Enable SSH keys

Previous step

Install Magento prerequisites

The SSH protocol is designed to maintain a secure connection between two systems—in this case, your local working environment and your Magento Commerce Cloud Git project.

When initially setting up your local environment, you need to add the SSH keys to the following specific environments:

  • Starter: Add to Master (Production) and any environments you create by branching from Master
  • Pro: Add to Master Integration environment. After your Staging and Production environments are provisioned, you can add the SSH keys to those environments through the Project Web Interface or via SSH and CLI commands.

You must create an SSH key pair on every machine and workspace that requires access to Magento Commerce Cloud project source code and environments. The SSH keys allow you to connect to GitHub to manage source code and to connect to cloud servers without having to constantly supply your username and password.

You can add multiple SSH keys for each system or workspace that you use.

The SSH keys require the following:

For more information on SSH keys, see the following:

Locate an existing SSH key pair

An existing SSH key pair is typically located in the .ssh subdirectory of the user’s home directory. This folder is hidden and may not display in the file manager or finder unless configured to display hidden files and folders.

You can quickly verify if you have SSH keys by entering commands using terminal access.

To check for SSH keys, enter the following command:

1
ls ~/.ssh

If you have SSH keys, a directory listing is displayed similar to the following:

1
id_rsa  id_rsa.pub  known_hosts

If you do not have SSH keys, you need to generate the keys for adding to your Magento ECE account and GitHub account. See Create a new SSH key pair.

If you already have SSH keys, continue to:

Create a new SSH key pair

Use the ssh-keygen command to create an SSH key pair. ssh-keygen is typically installed on Linux systems.

To create an SSH key pair:

  1. The command syntax follows, entering the email used for your GitHub account:

    1
    
    ssh-keygen -t rsa
    

    GitHub also uses the key length -b 4096 in the command. Follow the prompts to complete the key.

  2. When prompted to “Enter a file in which to save the key,” press Enter to save the file to the default location. The prompt displays the location.

  3. When prompted to enter a secure passphrase, enter a phrase to use like a password. Make note of this passphrase. You may be requested to enter it depending on tasks you complete using a terminal during development.

  4. After creating the SSH key pair, start the ssh-agent:

    For Mac or Linux:

    1
    
    eval "$(ssh-agent -s)"
    

    For Mac, you can edit the ~/.ssh/config file to automatically load keys into the ssh-agent and store passphrases in your keychain.

    1
    2
    3
    4
    
    Host *
        AddKeysToAgent yes
        UseKeychain yes
        IdentityFile ~/.ssh/id_rsa
    

    You can specify multiple SSH keys by adding multiple IdentityFile entries to your configuration.

    For Windows:

    1
    
    eval $(ssh-agent -s)
    
  5. Add the SSH key to the ssh-agent. If you used a different name for the key file name, replace id_rsa with that file name.

    For Mac:

    1
    
    ssh-add -K ~/.ssh/id_rsa
    

    For Windows or Linux:

    1
    
    ssh-add ~/.ssh/id_rsa
    
  6. Add your SSH key to your GitHub account. The instructions include Mac, Windows, and Linux.

Test the SSH keys

After adding the SSH keys, test the SSH connection to GitHub:

  1. In the terminal, enter the following command:

    1
    
    ssh -T git@github.com
    
  2. You may see a warning that the authenticity of the host can’t be established followed by an RSA fingerprint. Enter yes to continue.

  3. If successful, you should receive a success message. If you receive a permission denied error, see Error: Permission denied (publickey) troubleshooting on GitHub.

Add a public SSH key to your Magento account

You can add SSH keys to your account in any of the following ways:

Add a key using the CLI

To add an SSH key using the CLI:

  1. Open a terminal application on your local workstation.
  2. If you haven’t done so already, log in (or switch to) the Magento file system owner to the server on which your SSH keys are located.

  3. Log in to your project:

    1
    
    magento-cloud login
    
  4. Add the key:

    1
    
    magento-cloud ssh-key:add ~/.ssh/id_rsa.pub
    

Add a key using the Project Web Interface

You will select and add your SSH public key to each environment in your account.

  • Starter: Add to Master (Production) and any environments you create by branching from Master
  • Pro: Add the key to Staging, Production, and Integration environments

To add an SSH key using the Project Web Interface:

  1. Copy your SSH public key to the clipboard.

    If you do not already have SSH keys on that machine, see GitHub documentation to create them.

  2. Login and access your project through the Project Web Interface.
  3. In your selected branch, an icon displays if you do not have an SSH key added.

    No SSH key

  4. Copy and paste the content of your public SSH key in the screen.

    Add SSH key

  5. Follow the prompts on your screen to complete the task.

Set global Git variables

Set required global Git variables on the machine to commit or push to a Git branch. These variables set Git credentials for accessing your GitHub account.

To set variables, enter the following commands on every workspace:

1
git config --global user.name "<your name>"
1
git config --global user.email <your e-mail address>

For more information, see First-Time Git Setup

SSH access with MFA

Magento Commerce Cloud projects that have multi-factor authentication (MFA) enabled require all Magento Commerce Cloud accounts with SSH access to have two-factor authentication and to complete additional steps when using SSH to connect to GitHub or to project environments. See Enable MFA for SSH access.

Unable to access projects without MFA

If you authenticate to a project with multi-factor authentication (MFA) enabled, you might receive the following error when connecting to other projects that do not require MFA:

1
2
   ssh abcdef7uyxabce-master-7rqtabc--mymagento@ssh.us-3.magento.cloud
   abcdef7uyxabce-master-7rqtabc--mymagento@ssh.us-3.magento.cloud: Permission denied (publickey).

During the SSH certificate generation, the Magento Cloud CLI adds an additional SSH key to your local environment. That key will be used by default if your local SSH configuration does not include the SSH key for project access.

To add your SSH key to the local configuration:

  1. Create the config file if it does not exists.

    1
    
     touch ~/.ssh/config
    
  2. Add an IdentityFile configuration.

    1
    2
    
    Host *
      IdentityFile ~/.ssh/id_rsa
    

    You can specify multiple SSH keys by adding multiple IdentityFile entries to your configuration.

  3. Reload your SSH configuration to apply the changes.

    1
    
     source ~/.ssh/config
    

Next step

Set up the Magento file system owner