Secure Shell (SSH) Connection Guide

There are some cases where a developer may need to log into a remote instance to do debugging or maintenance work, such as running a Rake task or using a Rails console. For such cases, a developer can log into a remote instance using SSH.

SSH Keypairs

Before connecting to an instance via SSH, you'll have to upload your SSH Public key to JumpCloud.

If you don't yet have an SSH keypair, you can run the following command in your terminal:

$ ssh-keygen -t rsa -b 4096 -C ""

After running this command, you'll have two files in ~/.ssh/, id_rsa and

You'll want to copy the contents of your Public key (~/.ssh/ to your Clipboard so we can save it to JumpCloud.

Security Warning: The id_rsa file that is generated as part of this step is your SSH Private key. Protect and treat this file with great care, as it is essentially your password to log into any instances you have access to. Do not share or post this file anywhere else. If you need SSH access from multiple machines, it is best to generate a new SSH keypair for that machine and upload the new SSH Public key as well.

Connecting via SSH

There are two ways of connecting to an instance through SSH:

SSH through the VPN

The first step to SSH'ing into an instance via the VPN is to open a VPN connection.

To connect to an instance you'll first need a private IP address of the instance you're trying to connect to. The workarea <env> instances command can help you out with this.

After you've got a private IP address and have opened a VPN connection, you'll use your Weblinc username to SSH to an instance: ssh jsmith@

One feature of connecting through the VPN using a traditional SSH command is you retain the ability to use traditional ssh command line arguments and flags.

SSH through the CLI (using the VPN as a Bastian host)

To connect to an instance via the Bastian Host, you can use the workarea <env> ssh command.

This is useful for quickly SSH'ing into an instance in a specific environment, without having to worry about opening a new or closing an existing VPN connection.

Using the CLI, you can choose to connect to an instance by hostname or private IP address.

For example, if the instance is named, invoking workarea staging ssh app1 will connect you to that instance without having to worry about looking up the private IP ahead of time.

The workarea <env> ssh command also supports SSH'ing to multiple instances using csshX as well as fuzzy finding instance names.