SSH key authentication

You can add one or many SSH public keys to your instances and use them to login to the sFTP and git services instead of using your instance’s password.

Note

SSH key authentication is not available on the Emergency Console. You always need to use your instance’s password to connect to the console.

Follow the instructions below to learn how to generate an SSH key pair and how to add the contents of your public key file to your instance.

Generate an SSH key pair

You can use the ssh-keygen command to generate an SSH key pair, as per the example below. Two files will be created with this command and, by default, will be named id_rsa and id_rsa.pub and placed in a ~/.ssh/ directory.

Both files are simple text files containing your private (id_rsa) and public (id_rsa.pub) keys. You’ll be able to upload the content of the public key file to your instance to be able to authenticate via SSH.

$ ssh-keygen -t rsa -b 2048

Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/id_rsa
Your public key has been saved in /home/user/.ssh/id_rsa.pub
The key fingerprint is:
eb:79:fb:3f:15:ff:3a:04:dd:46:74:3b:da:a2:2b:9b user@hostname
The key's randomart image is:
+--[ RSA 2048]----+
|               .o|
|                +|
|             . = |
|            . +.+|
|        S    + oo|
|         .  . o o|
|        .  . . ..|
|       . oo . o .|
|        oE++..o+ |
+-----------------+

Once the files are created, you can open the public key file with a text editor and copy its contents to your clipboard.

Follow the instructions in the next section to learn where to paste the contents of your file and enable SSH key authentication on your instance.

Windows

On Windows, you can use PuTTY as your SSH client. PuTTY comes with a tool called PuTTYGen that will enable you to generate SSH keys.

Use the information below to generate your SSH key pair:

Protocol: SSH-2 Key type: RSA Key length: 2048 bits

You can follow ``PuTTY’s documentation about SSH keys``__ to learn how to generate your key pair.

Adding a public SSH key to your instance

Once you have generated an SSH key pair, you can upload the contents of your public key file to your instance’s management page.

In the “SSH keys” section, click the “Upload” button to access the “Add SSH Key” form.

Then, select the “Create a new key” tab and paste the contents of your public key file in the “Public Key” field. If you wish to save this key in your keyring to quickly add it to other instances, check the “Add to my keyring” checkbox and enter a “Key name”.

Once you have completed the steps described above, click the “Add SSH key” button to save your key. It’ll now be added to your instance and, if you chose to, saved to your keyring.

After a few moments, you’ll be able to login to your instance using your SSH key instead of your password. Remember that this authentication method only works for the sFTP and git+SSH services, and not for Console access.

Managing your public SSH keys

You can manage public SSH keys that were added to your instances by connecting to your instance via sFTP directly and not from the instance management page.

Any keys that were added to an instance will be placed in a file located at the root of your sFTP directory listing at the following path: .ssh/authorized_keys.

You can add new keys directly to this file and you can also remove keys by deleting the relevant lines from this file.

Removing a public SSH key from your instance

  1. Login to your instance via SFTP
  2. Navigate to the folder named .ssh located at the root of your sFTP directory listing
  3. To remove all SSH public keys simply delete the authorized_keys file. Alternatively, you can edit the file and remove only the public SSH keys that you wish by deleting the line that contains them.