Accessing the Cloud via SSH and SFTP

The MODX Cloud does not provide FTP access. To gain access to your site's file system, you need a SFTP client or to use SSH from the command line. SFTP is not a feature of an FTP server, it is a feature of the SSH server. It provides a secure access to the server.  SSH means "Secure SHell", and provides a secure login and command shell for the remote server. MODX Cloud provides you with the information you need to use SFTP or SSH to access your site's files.

While you can use a password login, it is far easier and more secure to use an SSH public/private key pair. These are easy enough to generate. On Windows you will need to use your SFTP client, such as puTTY, to generate the keys. On *nix systems, such as linux or OS X, it's done with the command line. Open a Terminal app window (I prefer to use a third-party terminal app called iTerm), and enter the following:

ssh-keygen -t rsa

There are some options offered, just accept the defaults and you'll be fine. I've given it a different filename so it won't overwrite my existing keys. You can specify a password to allow access to the keys; I don't because no one has access to my computer and my sites aren't that important. If I were working for a company, or developing for clients, I would, just in case somebody got ahold of my computer and started hacking around in it.

Generating public and private keys

You will now find three files in your user's .ssh folder - id_rsa,, and known_hosts. The file you'll use on the remote host is the, the "public" key. Never, ever share the "private" key, id_rsa! When you first log in to a remote host via SSH, it will return a unique fingerprint. This is so that you can check to make sure that your session login hasn't been hijacked by a hacker. That fingerprint will automatically get added to the known_hosts file. Every time you log in, your system will check the remote server's fingerprint against your known_hosts file. And remember, Never ever share your private key, id_rsa!

SSH Keys on OS X

The MODX Cloud has made it simple to install your public key on all of your Clouds, no matter which Cloud servers they are on. Simply go to your user profile, and open the SSH Keys tab. Click on Add Key, and fill out the form. Give it a name, then copy your public key's text into the Public Key field. Open your file in a text editor, and copy and paste that text into the field. Make sure you are using the public key file!

Registering your public key

Now you can log in without a password with SSH/SFTP on all clouds in your account without any further fuss or bother.

Using a SFTP Client

I use CyberDuck for my SFTP client. There is a version for Windows as well.

Open a new connection, and fill in the information. Choose SFTP from the protocol drop-down at the top, it will automatically set the default SFTP port for the server (22 for sftp). For the server, copy the server from the MODX Cloud SSH information. Likewise the username. Skip the password, and use the file selector for the location of your SSH private key. There should only be the one,  "~/.ssh/id_rsa". This is not giving access to that file, just telling Cyberduck where it is so the server can verify your public key against it. I have no idea how that works, beyond that it basically tells your computer "Hey, I've got this public key that says it's yours, are you the correct owner?" and your computer will check it against the private key and say "Yes, that's my public key." If there's a problem with the verification, the Cloud server will refuse the connection.

CyberDuck SFTP client

Now, once you've got the connection working, you'll have a window for accessing the files on your Cloud instance. CyberDuck does not provide a local files window, it just uses the Mac Finder windows.

CyberDuck files window

SSH From the Command Line

From the start, let me confess that I cheat a lot. For the command line, I keep a text file on my desktop in a Working folder. In that text file I save the command lines that I use the most. All I need to do is edit the parts of the comman line that are specific to the server, or in this case the Cloud instance, that I need at the moment. Then I just copy and paste that text line into my iTerm terminal. I also copy a lot from the example I find online, especially from various MODX tutorials and GitHub examples. So the command line doesn't have to be as difficult as some might think.

To log in to an SSH server, you need your username and the server address. Since we've already set up our private/public key authentication, we don't need to worry about passwords. Again, the information we need for ssh login is supplied by the Cloud.

ssh username@hostname

Here's the info that the Cloud shows you, and how to use that in a SSH login session. Don't worry, this was a temporary development Cloud instance, and has been deleted since these screenshots were taken.

SSH login information

Just enter the correct username and server, and your public/private key will take care of authorization. No need for the password.

Command line SSH login


← TeleportModxBuilding the Web Your Way →