How to SSH to your deploy user
Use the official OpenSSH ssh client for following these instructions. Other tools (such as GUI tools) may also work, but we do not normally provide support for them.
We have create a unix user called
deploy for you to deploy your source code into. This user has deliberately restricted privileges in order to prevent privilege escalation attacks.
Once you have connected initially, we recommend that you restrict access to the master SSH key for the
deploy user and set up individual SSH keys for each of your developers. This article explains how to do this: How to manage deploy user SSH keys for multiple developers.
Using SSH on Windows
We recommend that you use one of these SSH clients for Windows:
- For Windows 10: SSH from the Windows Subsystem for Linux (WSL)
- For older versions of Windows: PuTTY
- Git for Windows comes with a Cygwin version of Bash, which includes SSH in an emulated posix environment
We recommend not using the Windows Executable builds of the OpenSSH Client, because they have not been maintained for many years. We have been unable to find a recent working build of OpenSSH for Windows.
Install SSH keypair
We provide you with a set of SSH keys specifically for connecting to your deploy user on each machine that we have set up for you. This is a separate keypair which will go alongside your default keypair (usually
id_rsa) and any other keypairs you might have installed.
Copy the SSH keypair into place:
cd [the location where you downloaded and extracted your credentials] cp example.medstack.net-deploy_ssh_key* ~/.ssh/
If you have multiple machines, copy each of the keypairs into
Install ~/.ssh/config settings
Check if you already have a file called
If you don't have it, create one:
This is a very useful file that can configure all SSH settings or settings for specific hosts. For full documentation about what you can do, use
Your credentials package contains a file
config. To install the SSH configuration for
deploy, open the provided
config file in your favorite editor and copy the contents.
Then open the
~/.ssh/config file and paste at the end of the file (don't replace anything that's already there).
Here's an example of what it will look like:
[any previous contents of ~/.ssh/config] Host deploy-example.medstack.net User deploy IdentityFile ~/.ssh/example.medstack.net-deploy_ssh_key HostName example.medstack.net
Host statement defines a name/alias that you can connect to from ssh on the command line, e.g.
User defines the username to connect to, which is the special
deploy user that we have created for you.
IdentifyFile is the path to the private key for the
deploy account on this specific machine.
HostName is the actual domain name of the server.
SSH to your deploy account
This installed a special
Host block which has an alias to connect to the deploy user on your instance. You can now connect as follows:
This will automatically use the SSH keypair that you copied in the previous step and automatically connect to the