SSH Gateway Issues
When using SSH Gateway on WP Engine there are some known limitations or access issues you may experience. In this article we’ll explain what limitations exist, why they happen, and how to best proceed without conflicts.
Not Seeing File Changes Immediately
File changes may take 5+ seconds to appear between the WordPress Admin Dashboard and your SSH session, and vice versa.
In this case, simply wait a few seconds and then you should see the changes appear. In some cases you may need to use an incognito window or refresh your browser cache to see changes faster.
Review our guide for purging caches.
Username Not Accepted
If you are receiving authentication errors when connecting, you will want to double check the format of your username. Your username must be formatted like so, where environment is replaced by your unique WP Engine environment name.
environment@environment.ssh.wpengine.net
- Log in to the User Portal
- Click on the environment name you wish to connect to
- In the Overview section, locate SSH Login
- Click the clipboard icon to copy the SSH login to your clipboard for easy pasting into your terminal
Region Not Accepted
Using a region and email address in your SSH login string is no longer necessary. If you are using a login string that includes a region like this…
'[email protected]+environment'@ssh.gcp-us-central1-farm-01.wpengine.io
…Then you should just use the updated method instead. This method automatically determines your region and looks like this:
environment@environment.ssh.wpengine.net
New Files Not Saved
Only files updated and saved within the /sites/environment/ directory will remain after the SSH session ends. A new SSH sandbox is created with each SSH session.
To avoid this issue please ensure any new files or directories are created within your /sites/environment/ directory, as this is the root directory of your WordPress site.
If you are creating scripts for use in SSH, please be sure these are placed in the _wpeprivate folder of your site, so these files will persist past the SSH session for future use.
Memory Limitations
If opening a new file or performing an action with WP-CLI requires too many server resources, it is possible the action or the session itself may be killed. Actions should be batched into smaller sets to ensure minimal resource consumption.
Lockouts
By default, your local machine will attempt to use all SSH keys present when connecting to your SSH Gateway. If 6 or more keys are presented unsuccessfully, the SSH Gateway will disconnect.
To avoid this issue, you should use an SSH config file to designate which key file should be used with which hostname.
Broken Connection
In some rare cases, it may be possible for software deploys to break existing connections. If this happens, simply reconnect after a few minutes to continue your work in SSH.
No Mutual Signature Algorithm
If you’re seeing the following error when attempting to connect to SSH Gateway debug1: send_pubkey_test: no mutual signature algorithm your key does not match the type your client is looking for – typically because SSH-RSA SHA-1 has been deprecated. This is most common when connecting with OpenSSH (8.8+). To resolve this issue, there are two options:
- (Recommended) Create your key using ED25519 instead
- To generate a new key in the recommended format, use
ssh-keygen -t ed25519 -f ~/.ssh/wpengine_ed25519 - You will then use the key files
wpengine_ed25519andwpengine_ed25519.pub
- To generate a new key in the recommended format, use
- (Not recommended) Enable support for RSA-SHA1
Permission denied (publickey)
When users are connecting to their SSH Gateway, there are two levels of authentication they pass through. The first determines whether the private and public keys match up and that the user has SSH access. If they do not, the user does not continue any further and receives the Permission denied (publickey) message.
- Confirm your SSH key was added to the intended User Portal account
- Confirm environment has SSH Gateway enabled
- Confirm the SSH login is entered correctly, and that there are no typos or missing letters
- Do you have an SSH config file? Run
cat ~/.ssh/configto check.- If you do, open it and ensure you have an entry in the SSH config file for
*.wpengine.netmapped to the correctwpengine_key file name and that everything is spelled correctly.ed25519 - If you do not have an SSH config, set one up using this guide. This will ensure your machine uses the correct key when connecting.
- If you do, open it and ensure you have an entry in the SSH config file for
Connection Error Messages
You may see a number of other error messages depending on the error condition:
| Error Message | Meaning |
|---|---|
| Cannot access environment [environment_name] | Either the environment you are trying to connect to does not exist (potentially mistyped), or the User Portal user your SSH key is assigned to does not have access to this particular environment |
| Install [environment_name] does not support ssh | The environment you are trying to connect to exists and you have access to it, but the environment is not on a server environment that supports SSH Gateway access |
| Install [environment_name] is disabled | The environment you are trying to connect to is disabled or inaccessible |
| Wrong gateway host. Use ssh.gcp-[region]-farm-01.wpengine.io instead | The environment you are trying to connect to exists and your user has access to it, but you have entered the wrong hostname. Use the suggested hostname in the error message instead. |
NEXT STEP: SSH key management for SSH Gateway
