With private benches, comes a whole new power to SSH into your bench and run arbitrary commands. You can SSH into a particular version of your Bench using this feature. Here are the steps required to SSH into a particular bench:

Add SSH key to your Frappe Cloud account

Visit the Settings page in your FC dashboard and scroll to the "SSH Key" section:

SSH Key Addition Section

Clicking on "New SSH Key" button should open up a dialog with an input box. Enter your SSH public key in this input box


About copy/pasting keys

It's in your best interest to use one of the following commands to reliably copy your ssh key into your clipboard. Afterward, you can simply paste into the above input box.

Mac OS

pbcopy < ~/.ssh/id_rsa.pub

Linux

Pre-requisite: wl-clipboard

wl-copy < ~/.ssh/id_rsa.pub # Wayland

If the above command fails, try below. Needs: xsel

cat ~/.ssh/id_rsa.pub | xsel -ib

Windows (Git Bash)

clip < ~/.ssh/id_rsa.pub

Manually selecting from text editor and copying can lead to invalid keys. If you have to select the key, please cat the file and copy the output.

cat ~/.ssh/id_rsa.pub

Generate SSH certificate & SSH

Navigate to the version of the bench you want gain SSH access to. For this, you can go the bench dashboard and open the Versions tab. If you have correctly added your SSH key, SSH Access option should be visible in Actions on your bench version page:

SSH Access Option

Clicking on the button will open up a dialog:

SSH Access Cert Generation Dialog

Now, click the Generate SSH Certificate button. This will generate an SSH certificate for you, valid for 6 hours, which you can then use to SSH into your bench:

Note: These commands only work on Linux and macOS machines.

SSH Access Certificate

Note: Everytime you need SSH access to a particular version of a bench, you will need to generate a new SSH certificate. This certificate is valid for 6 hour. After that, you will have to regenerate the certificate from the bench dashboard.

Follow the instructions shown in the dialog (copy-paste the commands into your terminal). After you have successfully added the certificate locally, you should be able to run the given ssh command to gain access to your bench:

SSH Terminal

That's it! You can now run any commands you like bench restart, bench build and more. If you face any issue in getting SSH access, please feel free to raise a support ticket and we will be happy to help!

FAQ

Access denied on SSH: Private key contents do not match public

If you see the following error on your local machine.

identity_sign: private key /home/user/.ssh/id_rsa contents do not match public

This is probably because the key you've added on Frappe Cloud does not match the one you're using for ssh on your local.

The fingerprint you see in your dashboard

fingerprint dashboard

should match the output of ssh-add -l (as ran on a linux environment)

If they don't match, please review your local setup. Github's ssh docs are pretty good.

Received disconnect from host: Too many authentication failures

If you receive this error even after adding the correct keys, and it is likely that you have 3 or more keys in your system, it's possible that the ssh certificate doesn't get the chance to be tried out before all the other keys and thus end with auth failure.

To circumvent this, you can add the following options to pick your key corresponding to the certificate only

ssh -o "IdentitiesOnly=yes" -i <path_to_key>  

where path_to_key is path to the private key of the key you added on Frappe Cloud. Should be something like ~/.ssh/id_rsa

SSH from powershell on windows does not work

Please read our workaround in this issue for workaround.

Cannot copy files over SSH (SCP)

Our ssh sessions are provided over a proxy connection and thus scp and other tools that depend on it will not work.

VS Code over ssh does not work

Same reason as above. VS Code uses scp to make this happen.

You must supply a key in OpenSSH public key format

Your ssh key should look something like:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC05RWHZSNEMPyzzY5MVZ/KBt5UCh6eUIRL0yp3oSFpsFECt4tGCdwQxJ9tggflh/JZ2rFZ8K4oznvp54qDAIjxNdOMLsiloMUqTh3CXWkApD7TRot9nHOuKISw8L/tguINkJ3xxaHIZidyZFabQeC5zlkLBRupPo/smN0WTkdGa1qcgSODnv3ZUKAWV+RXLEfdHjkBllNNYXWsBO43YdPj3wEUWpVR060c9gXxcXJVLWizXP4M5O/N6zN038FK7USWh3She3yFYE1gsUx2mFpPwjUtsehtrlMHs9Fx+RmMnnmoZLdlaWodudn0ePqo5K+MVenhmMu5GcoiPOKrEC4XhQPuTagnfBsSh05XshZ8eYRwJBDLZ7RpiKdQD92Uz36JO/LtItVJmqyxPa8UNoGr5ty3CdRDggilUXCUx9yvPlW0N2GxTDQprFXTeqc0WD5f5SXpbJ6GPHHjPatnJev7neFH+Rua4pmx5JJanM7B7zSCueKyMqsHgIAhOTjrj1s= your-name@your-os

The your-name@your-os part is optional

I can't ssh and none of the FAQs help

Don't panic. Please create a ticket on support.frappe.io with output of your ssh command with the -vvvv option. This will help us debug the issue quickly. Adding the output of

ssh-agent -l

command also helps.

On this page