SSH Access
With private benches, comes a whole new power to SSH into your bench and run arbitrary commands. You can SSH into a particular version of your Bench using this feature. Here are the steps required to SSH into a particular bench:
Add SSH key to your Cloud account
Visit the Settings page in your Cloud dashboard and scroll to the "SSH Key" section:
Clicking on "New SSH Key" button should open up a dialog with an input box. Enter your SSH public key in this input box
About copy/pasting keys
It's in your best interest to use one of the following commands to reliably copy your ssh key into your clipboard. Afterward, you can simply paste into the above input box.
Mac OS
pbcopy < ~/.ssh/id_rsa.pub
Linux
Pre-requisite: wl-clipboard
wl-copy < ~/.ssh/id_rsa.pub # Wayland
If the above command fails, try below. Needs: xsel
cat ~/.ssh/id_rsa.pub | xsel -ib
Windows (Git Bash)
clip < ~/.ssh/id_rsa.pub
Manually selecting from text editor and copying can lead to invalid keys. If you have to select the key, please cat the file and copy the output.
cat ~/.ssh/id_rsa.pub
Generate SSH certificate & SSH
Navigate to your bench dashboard and click on the three dots beside your bench as shown in the below screenshot. You will see a drop-down with multiple options you can click on the SSH Access. If you have correctly added your SSH key , the SSH Access option should be visible.
Clicking on the button will open up a dialog:
Now, click the Generate SSH Certificate button. This will generate an SSH certificate for you, valid for 6 hours, which you can then use to SSH into your bench:
Note: These commands only work on Linux and macOS machines.
Note: Everytime you need SSH access to a particular version of a bench, you will need to generate a new SSH certificate. This certificate is valid for 6 hours. After that, you will have to regenerate the certificate from the bench dashboard.
Follow the instructions shown in the dialog (copy-paste the commands into your terminal). After you have successfully added the certificate locally, you should be able to run the given
ssh
command to gain access to your bench:
That's it! You can now run commands you like
bench restart
,
bench build
and more. Have a look at the
debugging
guide for things you can and shouldn't do.
FAQ
Access denied on SSH: Private key contents do not match public
If you see the following error on your local machine.
identity_sign: private key /home/user/.ssh/id_rsa contents do not match public
This is probably because the key you've added on Cloud does not match the one you're using for ssh on your local.
The fingerprint you see in your dashboard
should match the output of
ssh-add -l
(as ran on a linux environment)
If they don't match, please review your local setup. Github's ssh docs are pretty good.
Received disconnect from host: Too many authentication failures
If you receive this error even after adding the correct keys, and it is likely that you have 3 or more keys in your system, it's possible that the ssh certificate doesn't get the chance to be tried out before all the other keys and thus end with auth failure.
To circumvent this, you can add the following options to pick your key corresponding to the certificate only
ssh -o "IdentitiesOnly=yes" -i <path_to_key>
where path_to_key is path to the private key of the key you added on Cloud. Should be something like ~/.ssh/id_rsa
SSH from powershell on windows does not work
Please read this issue for workaround.
Cannot copy files over SSH (SCP)
Our ssh sessions are provided over a proxy connection and thus scp and other tools that depend on it will not work.
Alternatively, you can upload the files to an external service such as Google Drive (as a zip) and download the same using wget after ssh-ing into your bench.
VS Code over ssh does not work
Same reason as above. VS Code uses scp to make this happen.
You must supply a key in OpenSSH public key format
Your ssh key should look something like:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC05RWHZSNEMPyzzY5MVZ/KBt5UCh6eUIRL0yp3oSFpsFECt4tGCdwQxJ9tggflh/JZ2rFZ8K4oznvp54qDAIjxNdOMLsiloMUqTh3CXWkApD7TRot9nHOuKISw8L/tguINkJ3xxaHIZidyZFabQeC5zlkLBRupPo/smN0WTkdGa1qcgSODnv3ZUKAWV+RXLEfdHjkBllNNYXWsBO43YdPj3wEUWpVR060c9gXxcXJVLWizXP4M5O/N6zN038FK7USWh3She3yFYE1gsUx2mFpPwjUtsehtrlMHs9Fx+RmMnnmoZLdlaWodudn0ePqo5K+MVenhmMu5GcoiPOKrEC4XhQPuTagnfBsSh05XshZ8eYRwJBDLZ7RpiKdQD92Uz36JO/LtItVJmqyxPa8UNoGr5ty3CdRDggilUXCUx9yvPlW0N2GxTDQprFXTeqc0WD5f5SXpbJ6GPHHjPatnJev7neFH+Rua4pmx5JJanM7B7zSCueKyMqsHgIAhOTjrj1s= your-name@your-os
The your-name@your-os part is optional
What is username for PuTTY
Given the ssh command looks like
ssh username@hostname -p 2222
-
username is the bench name. Eg: bench-0001-000001-f1-mumbai
-
port is 2222
-
host is the proxy name, which should be something like n1-mumbai.frappe.cloud
I can't ssh and none of the FAQs help
Don't panic. Please create a ticket on support.frappe.io with output of your ssh command with the -vvvv option.
ssh <bench-name>@nx-region.frappe.cloud -p 2222 -vvvv
This will help us debug the issue quickly. Adding the output of
ssh-add -l
command also helps.