How to Generate and Use SSH Keys for Secure Access
This guide explains how to generate and use SSH keys to connect to your service securely without entering your SSH password each time.
Your service hostname, SSH username and SSH access details can be found in the Client Area under your service details.
What Are SSH Keys?
SSH keys are a secure authentication method used to log in to your account over SSH. Instead of using only a password, you generate a key pair:
- Private key – kept on your local device and should never be shared.
- Public key – added to your service account to allow SSH access.
Never share your private key with anyone. Only the public key should be copied to your service.
Linux and macOS
Step 1 – Generate an SSH Key
Open a terminal on your local computer and run:
ssh-keygen -t ed25519 -C "my-service"
When asked where to save the key, you can press Enter to use the default location:
~/.ssh/id_ed25519
When asked to enter a passphrase, you have two options:
- Press Enter to leave it empty. This is the most convenient option because you will not be asked for the passphrase when using the key.
- Enter a passphrase to protect your private key. If you do this, you may need to enter the passphrase when using the key, depending on your SSH client or key agent.
For most users, leaving the passphrase empty is simpler and avoids additional prompts when connecting with SSH, SFTP, WinSCP, FileZilla or similar clients.
Step 2 – Add the Public Key to Your Service
Use ssh-copy-id to install your public key on your service:
ssh-copy-id username@server.hostname.com
Replace:
- username with your service username.
- server.hostname.com with your service hostname.
You will be asked for your SSH password. After successful authentication, your public key will be added automatically.
If you generated a custom key file, specify the public key manually:
ssh-copy-id -i ~/.ssh/my_custom_key.pub username@server.hostname.com
Step 3 – Connect Using Your SSH Key
Connect to your service:
ssh username@server.hostname.com
If everything is configured correctly, you should be able to log in using your SSH key.
Windows
Step 1 – Generate an SSH Key
Open PowerShell on your local computer and run:
ssh-keygen -t ed25519 -C "my-service"
When asked where to save the key, you can press Enter to use the default location:
C:\Users\YourUser\.ssh\id_ed25519
When asked to enter a passphrase, you have two options:
- Press Enter to leave it empty. This is the most convenient option because you will not be asked for the passphrase when using the key.
- Enter a passphrase to protect your private key. If you do this, you may need to enter the passphrase when using the key, depending on your SSH client or key agent.
For most users, leaving the passphrase empty is simpler and avoids additional prompts when connecting with SSH, SFTP, WinSCP, FileZilla or similar clients.
Step 2 – Display Your Public Key
Run the following command in PowerShell:
type $env:USERPROFILE\.ssh\id_ed25519.pub
Copy the full output. It should start with ssh-ed25519.
Step 3 – Add the Public Key to Your Service
Windows PowerShell does not include the ssh-copy-id command by default.
If you are using WSL, Git Bash or another Linux-like shell on Windows, you can add your public key automatically with:
ssh-copy-id username@server.hostname.com
Replace:
- username with your service username.
- server.hostname.com with your service hostname.
You will be asked for your SSH password. After successful authentication, your public key will be added automatically.
If ssh-copy-id is not available, add the public key manually using the steps below.
Log in to your service via SSH using your password:
ssh username@server.hostname.com
Create the ~/.ssh directory if it does not already exist:
mkdir -p ~/.ssh
Open the authorized_keys file:
nano ~/.ssh/authorized_keys
Paste your public key into the file, then save it.
Set the correct permissions:
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
Step 4 – Connect Using Your SSH Key
From PowerShell, connect to your service:
ssh username@server.hostname.com
If everything is configured correctly, you should be able to log in using your SSH key.
Using a Custom SSH Key File
If you saved your SSH key under a custom name or in a custom location, specify it with the -i option:
ssh -i ~/.ssh/my_custom_key username@server.hostname.com
On Windows PowerShell, it may look like this:
ssh -i $env:USERPROFILE\.ssh\my_custom_key username@server.hostname.com
Remove or Replace an SSH Key
If you want to remove an old SSH key or replace it with a new one, edit the authorized_keys file on your service.
Step 1 – Log in to Your Service
Log in using SSH:
ssh username@server.hostname.com
Step 2 – Open the authorized_keys File
Open the authorized_keys file:
nano ~/.ssh/authorized_keys
Each line in this file usually represents one allowed SSH public key.
Step 3 – Remove the Old Key
Find the old public key you want to remove and delete the whole line.
Do not remove all keys unless you are sure you can still log in using your SSH password or another working SSH key.
Step 4 – Add the New Key
Paste your new public key on a new line in the same file.
The public key usually starts with ssh-ed25519 or ssh-rsa.
Step 5 – Save the File and Check Permissions
Save the file and set the correct permissions:
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
Step 6 – Test the New Key
Open a new terminal window and test the connection before closing your existing SSH session:
ssh username@server.hostname.com
If the login succeeds, the new SSH key has been added correctly.
Optional: Create an SSH Config Entry
You can create an SSH config entry to make connecting easier.
On Linux or macOS, edit:
nano ~/.ssh/config
On Windows, edit or create:
C:\Users\YourUser\.ssh\config
Add the following configuration:
Host myservice
HostName server.hostname.com
User username
IdentityFile ~/.ssh/id_ed25519
Replace:
- myservice with any name you like.
- server.hostname.com with your service hostname.
- username with your service username.
- ~/.ssh/id_ed25519 with the path to your private key if you used a different file.
After that, you can connect using:
ssh myservice
Troubleshooting
Permission Denied
If you receive a Permission denied error, verify that:
- You added the correct public key to
~/.ssh/authorized_keys. - You are connecting with the correct service username.
- You are using the correct service hostname.
- Your private key is stored on your local device.
Wrong File Permissions
If SSH refuses to use your key, check the permissions on your service:
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
On your local Linux or macOS device, also make sure your private key has secure permissions:
chmod 600 ~/.ssh/id_ed25519
Debug SSH Connection
To get more details about the connection problem, use:
ssh -vvv username@server.hostname.com
This command shows detailed SSH debug output, which can help identify authentication issues.
Password Login
Adding an SSH key does not automatically disable password login. Password authentication is controlled by the server SSH configuration and cannot be disabled from the ~/.ssh directory by a regular user.
Verification
Make sure you copied the public key to your service, not the private key. The private key should always remain on your local device. If you replaced an SSH key, always test the new key in a separate terminal window before closing your current SSH session.
If you can connect to your service using SSH without entering your SSH password, your SSH key authentication is configured correctly.