How to SSH to your servers

We provide two different ways for you to SSH to your server - an automated way with the Cloud 66 toolbelt, or the manual way.

Cloud 66 toolbelt

You can use the Cloud 66 toolbelt to easily SSH to your servers. Once initialized, the following command can be used:


cx ssh [--gateway-key <The path to the key of gateway server>] [-s <application>] <server name>|<server ip>|<server role>


cx ssh -s "My Awesome App" web
cx ssh --gateway-key ~/.ssh/bastion_key  -s "My Awesome App" Lion -e production

See toolbelt shortcuts, for information on how you can make this even easier.

Manual shell access

You can always have terminal access to your servers from your own server - just follow the steps below if you’re on a Linux-based operating system.

  1. Port 22 (SSH) is closed to outside traffic by default - so you need to add a firewall rule to your application to access it.
  2. Once the port is open, you can find your username and SSH key by visiting the server page for the specific server you would like to login to. The SSH key download link is located in the right sidebar of your server page.
  3. Change the access rights to the downloaded key to 0600:
  4. $ chmod 0600 /Users/xxx/Downloads/key.pem
  5. You can now connect to your server with the following command:
  6. $ ssh user_name@ip_address -i /Users/xxx/Downloads/key.pem


  1. Update your toolbelt version
  2. Toolbelt updates are normally applied automatically in the background, but in some cases these may not work. If so, you may need to update the toolbelt manually.

  3. Toolbelt SSH asking for password
  4. If your toolbelt SSH connection is asking for a password, there may be an issue with the local SSH key cache on your computer. To remove this cache, run the following commands:
    mkdir ~/.ssh/old_cx
    mv ~/.ssh/cx_* ~/.ssh/old_cx
    This moves the cached SSH keys to a temporary folder, so that they are downloaded again.

  5. Toolbelt exits command
  6. If the toolbelt SSH connection exits while running, it helps to check the output log from the command. To see this, simply prepend CXDEBUG=1 to your command. For example, you can run:
    CXDEBUG=1 cx ssh -s "My Awesome App" web
    This will show at which point the command fails, and if you run this manually, you should see more error details.

  7. Toolbelt exit status 255
  8. You may see this output from the bottom of the previous command:
    Running Command /usr/bin/ssh with ([<username>@<ip_address> -i /Users/<username>/.ssh/cx_<id>_pkey -o UserKnownHostsFile=/dev/null -o CheckHostIP=no -o StrictHostKeyChecking=no -o LogLevel=QUIET -o IdentitiesOnly=yes -A -p 22])
    2015/04/23 17:41:12 error: exit status 255
    In this case, there has likely been an issue running the SSH command, though no logs are output from it (given the LogLevel=QUIET directive). We'll want to run that command directly (and switch the LogLevel to VERBOSE):
    ssh <username>@<ip_address> -i /Users/<username>/.ssh/cx_<id>_pkey -o UserKnownHostsFile=/dev/null -o CheckHostIP=no -o StrictHostKeyChecking=no -o LogLevel=VERBOSE -o IdentitiesOnly=yes -A -p 22
    The output from that command should help you understand what the root cause of the issue is.

  9. SSH timeout
  10. SSH connection time-outs typically happen when the firewall connection isn't open. The toolbelt opens the firewall to your current IP address automatically, but your external IP address may change between this request and the actual connection. To verify this, try the manual connection method and see if you can connect.