Setting up a VaultPress AWS SSH User

This guide is specifically for folks who have an AWS install and are trying to set up SSH for their site in the VaultPress system. We highly recommend setting up these credentials as soon as possible as we need credentials in order to restore your site or resolve some security threats. Backups can proceed without credentials but will be faster with them! You can learn more here.

Step 1: Create a system user specifically for VaultPress.

These commands will get you started in this process:

sudo useradd vaultpress sudo passwd vaultpress sudo usermod -a -G www-data vaultpress

Important note: For the last command, change www-data to the user that your web server runs on – usually apache, www-data, or nginx.

Step 2: Check the access level

Make sure both your AWS security group and your instance’s iptables allow unrestricted access to SSH (from VaultPress’ IP ranges), HTTP (and HTTPS if you have a secure site).

Step 3: Generate a RSA key from the VaultPress user’s account

You will need to run these commands:

sudo su vaultpress ssh-keygen -t rsa

From there, accept the defaults provided by the system and leave the pass phrase blank.

Finally, save the contents of your VaultPress user’s private key for later use: cat ~/.ssh/id_rsa, copy/paste to your local computer, and save.

Step 4: Set up key authentication in the VaultPress dashboard

At this point, we assume you have a working WordPress installation with Jetpack and VaultPress both installed and connected.

Before proceeding, be sure you have your root key pair, your VaultPress user private key, and server address handy.

  • Log into your VaultPress Dashboard > select “Settings” on the left hand side
  • Select the first credentials option “SSH”, and enter your server address, SSH port (usually 22), and the vaultpress user’s username. Leave the password field blank.
  • Click “Show Public Key”. Copy and paste the contents of the black public key box into a new file on your computer.

 

  • Using your terminal, log back into your new server and add the public key to your vaultpress user’s authorized_keys file. You will do these using these commands:
sudo su vaultpress nano ~/.ssh/authorized_keys
  • This will open up a new file. From there, paste in the contents of the VaultPress public key and save the file.
  • From there, you will need to set the permissions to 600 by running this command:
chmod 600 ~/.ssh/authorized_keys
  • Click “Save” in the VaultPress dashboard to save your SSH credentials.

Congratulations

Congrats! If there are no errors, you successfully completed one of the more complicated VaultPress integrations. Celebrate by backing up and restoring quickly and without issue!

Important notes:

  • Make sure you have a system user for VaultPress to use.
  • Give your system user read access (and if you plan to do restores, write access) to your WordPress ABSPATH.
  • Turn off password authentication if possible. This will help make your system much more secure.
  • Copy the public key from your VaultPress dashboard to your user’s ~/.ssh/authorized_keys file, and make sure that file has 600 permissions.
  • Secure your AWS root .pem file as well as your vaultpress user’s private key id_rsa. These files can provide unrestricted access to your site. You need to keep them available to yourself, however, for future use.