Frequently Asked Questions

The NearlyFreeSpeech.NET FAQ (*)

Uploading (*)

What is the connection information to upload files to my web site?

How do I upload my content to my site?

Can I access my web site via ssh?

What directory do I upload my web site's files to?

What hostname should I use for SSH/SFTP?

How do I connect to the shell with ssh?

Why do I have to enable FTP in two places to get it to work?

What is SFTP?

Can I configure my ssh connection to use a public key?

Yes, but.

Our system does not access your site's filesystem until after you have authenticated yourself. Also, correct authentication depends on both member name and site (since more than one member name may have permission to access a given site and a given member name may be able to access more than one site). Therefore, you cannot place a public key file in your site's filesystem to bypass password authentication.

Instead, we keep a separate keychain for each member. To use an ssh public key, you can add it to your keychain on the profile tab.

Once installed into your membership's keychain, an ssh key will authenticate you for any site you are authorized to access, including your sites and any sites you may have adjunct access to.

Per current best security practices, here are the key types we support:

DSA/DSS ("ssh-dss") keys are not supported at all. This is a US government FIPS standard developed by the NSA and intended only for low-security usage. (Read: they are probably not secure.)

If you use an RSA key, you must use a client that supports RFC8332 for SHA-256 (rsa-sha2-256) and SHA-512 (rsa-sha2-512) signatures. As of 2021, our servers no longer accept RSA keys with SHA-1 signatures because they are demonstrably insecure. If you run into that issue, please update your OpenSSH client and/or consider switching to faster, safer Ed25519 keys.

I tried to SFTP to ftp.xxx.nearlyfreespeech.net and it failed. Why?

What are the fingerprints for the NearlyFreeSpeech.NET ssh keys?

What do I do if I have problems with FTP?

What if I think the name of your ssh server is too long?

I can connect to NearlyFreeSpeech.NET just fine, so why is your SFTP or ssh server unreachable or timing out?

Is automated FTP access to the system allowed?

Is automated SSH/SFTP access to the system allowed?