Accessing Reclaim Cloud Containers by SSH and SFTP using Public and Private Keys

Goodness, I hate working with public and private keys. But that's the only way to access Reclaim containers by SSH (for SSH file transfer and SSH terminal access).

I'm using WinSCP for SFTP access and Powershell for SSH. You have to install OpenSSH in Windows to get it to work.

The process has three parts:

- create the keys (public and private)

- register the keys with Reclaim

- use the keys to access the site

Create the Keys

You can create the keys in PowerShell using OpenSSH. Instructions here. 

- Open Powershell and type the command:

        ssh-keygen -b 4096

When it asks for a file name, type whatever you want (I typed: reclaim ). This will create two files: a public file and a private file. Here's what it looks like running this:

You may wonder where the keys are (I know I did). They are in your home directory, in my case, in:

    C:\Users\steph\

Note: your files might save in a .ssh subdirectory. You might not be able to see this directory, but it's there. If you type the address directly in Explorer, you can find it: C:\Users\steph\.ssh

Once you've created these files you can move them wherever you want.

Register the Keys With Reclaim

You need to tell Reclaim about the keys. The way to do this is to share the public key (reclaim.pub) with them. Also take note of the private key file (reclaim).

Click on the 'Public Keys' tab and then on the green 'Add Public Key' button.

You'll see a form to add the key name and value:

Name the key anything you want (I'll just call it 'Reclaim' to keep it the same as the key).

To get the value for 'Key', open up the key on your desktop (in my case, C:\Users\steph\reclaim.pub) using any plain text editor like Notepad. It will look like this:

Copy all the text and paste it into the form on Reclaim, like this:

Click the green Add button and you're done. You'll see your new key listed (with a 'fingerprint') in your list of SSH keys in Reclaim.

Use the keys to access the site

Get the Login Information

A Reclaim Cloud site might have several parts - typically a load balancer, application, and database. No matter what part you're trying to access, look for the little wrench icon:

Note: you have to hover your mouse cursor over the service you're trying to access. Otherwise you won't see the icons. In this case, I hovered over 'Load Balancer' and then selected the wrench icon.

This will display the list of options. Select the 'SFTP / SSH Gate' tab.

Take note of the following information:

- Host: gate.my.reclaim.cloud

- Port: 3022

- Username: 9721-89

For any given server, the host and the port will always be the same, but you'll use different user names to access different services.

Login Using SSH

To login using SSH use your Windows Powershell. The command is always the same; only the options change:

   ssh username@host -p port -i private_key_file

The easiest way to login is to login from wherever you saved your private key file, which in my case (recall) was my home directory: C:\Users\steph

If your private key in in a different directory, you'll need to either change directory in Powershell, or provide the full directory name for your private_key_file name.

So to access my server, I type the following into Powershell:

   ssh 9721-89@gate.my.reclaim.cloud -p 3022 -i reclaim

I've underlined the command I typed in red. The rest of the text is generated as Powershell logs into my remote site and then displays my command prompt. From there I can execute commands on my server (to edit configuration files, install software, etc.).

That's it!

Login Using SFTP

I use SFTP a lot to quickly transfer files in and out of my server. My SFTP application of choice is Win_SCP but any SFTP application will work the same way.

To get started, I open Win_SCP and create a new tab:

The Tabs window will open. Click on 'New Site' to set up the new site.

 

Make sure the file protocol is 'SFTP'. Enter the host, post, and user name values:

Then, click on 'Advanced' and select 'Authentication' from the left hand menu:

Click on the three dots to the right of where it says 'Private key file' and select the private key file you saved previously (note that it might not show up unless you make it display 'all files' in the dropdown on the right):

As you can see, I've selected the file named 'reclaim' that I saved earlier as a private key file.
Click 'Open' and the file name will appear in the SFTP login window.

 

You will get the following warning:

 

Because of course there are two distinct formats. Click 'OK'.

 

 

Save the new PuTTY Private Key (PPK) file by clicking 'Save'. The converted file will be automatically selected. Click OK to confirm; this takes you back to the main Login Window.

Optionally, click 'Save' and give your Tab a site name, which can be anything you want (this will save you from having to do this all next time, but be sure nobody else can access your computer). I called my save 'Data'.

Click 'Login'.

You will be shown the local and remote file structures, and you will be able to transfer files back and forth.

Gotchas

 

Nothing is ever simple. 

 

You will read all over the place that you can generate public and private keys using PuTTY, Microsoft's native SSH platform. This is true. But there are some gotchas.

Here's the link to download PuTTY.

One of the applications you get when you download is called PuTTYgen. Use this to generate keys.

Click 'Generate' then save the desired public and private keys.

All good, and SFTP will work fine. However, Powershell will fail:

- first, the keys saved by PuTTYgen are too open for Powershell. You have to reset the permissions so that only you can access the key. The instructions located here worked fine.

- second, Powershell's SSH tool does not use PuTTY keys. You have to convert them to OpenSSH. You can do this using PuTTYgen. The instructions located here worked fine.

 

Pro Tip

 

You can protect private keys. The most common ways to protect private keys are with a password or with a certificate. I'm not using this here, but if you're worried about someone accessing your private key, you can secure it.

That's it! It feels like a lot and it's easy to forget (and TBH I've learned this several times over and over) but once you get used to it it's fairly straightfoward.