To take full advantage of Pantheon, you should load your public SSH key into your account. SSH keys are a best practice for authentication, allowing you more security than a simple password. You will only need to do this once, no matter how many sites you work on.
Pantheon does not provide access to a shell environment over SSH. These directions allow you to have passwordless access if you configure Git, SFTP, or Drush to use SSH keys.
Open your terminal and enter the following command to generate a key:
This command works on Linux, MacOS, and Windows 10.
Unless you have reason to change it, leave the default location of
~/.ssh/id_rsa. If the command says the key already exists, you can either overwrite it or continue onto the next step with your existing key.
A passphrase is recommended to provide greater security, but can conflict with tools that cannot handle them.
Once the files are created, copy the contents of
~/.ssh/id_rsa.pub to your clipboard.
Linux and Mac users can
catthe file to the terminal and copy the output:
Windows users can achieve the same result with
Generating SSH keys may add your username or the computer's hostname as a comment at the end of the file, making the key invalid on Pantheon. If you have any trouble using your SSH key take a look at the Troubleshooting at the end of the document.
To delete a key, go to the Account page and click SSH Keys. Simply click the Remove button next to the key you want to delete.
If you have no keys remaining but still have active sites, you will still have access to them and can make edits via SFTP and Git using your account password to authenticate.
Spaces or non-standard alphanumeric characters in the SSH key's comments (such as your user or system hostname) may cause the SSH key to not be accepted on Pantheon. To fix this, simply edit the user or hostname and remove spaces and any non-standard characters. This will not affect the key itself as the user and hostname are simply appended as a comment for reference.
You may receive the following error:
ControlPath too long fatal: Could not read from remote repository.
Check your SSH config files (by default,
$HOME/.ssh/config and /etc/ssh/ssh_config) for a declaration like this:
Host * ControlMaster auto ControlPath ~/.ssh/control-%l.%r@%h:%p
There are two ways to fix this. First, try adjusting the
Controlpath line as shown below:
Host * ControlMaster auto ControlPath ~/.ssh/control-%r
If this doesn't fix the issue try creating an entry in your SSH configuration for your site specifically by its hostname. Also, don't use the
ControlMaster option but do use the
ControlPath line as shown below, replacing
SITE_UUID with your site's UUID:
Host *.SITE_UUID.drush.in ControlPath ~/.ssh/control-%r
This error occurs when a user is attempting to make a direct connection to Pantheon via SSH. Pantheon does not support direct SSH connections.
Password requests may still occur after adding an SSH key to your Pantheon account if the corresponding key is not found by your local ssh-agent. To resolve, add your SSH key to the ssh-agent using the following command, replacing
id_rsa with the name of your private key, if different: