Create and host an SSH key on a cloud server

Last update: May 27 2025

Create and host an SSH key on a cloud server

SSH keys can be used to securely connect to a server using the encrypted SSH protocol. It is a pair of keys: the private key is stored on the local computer and the public key is placed on the server.

We recommend using SSH keys instead of login and password to authenticate to the cloud server.

You can use SSH keys of types ed25519, rsa, ecdsa, and dsa. Learn more about SSH keys for the user.

1. Create an SSH key pair.

2. Optional: add a public SSH key to the user profile.

3. Place a public SSH key on the cloud server.

1. Create an SSH key pair⁠

You can create SSH keys in two ways:

• by the OS;
• using the OpenStack CLI.

Create a pair of SSH keys using OS tools⁠

Linux/macOS

1. Open the CLI.

2. Generate a pair of SSH keys:

   ssh-keygen -t <key_type>

   Specify <key_type> — SSH key type: ed25519, rsa, ecdsa or dsa

3. A message will appear asking you to select a directory to store the key pair — an example for an RSA key:

   Enter file in which to save the key (~/.ssh/id_rsa):

   To leave the default directory for storing keys, press Enter. If you want to select a different directory, enter it in the format /path/to/id_rsa and press Enter.

4. Optional: enter a passphrase for additional security, repeat the passphrase and press Enter:

   Enter passphrase (empty for no passphrase):
   Enter same passphrase again:

5. Wait for the message that the keys have been generated. Two files will be created: id_rsa (private key) and id_rsa.pub (public key). The terminal will display the key fingerprint and its image:

   Your identification has been saved in ~/.ssh/id_rsa
   Your public key has been saved in ~/.ssh/id_rsa.pub
   The key fingerprint is:
   The key's randomart image is:

6. Output the public SSH key:

   cat <path>

   Specify <path> is the full path to the public key you specified in step 3, for example ~/.ssh/id_rsa.pub.

Windows

1. Install PuTTY.

2. Open the PuTTYgen application.

3. In the Parameters → Type of key to generate field, select the RSA key type.

4. Click Generate.

5. Move the cursor in the PuTTYgen window until a key pair is created.

6. After creating the keys, click Save public key and Save private key.

7. Specify a path to store the keys.

8. Optional: in the Key passphrase field, enter a passphrase for additional security.

9. Copy the public SSH key.

Create an SSH key pair through the OpenStack CLI⁠

The SSH key will only be available to the single service user, project, and pool for which you have configured authorization in the OpenStack API.

When generating SSH keys through the OpenStack CLI, the public key is automatically added to the user's profile.

1. Open the OpenStack CLI.

2. Generate a pair of SSH keys:

   openstack keypair create <key_name> --private-key <file_for_key>

   Specify:

   • <key_name> — key name;
   • <file_for_key> — file that will store the private SSH key on the local computer.

2. Optional: add a public SSH key to the user profile⁠

You can add a public SSH key to your profile or to another user's profile. Then place the key on the server when creating it or on an existing server.

The key will be available in all projects to which the user has been added.

If you generated an SSH key pair through the OpenStack CLI, the public key was automatically added to the user profile.

To your profile

1. In the control panel, on the top menu, click Account.

2. Go to the Access section.

3. Open the SSH keys tab.

4. Click Add Key.

5. Enter the name of the key.

6. Insert a public SSH key in OpenSSH format.

7. Click Add.

To another user's profile

Use the Add SSH Key section of the Change User Data or Role instructions. Only the Account Owner and User Administrator can add keys to other users.

The key will be available in all projects to which the user has been added.

3. Host a public SSH key on a cloud server⁠

You can place a public SSH key when you create a cloud server or on an existing server.

To access the cloud server via SSH, you need to add a public SSH key to the ~/.ssh/authorized_keys file on the server. You can add multiple keys, for example, if you need access for multiple users.

You can place public SSH keys on an existing server using a utility or manually.

Through the utility

The utility adds the public SSH key to the end of the ~/.ssh/authorized_keys file. The command used creates the directory and file if they are not already created.

From Linux/macOS

1. Open the CLI on the local computer.

2. Copy the public SSH key to the cloud server:

   ssh-copy-id -i <path> <username>@<ip_address>

   Specify:

   • <path> — the full path to the public key on the local computer, e.g. ~/.ssh/id_rsa.pub;
   • <username> — username;
   • <ip_address> — public IP address of the server.

3. Enter the user's password.

From Windows

1. Open the CLI on the local computer.

2. Copy the public SSH key to the cloud server:

   scp <local_path> <username>@<ip_address>:<server_path>

   Specify:

   • <local_path> — the full path to the public key on the local computer;
   • <username> — username;
   • <ip_address> — public IP address of the server;
   • <server_path> — path for storing the public key on the server, e.g. C:\Users\username\.ssh\authorized_keys.

Manually

1. Open the public SSH key file on the local computer:

   Linux/macOS

   cat <path>

   Specify <path> is the full path to the public key on the local computer, for example ~/.ssh/id_rsa.pub.

   Windows

   type <path>

   Specify <path> — the full path to the public key on the local computer, for example C:\Users\username\.ssh\id_rsa.pub.

2. Copy the value of the public SSH key.

3. Connect to the server.

4. Navigate to the .ssh directory:

   cd .ssh

5. Create an authorized_keys file:

   touch authorized_keys

6. Add a public SSH key to the authorized_keys file:

   echo <public_ssh_key> >> ~/.ssh/authorized_keys

   Specify <public_ssh_key> is the public SSH key that you copied in step 2. It starts with ssh-rsa.

7. Configure access rights:

   chmod 700 ~/.ssh
   chmod 600 ~/.ssh/authorized_keys``

SSH keys for the user⁠

How to add a key to a user profile	Self: in the control panel, in the top menu, click Account → Access → SSH keys tab ; to another user: in the control panel, in the top menu, click Account → Users or Service Users → User page ; will be added automatically when SSH keys are created through the OpenStack CLI ( openstack keypair create command ); through the API; through Terraform; through the selvpc CLI
How to host on a cloud server when creating a server	Through the OpenStack CLI ( openstack server create command); through the API; through Terraform
For which users is it available	For one user of any type
In which projects is it available	In all projects to which a user has been added
What pools are available in	Available in all pools if added in the control panel under Account → Users → tab with the desired user type → user page; is available only in pools to which it was added via OpenStack CLI, API, Terraform, selvpc CLI
Where can I see the list of keys	Your own: in the control panel, in the top menu, click Account → Access → SSH keys tab; other users: in the control panel in the top menu, click Account → Users or Service Users → User page; through the OpenStack CLI ( openstack keypair list command); through the API; through Terraform; through the selvpc CLI