which has an alias to connect to the deploy user on your instance. You can now connect as follows:

ssh deploy-example.medstack.net

This will automatically use the SSH keypair that you copied in the previous step and automatically connect to the deploy user.

Still need help? Contact Us Contact Us