Information for: DEVELOPERS   PARTNERS

Enabling SSH access

For each application, Acquia Cloud creates a Unix user account called the site user. An application’s Drupal or PHP code runs as a site user, and all of the application’s environments, including the Development, Staging, and Production environments, use this same account. If there is more than one application on a single web server, Unix security permissions keep the applications isolated from one another because each application runs as a different Unix user.

To use SSH to sign in to your web server as the website user, you must first register SSH public keys for your Acquia user profile, which provides a more secure method of signing in to a virtual private server than using a password alone. You can add as many SSH keys as you want, each with their own nicknames to help you track them. It’s important to note that the SSH key nickname is not a Unix username; the nickname serves only to help identify your SSH keys. You must sign in to the server using the website user’s Unix username.

Requirements

To use SSH to access your server, you must meet the following requirements:

  • Have the appropriate permissions. This means you must be a member of a team assigned to the application, and have a role that includes accessing the server with SSH.

  • Register an SSH public key in your Acquia profile, as described in Adding a public key to an Acquia profile.

    Note

    • After you add an SSH key, it may take Acquia Cloud several minutes until you can use the key to access your server.
    • The ssh-ed25519 key is not supported on Acquia Cloud because it is not FIPS compliant.

Accessing your server using SSH

When you connect to an environment with SSH, your PATH and other environment variables are configured exactly as they are for web processes, cron jobs, and Cloud hooks. In particular, whichever version of PHP you have configured will be the first in the PATH, and therefore will be the default in your SSH browser session.

Note

You can use SSH to access multi-tier web servers or single-tier servers; however, you can’t use SSH to directly access Acquia Cloud Enterprise database servers. Database servers generally have a server name that starts with fsdb or fsdbmesh. For Acquia Cloud Enterprise applications, you can examine the Servers page in the Acquia Cloud interface to review the server type. If the service for a server is listed as Database, you can’t use SSH to directly access the server.

To use SSH to access your servers, you can either use the ssh command line application, or, if you’re a Windows user, you can use the PuTTY SSH client.

After you enable SSH access, you can access your application’s web servers using a command in the following form:

ssh [SSH address]

where [SSH address] is your environment’s server name. To determine your environment’s server name, in the Acquia Cloud interface visit the Servers page for your application’s environment.

The following table includes several sample host names by subscription type:

Host name Subscription level
srv-1.devcloud.hosting.acquia.com Acquia Cloud Professional
ded-1.prod.hosting.acquia.com Acquia Cloud Enterprise, single-tier
web-1.prod.hosting.acquia.com Acquia Cloud Enterprise, multi-tier
web-1.[realm].hosting.acquia.com Acquia Cloud Site Factory (replacing [realm] with your realm)

As an example, the following command connects to the Staging environment of a website named example on the server named srv-456.devcloud.hosting.acquia.com:

Windows users can use PuTTY (a free Telnet/SSH client) that provides a command-line access to your files.

To install and configure PuTTY on your computer, complete the following steps:

  1. Download PuTTY to your computer.

  2. Start the application.

    Note

    When you run PuTTY, either enter the connection information for your server or load a browser session previously configured to connect to your web server, and then click Open.

  3. Go to Category > Session, and in the Host Name (or IP address) field, enter the SSH address of the environment. For information about Acquia Cloud environment servers, including their SSH addresses, go to the Servers page in the Acquia Cloud interface.

  4. Go to Category > Connection > SSH > Auth, and in the Private key file for authentication field, browse for the private SSH key file stored on your computer.

  5. Go to Category > Session, and in the Saved Sessions field, enter a descriptive name for the server connection.

  6. Click Save.

You can now use the session you created to connect securely to Acquia Cloud.

SSH and RSA key warnings

If you receive the following warning message when attempting to use your SSH key, it may indicate that your server has been relaunched:

WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!

For information about how to handle this warning message, see SSH and RSA key warnings after a server relaunch.