The username for SFTP and ssh access is not the same as your member login; it is based on both your member login and the site name. The password, however, is the same as your member password. The specifics are listed in the "SSH/SFTP Information" box on each site's information panel in our member interface.
To find this information:
Visit the Sites panel to display your list of sites.
Select the site's "short name" in the "Sites" table to display the details about the site you want to access.
Find the box titled "SSH/SFTP Information."
Locate the username row and the appropriate hostname row for the protocol you wish to use.
This question depends largely on what tools you are using to create and manage the content of your site. There are four primary approaches people use.
Many web design tools have the built-in ability to upload content directly to our service through a "Publish" option. If you are using such a tool, you can set it up to publish your site via SFTP.
It is also possible to develop content in one tool and then upload it with a separate SFTP program, like WinSCP (for Windows) or Transmit (for Mac). (Linux also has graphical SFTP tools, but they vary widely by distribution and desktop environment.)
Some people prefer to hand-code their site, either directly on our servers via ssh or using a command-line tool like rsync or git to deploy remotely.
A less-common option is to use a tool like ExpanDrive or sshfs to make our web server appear like a local directory, allowing you to use whatever editor, graphical file manager or command line tools you wish to manage your content on our servers from your local computer.
In all cases, you'll need to check the documentation for the program you are using for specific instructions, but at a minimum you will require the connection information for your site to upload successfully.
We do not provide any "built-in" web tools in our member interface for content authoring. Such tools tend to be very limited; they offer only basic functionality and tend to produce a whole lot of nearly identical websites. As such, they do not provide the sophisticated and powerful options expected by our members.
SFTP and scp are supported. Port forwarding is supported but is only permitted for establishing secure remote connections to your MySQL database.
Important: Our ssh environment is provided solely for maintaining your website and is not to be used for any other purpose. This specifically prohibits using it for proxying, port forwarding, or anything similar. Automated access to the ssh server is likewise prohibited, with an exception allowing connections once per day for the purpose of making offsite backups.
All uploading clients should automatically be in the correct folder after they connect. Do not change your software's default upload directory setting unless you are absolutely sure your client is getting it wrong.
For FTP clients (including publishing programs such as Dreamweaver that upload using FTP), the correct directory is /public.
For ssh and SFTP clients, the correct directory is /home/public.
(Once uploaded, scripts that run on your site will use a different path to access your files, depending on whether they are PHP
PuTTY is a very popular free graphical ssh client for Windows. It requires no local installation and is a perfect tool to slap on a USB memory stick for secure access from anywhere. Putty also comes bundled with some versions of WinSCP, which is an excellent tool for managing files hosted on our service. PuTTY 0.75 or later is required if you are using RSA keys (not recommended).
Other options also exist, but are substantially less popular:
The far-and-away best graphical ssh application for both Windows and Mac is VanDyke Technologies' Secure CRT. This program is rather expensive ($99) but worth every penny if ssh is a part of your daily life.
Almost all versions of Linux and BSD preinstall OpenSSH or make it available as a package.
Once you have found or installed your ssh program, give it your connection information to get connected to your site hosted on our service. If you are using OpenSSH or a similar tool, the command looks something like:
Graphical tools vary widely; consult their documentation.
Once connected, you will get a shell prompt, which may look something like:
Actual prompts can vary widely but tend to end in $ or %. To reflect these variations, in our documentation, we use:
YourPrompt$ echo "Hello, world!"
to indicate that you should type the command echo "Hello, world!" (but not the YourPrompt$ part) at your shell prompt, whatever it looks like.
Due to the variety of ssh options and the complexity of the Unix shell, the full details of their use are well beyond the scope of a FAQ. Many online tutorials exist, like this one. For a deeper dive, many community colleges offer continuing education classes covering one or both topics.
FTP access can be restricted on a per-member and a per-site basis. These settings are completely independent; both the member accessing a site and the site being accessed must have FTP enabled in order for access to succeed.
This is to allow maximum access control granularity in situations where multiple members share access to multiple sites via our adjunct access feature. For example, if you don't want to allow FTP access to your site, and you want to make sure a member with adjunct access doesn't enable FTP access for themself and overrule you.
To enable FTP access for your membership, visit the Profile page and toggle that setting in the "Details" box.
To enable FTP access for a site, visit the Sites panel and select the site by its short name to view its Site Information page, where you'll see the FTP setting in the "SSH/SFTP Information" box.
Our system does not access your site's filesystem until after you have authenticated yourself. Also, correct authentication depends on both member name and site (since more than one member name may have permission to access a given site and a given member name may be able to access more than one site). Therefore, you cannot place a public key file in your site's filesystem to bypass password authentication.
Instead, we keep a separate keychain for each member. To use an ssh public key , you can add it to your keychain on the profile tab.
Once installed into your membership's keychain, an ssh key will authenticate you for any site you are authorized to access, including your sites and any sites you may have adjunct access to.
Per current best security practices, here are the key types we support:
Ed25519 keys are supported. We strongly recommend the use of Ed25519 keys.
ECDSA keys of 256 and 521 bits (521 recommended) are supported. (Recommended for low-power devices if Ed25519 is not available.)
RSA keys of 2048+ bits (4096+ recommended) not on the Debian weak key blacklist are supported, but not encouraged.
DSA/DSS ("ssh-dss") keys are not supported at all. This is a US government FIPS standard developed by the NSA and intended only for low-security usage. (Read: they are probably not secure.)
If you use an RSA key, you must use a client that supports RFC8332 for SHA-256 (rsa-sha2-256) and SHA-512 (rsa-sha2-512) signatures. As of 2021, our servers no longer accept RSA keys with SHA-1 signatures because they are demonstrably insecure. If you run into that issue, please update your OpenSSH client and/or consider switching to faster, safer Ed25519 keys.
Our official answer to any problem with FTP is don't use FTP.
Ever. For anything.
FTP support has been deprecated since 2010. It is an outdated, insecure protocol that does not work very well on the modern Internet. We will not provide any support for any problems you have while using it.
If you insist on using it anyway against our advice, you're on your own. Here are some historical notes about FTP that may (or may not) help:
FTP is disabled by default and must be enabled in two places to have even a chance of working.
The username and password are the same as SSH but the hostname is (for all sites) is ftp.nearlyfreespeech.net.
NAT devices (especially cheap residential gateway routers) can process FTP connections incorrectly, and some personal firewall software blocks FTP access. These problems generally manifest as timeouts or reset connections.
If you are able to connect to the FTP server, but attempts to upload or download hang, then switch your FTP client from active mode to passive mode, or vice versa.
Easy way: You can use xyz1.nfsnssh.com instead of ssh.xyz1.nearlyfreespeech.net if you prefer.
Better way: OpenSSH allows the creation of nicknames. To use this feature, create (or edit) the file ~/.ssh/config (on the client machine you will be connecting from, not ours!) and add content like this:
With this done, you can use "nfsnssh" as if it were a hostname in ssh, scp, and sftp. For example, just use ssh mylogin_mysite@nfsnssh to connect to mysite as mylogin.
You can even use the User option to create per-site nicknames to make commands even shorter:
Then you just ssh mysite_nfsn to connect to mysite and ssh othersite_nfsn to connect to othersite. It doesn't get much shorter than that! See the ssh_config man page for complete details.
If you don't happen to be using OpenSSH, many other ssh tools offer similar options, many with graphical interfaces that make establishing a connection as simple as clicking, regardless of the hostname.
The first thing to check is to make sure you are using the correct connection information for your site, including your username and password as well as the correct name of the server for the service you are trying to use. You should always check this, even if you are sure it is correct, before exploring more exotic options.
If you are unable to connect at all, or if the connection appears to drop immediately, one possible explanation for this is that you are running firewall software (or have a hardware firewall) that is blocking your connection.
If you use file sharing software, many "P2P block list" applications can block connections to us.
In such cases you will need to either disable the application or set up a manual override to allow the connection.
The most common diagnostics that indicate problems with firewalls and blocking software are "Permission Denied," "No route to host," "Connection refused," "Host unreachable," or "General failure" when attempting to access our FTP or ssh servers, but no similar problem when trying to access your site(s) or ours by HTTP or HTTPS. If you can't access anything at all, the problem is likely something else.
This can also happen if you have non-functional IPv6 connectivity. Our ssh server supports IPv6 and some home network devices advertise IPv6 capability even if it is not supported by your ISP.
If automated FTP accesses are detected, the affected site's FTP access may be automatically disabled. If the problem reoccurs, we will block it entirely.
Embedded devices that upload information via FTP automatically such as webcams and weather stations are strictly prohibited. They are a security disaster; they broadcast your plaintext member password over the Internet every time they connect.
If you need FTP access for allowable purposes, but your FTP access to one of your sites has been blocked due to repeated or egregious violation of our policies in this area, and you are a subscription member, you can contact our support for assistance. If you are not a subscription member and you have FTP access blocked under this policy, you will have to alter your methodology to use SSH/SFTP (which you should be doing anyway) and to comply fully with the policies outlined above.
Any automated SSH/SFTP access must use a public key. No hardcoded passwords!
As long as you are physically initiating uploads or downloads yourself you're fine, even if an automated component is involved. (Just make sure you're either using a key or typing the password by hand.)
Unattended automated SSH/SFTP access is allowed only for these purposes:
Purpose: To make your own offsite backups of content hosted here.
Frequency: Up to once per day per site or MySQL process.
Purpose: To upload content.
Frequency: Less often than whichever of these is more permissive:
the average ssh-based upload frequency is less than the average web-based download frequency (in other words, people are viewing the content at least as often as it is being updated)
an average rate of one file per five minutes
If you want automatic unattended uploads beyond these limits, you should use HTTP POST or PUT requests and a small script on your site to receive the files.
Please respect the shared resources used by SSH—which we currently do not charge for—by observing these guidelines. If you have any questions about what is allowable, please ask.
(This answer is for SSH and SFTP. Automated FTP access is never allowed.)