Last Update: July 25, 2021
Codelab Objective
In this codelab, we will configure SSH access to an Amezmo application instance. We will create an SSH key pair, upload the public key to Amezmo and then connect using SSH.
Revision History
- 2021/07/25: First release
- Application instance. Complete the codelab Amezmo .NET Hello World.
- Basic understanding of SSH Key Pairs.
- Basic understanding of SSH Public Key authentication.
- The program ssh-keygen installed on your system.
More Information
- SSH-KEYGEN for Windows. This program is installed as part of the Git version control system: link.
- SSH.COM has a nice article to brush up on SSH Public Key authentication.
- SSH.COM has a nice article on configuring SSH config file for OpenSSH client.
- An alternative to ssh-keygen is PuTTYgen.
- Bitvise provides a very good SSH and SFTP GUI client for Windows. This is my preferred client for Windows.
An Amezmo application instance contains an SSH server. You can connect to the application instance using SSH. Before we can connect, we must create an SSH key pair and upload the public key to Amezmo.
There are two items to specify. The first is the filenames to write the key pair to. The second is the private key size in bits. 1024 bits is the minimum usuable size today. 2048, 3072 or 4096 is recommended. We will use 4096 bit private keys.
Open a command prompt and run the following command:For Windows systems:
ssh-keygen -f %HOMEPATH%\.ssh\amezmo -b 4096
For Linux systems:
ssh-keygen -f ~/.ssh/amezmo -b 4096
The above command will generate two files: amezmo and amezmo.pub.
- amezmo is the private key and is used locally with the SSH client.
- amezmo.pub is the public key and is upload to Amezmo.
SSH clients use the SSH private key to connect to an SSH server. SSH Servers use the SSH public key to verify the client. Using the SSH key pairs, the SSH protocol selects a symmetric encryption key to encrypt and protect traffic.
Using a text editor, such as notepad, open the public key file amezmo.pub that was created by ssh-keypair in the previous step. Select everything and copy to the clipboard.
Add pubic key
In the Amezmo application window, select the Overview tab. Located below the HTTP Metrics section is the SSH section. Click the Ellipsis (three horizontal dots). This brings up a menu. Select Add public key.
A dialog will appear. Enter something for the Key name and paste the contents of the SSH public key into the Public SSH key control. Click Add key when complete.
Enable SSH
Next enable SSH. Click the green slider button to enable SSH. Click trusted IP address to enter your public IP address to only allow your system to connect to the application instance SSH server. Make note of the SSH command underneath the SSH green slider. We will use that in a later step.
Only trusted IP addresses are allowed to connect to the Amezmo application instance. Amezmo has a nice feature to auto detect your public IP address.
Under Trusted IP addresses, click on the text entry control. Your public IP address will be present in the drop-down list. You can add multiple IP addresses. At this time, CIDR blocks (1.2.3.0/24) cannot be entered.
Make note of the SSH command underneath the SSH green slider.
Open a command prompt and run the following command:
For Windows systems:
ssh -p 15001 deployer@37426aa0f1.lb2.amezmo.co -i %HOMEPATH%\.ssh\amezmo
For Linux systems:
ssh -p 15001 deployer@37426aa0f1.lb2.amezmo.co -i ~/.ssh/amezmo
The SSH client will connect to the Amezmo application instance. You must approve connecting to the application instance.
The authenticity of host '[37426aa0f1.lb2.amezmo.co]:14501 ([18.123.456.123]:15001)' can't be established. ECDSA key fingerprint is SHA256:v5S4LcCx9abf2WVEWa5kgw2ZTtVJD1GDnWm0P+Oamdw. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added '[37426aa0f1.lb2.amezmo.co]:14501,[18.123.456.123]:15001' (ECDSA) to the list of known hosts. Welcome to Ubuntu 16.04.6 LTS (GNU/Linux 4.4.0-1099-aws x86_64) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support: https://ubuntu.com/advantage The programs included with the Ubuntu system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. deployer@mywebapp-edc6e01a27:~$
You now have a Linux shell running within the application instance. This is useful while debugging your application running in Amezmo. Do not forget that any changes you make will be lost when the container restarts or an application is deployed.
Limitations:
- No root privileges. Sudo is disabled.
- Cannot access protected parts of the system.
- Cannnot install applications.
If you are like me, you connect to numerous systems via SSH. Remembering hostnames, IP addresses, SSH key pairs, and usernames can be challenging.
Fortunately, the SSH client supports a configuration file config located in the ~/.ssh directory.
Edit, or create a file named config located in the ~/.ssh directory and add the following content:
Host mywebapp HostName 37426aa0f1.lb2.amezmo.co Port 15001 User deployer IdentityFile ~/.ssh/amezmo
If you have configured a domain name for this application, use the domain name for the hostname. The port number is unique to each application instance.
Host mywebapp HostName mywebapp.example.com Port 15001 User deployer IdentityFile ~/.ssh/amezmo
SSH.COM has a document on the format of the SSH config file
SSH config file for OpenSSH clientIn this codelab, we setup SSH access to our application instance. We also configured trusted IP addresses and setup ~/.ssh/config to remember our connection information.
More Information
- Amezmo - Managed Application Hosting
- Amezmo - Managed .NET Hosting
- Amezmo - Managed PHP Hosting
- Amezmo - Managed Laravel Hosting
- Amezmo Documentation
- SSH.COM - What is SSH Public Key authentication?
- SSH.COM - SSH config file for OpenSSH client