Skip to main content
Create and host an SSH key on a cloud server
Last update:

Create and host an SSH key on a cloud server

SSH keys can be used to securely server connections over the encrypted SSH protocol. This is a key pair: the private key is stored on the local computer and the public key is placed on the server.

We recommend using SSH keys instead of login and password to authenticate to the cloud server.

SSH keys of types ed25519, rsa, ecdsa, and dsa can be used.

  1. Create an SSH key pair.

  2. Optional: Add a public SSH key to the cloud platform.

    The way a key is added to the cloud platform affects its availability in projects, pools, and to users, as well as the way it is placed on the server when created. See the table for more details on key differences SSH keys for project and service user.

  3. Place a public SSH key on a cloud server.

Create SSH keys

  1. Open the CLI.

  2. Generate a pair of SSH keys:

    ssh-keygen -t <key_type>

    Specify <key_type> — SSH key type: еd25519, rsa, ecdsa or dsa

  3. A message will appear asking you to select a directory to store the key pair — example for rsa key:

    Enter file in which to save the key (~/.ssh/id_rsa):

    To leave the default directory for storing keys, click Enter. If you want to select a different directory, enter it in the format /path/to/id_rsa and press Enter.

  4. Optional: enter a passphrase for additional protection, repeat the passphrase and press Enter:

    Enter passphrase (empty for no passphrase):
    Enter same passphrase again:

  5. Wait for the message that the keys have been generated. Two files will be created: id_rsa (private key) and id_rsa.pub (public key). The key fingerprint and its image will appear in the terminal:

    Your identification has been saved in ~/.ssh/id_rsa
    Your public key has been saved in ~/.ssh/id_rsa.pub
    The key fingerprint is:
    The key's randomart image is:

  6. Output the public SSH key:

    cat <path>

    Specify <path> — the full path to the public key you specified in step 3, for example ~/.ssh/id_rsa.pub.

optional: add a public SSH key to the cloud platform

A public SSH key can be added to a cloud-based platform and then hosted at the server creation.

The way a key is added to the cloud platform affects its availability in projects, pools, and to users, as well as the way it is placed on the server when created. See the table for more details on key differences SSH keys for project and service user.

The key will only be available in one project, for all users.

  1. В control panels go to Cloud platformAccess.
  2. Open the tab SSH keys.
  3. Click Add an SSH key.
  4. Enter the name of the key.
  5. Insert a public SSH key in OpenSSH format.
  6. Click Add key.

Host a public SSH key on a cloud server

You can place a public SSH key by cloud server creation or on an existing server.

To access the cloud server via SSH, you need to add a public SSH key to the file ~/.ssh/authorized_keys on the server. You can add multiple keys, for example, if you need access for multiple users.

You can place public SSH keys on an existing server in two ways:

Copy a public SSH key from a local computer using ssh-copy-id

Team ssh-copy-id adds the public SSH key to the end of the file ~/.ssh/authorized_keys. The command creates a directory and a file if they have not already been created.

  1. Open the CLI on the local computer.

  2. Copy the public SSH key to the cloud server:

    ssh-copy-id -i <path> <username>@<ip_address>

    Specify:

    • <path> — the full path to the public key on the local computer, e.g. ~/.ssh/id_rsa.pub;
    • <username> — username;
    • <ip_address> — the public IP address of the server.

  3. Enter the user's password.

Manually place a public SSH key on the server

  1. Open the public SSH key file on the local computer:

    cat <path>

    Specify <path> — the full path to the public key on the local computer, e.g. ~/.ssh/id_rsa.pub.

  2. Copy the value of the public SSH key.

  3. Connect to the server.

  4. Go to the directory .ssh:

    cd .ssh

  5. Create a file authorized_keys:

    touch authorized_keys

  6. Add to the file authorized_keys public SSH key:

    echo <public_ssh_key> >> ~/.ssh/authorized_keys

    Specify <public_ssh_key> — public SSH key that you copied in step 2. It starts with ssh-rsa.

  7. Configure access rights:

    chmod 700 ~/.ssh
    chmod 600 ~/.ssh/authorized_keys

SSH keys for project and service user

A public SSH key can be added to the cloud platform:

SSH key for the projectSSH key for the service user
How add a key to the cloud platformIn the control panel, under Cloud platformAccess
  • In the control panel, under Access controlUser management → tab Service users → user page;
  • will be added automatically when creating SSH keys through the OpenStack CLI (command openstack keypair create);
  • through the API;
  • through Terraform;
  • through the selvpc CLI
How to host on a cloud server when server creationIn the control panel
  • Through the OpenStack CLI (openstack server create command);
  • through the API;
  • through Terraform
For which users is it availableFor all users of the projectFor one service user with the roles Project Administrator or Project Supervisor
In which projects is it availableIn one project.In all projects to which a service user has been added
What pools are available inOnly in the pool to which it was added
  • Available in all pools if added in the control panel under Access controlUser management → tab Service users → user page;
  • is available only in pools to which it was added via OpenStack CLI, API, Terraform, selvpc CLI
Where can I see the list of keysIn the control panel, under Cloud platformAccess
  • In the control panel, under Access controlUser management → tab Service users → user page;
  • through the OpenStack CLI (command openstack keypair list);
  • through the API;
  • through Terraform;
  • through the selvpc CLI