Skip to content


Lagoon allows you to connect to your running containers via SSH. The containers themselves don't actually have an SSH server installed, but instead you connect via SSH to Lagoon, which then itself creates a remote shell connection via the Kubernetes API for you.

Ensure you are set up for SSH access#

Generating an SSH Key#

It is recommended to generate a separate SSH key for each device as opposed to sharing the same key between multiple computers. Instructions for generating an SSH key on various systems can be found below:

OSX (Mac)


Linux (Ubuntu)#




SSH Agent#

OSX (Mac)#

OSX does not have its SSH agent configured to load configured SSH keys at startup, which can cause some headaches. You can find a handy guide to configuring this capability here:


Linux distributions vary in how they use the ssh-agent . You can find a general guide here:


SSH key support in Windows has improved markedly as of recently, and is now supported natively. A handy guide to configuring the Windows 10 SSH agent can be found here:

Uploading SSH Keys#

Via the UI#

You can upload your SSH key(s) through the UI. Login as you normally would.

In the upper right hand corner, click on Settings:

Click "Settings" in the upper right hand corner

You will then see a page where you can upload your SSH key(s), and it will show any uploaded keys. Paste your key into the text box, give it a name, and click "Add." That's it! Add additional keys as needed.

Paste your key into the text box.

Via Command Line#

A general example of using the Lagoon API via GraphQL to add an SSH key to a user can be found here

SSH into a pod#


Connecting is straightforward and follows the following pattern:

  • PORT - The remote shell SSH endpoint port (for 32222).
  • HOST - The remote shell SSH endpoint host (for
  • PROJECT-ENVIRONMENT-NAME - The environment you want to connect to. This is most commonly in the pattern PROJECTNAME-ENVIRONMENT.

As an example:

ssh -p 32222 -t

This will connect you to the project drupal-example on the environment main.

Pod/Service, Container Definition#

By default, the remote shell will try to connect you to the container defined with the type cli. If you would like to connect to another pod/service you can define it via:


If your pod/service contains multiple containers, Lagoon will connect you to the first defined container. You can also define the specific container to connect to via:


For example, to connect to the php container within the nginx pod:

ssh -p 32222 -t service=nginx container=php

Copying files#

The common case of copying a file into your cli pod can be acheived with the usual SSH-compatible tools.


scp -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -P 32222 [local_path] [project_name]-[environment_name][remote_path]


rsync --rsh='ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -p 32222' [local_path] [project_name]-[environment_name][remote_path]

Specifying non-CLI pod/service#

In the rare case that you need to specify a non-CLI service this can be acheived with rsync using a ssh wrapper script to reorder the arguments in the manner required by Lagoon's SSH service:

#!/usr/bin/env sh
svc=$1 user=$3 host=$4
shift 4
exec ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -p 32222 -l "$user" "$host" "$svc" "$@"

Put that in an executable shell script and specify the service=... in the rsync command:

rsync --rsh="/path/to/ service=cli" /tmp/foo [project_name]-[environment_name]

The script could also be adjusted to also handle a container=... argument.