webmaster/crewsportswear
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
60fcf08cbc937a33e77c7c6b5aeea417710f354a
crewsportswear/SSH_KEYS_SETUP.md
Frank John Begornia dfdb48920d
All checks were successful
Deploy Production (crewsportswear.com) / deploy (push) Successful in 4m31s
Details
Add SSH keys setup guide and update configurations for secure key management
2026-02-23 02:01:12 +08:00

2.8 KiB
Raw Blame History

SSH Keys Setup Guide

Security Notice

SSH private keys (.ppk, .pem, id_rsa, etc.) should NEVER be:

  • Stored in the application directory
  • Committed to git repositories
  • Placed in web-accessible locations

Recommended Setup

1. Create Secure Keys Directory on Server

# On your production server
sudo mkdir -p /var/crew-keys
sudo chmod 700 /var/crew-keys

2. Place Your SSH Key

# Copy your key to the secure location
sudo cp /path/to/your/root.ppk /var/crew-keys/
sudo chmod 600 /var/crew-keys/root.ppk
sudo chown root:root /var/crew-keys/root.ppk

3. Verify Permissions

ls -la /var/crew-keys/
# Should show: drwx------ (700) for directory
# Should show: -rw------- (600) for key file

Docker Configuration

The docker-compose.prod.yml and docker-compose.dev.yml files are configured to mount /var/crew-keys as a read-only volume:

volumes:
  - /var/crew-keys:/var/keys:ro

The :ro flag ensures the container can only read the keys, not modify them.

Application Configuration

The config/filesystems.php references the key at:

'privateKey' => '/var/keys/root.ppk',

This path is inside the container and maps to /var/crew-keys/root.ppk on the host.

Testing

To verify the SFTP connection works:

docker exec crewsportswear_app_prod php -r "
use League\Flysystem\Sftp\SftpAdapter;
try {
    \$adapter = new SftpAdapter([
        'host' => '35.232.234.8',
        'port' => 22,
        'username' => 'root',
        'privateKey' => '/var/keys/root.ppk',
        'root' => '/var/www/html/images',
        'timeout' => 10,
    ]);
    echo 'SFTP connection: SUCCESS';
} catch (Exception \$e) {
    echo 'SFTP connection failed: ' . \$e->getMessage();
}
"

Troubleshooting

Permission Denied

If you get permission errors:

# Fix directory permissions
sudo chmod 700 /var/crew-keys

# Fix key file permissions
sudo chmod 600 /var/crew-keys/root.ppk

Key Format Issues

PuTTY keys (.ppk) may need conversion for Linux/PHP:

# Convert .ppk to OpenSSH format
puttygen root.ppk -O private-openssh -o /var/crew-keys/root.pem
chmod 600 /var/crew-keys/root.pem

Then update filesystems.php:

'privateKey' => '/var/keys/root.pem',

Security Best Practices

DO:

  • Store keys outside application directory
  • Use restrictive permissions (600 for files, 700 for directories)
  • Mount as read-only in Docker
  • Keep keys out of version control
  • Use SSH key authentication instead of passwords
  • Rotate keys regularly

DON'T:

  • Commit keys to git
  • Store in web-accessible directories
  • Use world-readable permissions
  • Share keys across multiple services
  • Use password-protected keys without proper passphrase management
Reference in New Issue View Git Blame Copy Permalink