The username for SFTP and ssh access is not the same as your member login; it is based on both your member login and the site name. The password, however, is the same as your member password. The specifics are listed in the "SSH/SFTP Information" box on each site's information panel in our member interface.
To find this information:
Visit the Sites panel to display your list of sites.
Select the site's "short name" in the "Sites" table to display the details about the site you want to access.
Find the box titled "SSH/SFTP Information."
Locate the username row and the appropriate hostname row for the protocol you wish to use.
This question depends largely on what tools you are using to create and manage the content of your site. There are four primary approaches people use.
Many web design tools have the built-in ability to upload content directly to our service through a "Publish" option. If you are using such a tool, you can set it up to publish your site via SFTP.
It is also possible to develop content in one tool and then upload it with a separate SFTP program, like WinSCP (for Windows) or Transmit (for Mac). (Linux also has graphical SFTP tools, but they vary widely by distribution and desktop environment.)
Some people prefer to hand-code their site, either directly on our servers via ssh or using a command-line tool like rsync or git to deploy remotely.
A less-common option is to use a tool like ExpanDrive or sshfs to make our web server appear like a local directory, allowing you to use whatever editor, graphical file manager or command line tools you wish to manage your content on our servers from your local computer.
In all cases, you'll need to check the documentation for the program you are using for specific instructions, but at a minimum you will require the connection information for your site to upload successfully.
We do not provide any "built-in" web tools in our member interface for content authoring. Such tools tend to be very limited; they offer only basic functionality and tend to produce a whole lot of nearly identical websites. As such, they do not provide the sophisticated and powerful options expected by our members.
The SSH key fingerprints for ssh.phx.nearlyfreespeech.net are in this FAQ entry.
SFTP and scp are supported. Port forwarding is supported but is only permitted for establishing secure remote connections to your MySQL database.
Important: Our ssh environment is provided solely for maintaining your website and is not to be used for any other purpose. This specifically prohibits using it for proxying, port forwarding, or anything similar. Automated access to the ssh server is likewise prohibited, with an exception allowing connections once per day for the purpose of making offsite backups.
To SFTP files to our service, use the same hostname that you use for ssh, not the one you use for FTP. You can get this hostname by clicking the "Sites" tab at the top of the page, then clicking the site name from the "Your Web Sites" list. The hostname will be listed under "SSH/SFTP Information." For convenience, we have created an sftp.xxx.nearlyfreespeech.net alias, where the xxx part is the same for you as it is for ssh and FTP.
Any working ssh client should be able to connect to our systems. The "reference" implementation in our opinion is the OpenSSH application, available on most Unix platforms (including MacOS X, most easily accessed using the included "Terminal" application) and on Windows via the Cygwin or Interix environments.
On Windows, the far-and-away best ssh application is VanDyke Technologies' Secure CRT. This program is rather expensive ($99) but worth every penny if ssh on Windows is a part of your daily life. PuTTY is a very popular free alternative. It is a little less pleasant to use, but is very workable. (PuTTY requires no local installation and is a perfect tool to slap on a USB memory stick for secure access from anywhere.)
Other alternatives do exist, but these are the most common and the ones we use ourselves.
FTP access can be restricted on a per-member and a per-site basis. These settings are completely independent; both the member accessing a site and the site being accessed must have FTP enabled in order for access to succeed.
This is to allow maximum access control granularity in situations where multiple members share access to multiple sites via our adjunct access feature. For example, if you don't want to allow FTP access to your site, and you want to make sure a member with adjunct access doesn't enable FTP access for themself and overrule you.
To enable FTP access for your membership, visit the Profile page and toggle that setting in the "Details" box.
To enable FTP access for a site, visit the Sites panel and select the site by its short name to view its Site Information page, where you'll see the FTP setting in the "SSH/SFTP Information" box.
Our system does not access your site's filesystem until after you have authenticated yourself. Also, correct authentication depends on both member name and site (since more than one member name may have permission to access a given site and a given member name may be able to access more than one site). Therefore, you cannot place a public key file in your site's filesystem to bypass password authentication.
Instead, we keep a separate keychain for ssh keys for each member outside the filesystem. If you have a public key you wish to use to authenticate your ssh connection in lieu of your password, you can set that up on the profile tab.
Per current best security practices, here are the key types we support:
RSA keys of 2048+ bits (4096+ recommended) not on the Debian weak key blacklist are supported.
ECDSA keys of 256 and 521 bits (521 recommended) are supported. (Recommended for low-power mobile devices due to speed.)
Ed25519 keys are supported.
DSA/DSS ("ssh-dss") keys are not supported. This is a US government FIPS standard developed by the NSA and intended only for low-security usage. (Read: they are probably not secure.)
Once installed into your membership's keychain, an ssh key may be used to authenticate access to any site you are authorized to access, including all of your own sites and any sites you may have adjunct access to.
Our official answer to any problem with FTP is don't use FTP.
Ever. For anything.
FTP support has been deprecated since 2010. It is an outdated, insecure protocol that does not work very well on the modern Internet. We will not provide any support for any problems you have while using it.
If you insist on using it anyway against our advice, you're on your own. Here are some historical notes about FTP that may (or may not) help:
FTP is disabled by default and must be enabled in two places to have even a chance of working.
The username and password are the same as SSH but the hostname is (for all sites) is ftp.phx.nearlyfreespeech.net.
NAT devices (especially cheap residential gateway routers) can process FTP connections incorrectly, and some personal firewall software blocks FTP access. These problems generally manifest as timeouts, reset connections.
If you are able to connect to the FTP server, but attempts to upload or download hang, then switch your FTP client from active mode to passive mode, or vice versa.
Easy way: You can use nfsnssh.com instead of ssh.phx.nearlyfreespeech.net if you prefer.
Better way: OpenSSH allows the creation of "nicknames" which serve this function admirably. To use this feature, create (or edit) the file ~/.ssh/config (on the client machine you will be connecting from, not ours!) and add content like this:
With this done, you can use "nfsnssh" as if it were a hostname in ssh, scp, and sftp. For example, just use ssh mylogin_mysite@nfsnssh to connect to mysite as mylogin.
You can even use the User option to create per-site nicknames to make commands even shorter:
Then you just ssh mysite_nfsn to connect to mysite and ssh othersite_nfsn to connect to othersite. It doesn't get much shorter than that! See the ssh_config man page for complete details.
If you don't happen to be using OpenSSH, a lot of other ssh tools offer similar options, many with graphical interfaces that make establishing a connection as simple as clicking, regardless of the hostname.
The first thing to check is to make sure you are using the correct connection information for your site, including your username and password as well as the correct name of the server for the service you are trying to use. You should always check this, even if you are sure it is correct, before exploring more exotic options.
If you are unable to connect at all, or if the connection appears to drop immediately, one possible explanation for this is that you are running firewall software (or have a hardware firewall) that is blocking your connection.
If you use file sharing software, many "P2P block list" applications can block connections to us.
In such cases you will need to either disable the application or set up a manual override to allow the connection.
The most common diagnostics that indicate problems with firewalls and blocking software are "Permission Denied," "No route to host," "Connection refused," "Host unreachable," or "General failure" when attempting to access our FTP or ssh servers, but no similar problem when trying to access your site(s) or ours by HTTP or HTTPS. If you can't access anything at all, the problem is likely something else.
This can also happen if you have non-functional IPv6 connectivity. Our ssh server supports IPv6 and some home network devices advertise IPv6 capability even if it is not supported by your ISP.
If automated FTP accesses are detected, the affected site's FTP access may be automatically disabled. If the problem reoccurs, we will block it entirely.
Embedded devices that upload information via FTP automatically such as webcams and weather stations are strictly prohibited. They are a security disaster; they broadcast your plaintext member password over the Internet every time they connect.
If you need FTP access for allowable purposes, but your FTP access to one of your sites has been blocked due to repeated or egregious violation of our policies in this area, and you are a subscription member, you can contact our support for assistance. If you are not a subscription member and you have FTP access blocked under this policy, you will have to alter your methodology to use SSH/SFTP (which you should be doing anyway) and to comply fully with the policies outlined above.
Any automated SSH/SFTP access must use a public key. No hardcoded passwords!
As long as you are physically initiating uploads or downloads yourself you're fine, even if an automated component is involved. (Just make sure you're either using a key or typing the password by hand.)
Unattended automated SSH/SFTP access is allowed only for these purposes:
Purpose: To make your own offsite backups of content hosted here.
Frequency: Up to once per day per site or MySQL process.
Purpose: To upload content.
Frequency: Less often than whichever of these is more permissive:
the average ssh-based upload frequency is less than the average web-based download frequency (in other words, people are viewing the content at least as often as it is being updated)
an average rate of one file per five minutes
If you want automatic unattended uploads beyond these limits, you should use HTTP POST or PUT requests and a small script on your site to receive the files.
Please respect the shared resources used by SSH—which we currently do not charge for—by observing these guidelines. If you have any questions about what is allowable, please ask.
(This answer is for SSH and SFTP. Automated FTP access is never allowed.)