Create and host an SSH key | Selectel Documentation

Create and host an SSH key on a cloud server

SSH keys can be used to securely server connections over the encrypted SSH protocol. This is a key pair: the private key is stored on the local computer and the public key is placed on the server.

We recommend using SSH keys instead of login and password to authenticate to the cloud server.

SSH keys of types ed25519, rsa, ecdsa, and dsa can be used.

Create SSH keys⁠

Linux/macOS
Windows
OpenStack CLI

Open the CLI.
Generate a pair of SSH keys:
```
ssh-keygen -t <key_type>
```
Specify <key_type> — SSH key type: еd25519, rsa, ecdsa or dsa
A message will appear asking you to select a directory to store the key pair — example for rsa key:
```
Enter file in which to save the key (~/.ssh/id_rsa):
```
To leave the default directory for storing keys, click Enter. If you want to select a different directory, enter it in the format /path/to/id_rsa and press Enter.
Optional: enter a passphrase for additional protection, repeat the passphrase and press Enter:
```
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
```
Wait for the message that the keys have been generated. Two files will be created: id_rsa (private key) and id_rsa.pub (public key). The key fingerprint and its image will appear in the terminal:
```
Your identification has been saved in ~/.ssh/id_rsa
Your public key has been saved in ~/.ssh/id_rsa.pub
The key fingerprint is:
The key's randomart image is:
```
Output the public SSH key:
```
cat <path>
```
Specify <path> — the full path to the public key you specified in step 3, for example ~/.ssh/id_rsa.pub.

When generating SSH keys through the OpenStack CLI, the public key will automatically be added to the cloud platform.

The SSH key will only be available for the single service user, project, and pool for which you configured authorization in OpenStack API.

optional: add a public SSH key to the user profile⁠

You can add a public SSH key to your profile or to another user's profile and then place it at the server creation.

The key will be available in all projects to which the user has been added.

To your profile
To another user's profile

В control panels go to Cloud platform → Access.
Open the tab SSH keys.
Click Add an SSH key.
Enter the name of the key.
Insert a public SSH key in OpenSSH format.
Click Add key.

Host a public SSH key on a cloud server⁠

You can place a public SSH key by cloud server creation or on an existing server.

To access the cloud server via SSH, you need to add a public SSH key to the file ~/.ssh/authorized_keys on the server. You can add multiple keys, for example, if you need access for multiple users.

You can place public SSH keys on an existing server in two ways:

Copy a public SSH key from a local computer using ssh-copy-id⁠

From Linux/macOS
From Windows

Team ssh-copy-id adds the public SSH key to the end of the file ~/.ssh/authorized_keys. The command creates a directory and a file if they have not already been created.

Open the CLI on the local computer.
Copy the public SSH key to the cloud server:
```
ssh-copy-id -i <path> <username>@<ip_address>
```
Specify:
- <path> — the full path to the public key on the local computer, e.g. ~/.ssh/id_rsa.pub;
- <username> — username;
- <ip_address> — the public IP address of the server.
Enter the user's password.

Open cmd on the local computer.
Copy the public SSH key to the cloud server:
```
scp <local_path> <username>@<ip_address>:<server_path>
```
Specify:
- <local_path> — the full path to the public key on the local computer;
- <username> — username;
- <ip_address> — the public IP address of the server;
- <server_path> — path for storing the public key on the server, e.g. C:\Users\username\.ssh\authorized_keys.

Manually place a public SSH key on the server⁠

Open the public SSH key file on the local computer:
- Linux/macOS
- Windows
cat <path>
Specify <path> — the full path to the public key on the local computer, e.g. ~/.ssh/id_rsa.pub.
type <path>
Specify <path> — the full path to the public key on the local computer, e.g. C:\Users\username\.ssh\id_rsa.pub.
Copy the value of the public SSH key.
Connect to the server.
Go to the directory .ssh:
```
cd .ssh
```
Create a file authorized_keys:
```
touch authorized_keys
```
Add to the file authorized_keys public SSH key:
```
echo <public_ssh_key> >> ~/.ssh/authorized_keys
```
Specify <public_ssh_key> — public SSH key that you copied in step 2. It starts with ssh-rsa.

Configure access rights:

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

SSH keys for the user⁠

How add a key to the user profile	To another user: in the control panel under Access control → User management → tab with the desired user type → user page; will be added automatically when creating SSH keys through the OpenStack CLI (command `openstack keypair create`); through the API; through Terraform; through the selvpc CLI
How to host on a cloud server when server creation	Via the OpenStack CLI (command `openstack server create`); through the API; through Terraform
For which users is it available	For one user of any type
In which projects is it available	In all projects to which a user has been added
What pools are available in	Available in all pools if added in the control panel under Access control → User management → tab with the desired user type → user page; is available only in pools to which it was added via OpenStack CLI, API, Terraform, selvpc CLI
Where can I see the list of keys	Aliens: in the control panel under Access control → User management → tab with the desired user type → user page; through the OpenStack CLI (command `openstack keypair list`); through the API; through Terraform; through the selvpc CLI

Create and host an SSH key on a cloud server

Create SSH keys⁠​

optional: add a public SSH key to the user profile⁠​

Host a public SSH key on a cloud server⁠​

Copy a public SSH key from a local computer using ssh-copy-id⁠​

Manually place a public SSH key on the server⁠​

SSH keys for the user⁠​