How to Generate and Use SSH Keys for Secure Access

This guide explains how to generate and use SSH keys to connect to your service securely without entering your SSH password each time.

💡 Tip

Your service hostname, SSH username and SSH access details can be found in the Client Area under your service details.


What Are SSH Keys?

SSH keys are a secure authentication method used to log in to your account over SSH. Instead of using only a password, you generate a key pair:

  • Private key – kept on your local device and should never be shared.
  • Public key – added to your service account to allow SSH access.
âš  Important

Never share your private key with anyone. Only the public key should be copied to your service.


Linux and macOS

Step 1 – Generate an SSH Key

Open a terminal on your local computer and run:

ssh-keygen -t ed25519 -C "my-service"

When asked where to save the key, you can press Enter to use the default location:

~/.ssh/id_ed25519

When asked to enter a passphrase, you have two options:

  • Press Enter to leave it empty. This is the most convenient option because you will not be asked for the passphrase when using the key.
  • Enter a passphrase to protect your private key. If you do this, you may need to enter the passphrase when using the key, depending on your SSH client or key agent.
💡 Tip

For most users, leaving the passphrase empty is simpler and avoids additional prompts when connecting with SSH, SFTP, WinSCP, FileZilla or similar clients.


Step 2 – Add the Public Key to Your Service

Use ssh-copy-id to install your public key on your service:

ssh-copy-id username@server.hostname.com

Replace:

  • username with your service username.
  • server.hostname.com with your service hostname.

You will be asked for your SSH password. After successful authentication, your public key will be added automatically.

If you generated a custom key file, specify the public key manually:

ssh-copy-id -i ~/.ssh/my_custom_key.pub username@server.hostname.com

Step 3 – Connect Using Your SSH Key

Connect to your service:

ssh username@server.hostname.com

If everything is configured correctly, you should be able to log in using your SSH key.


Windows

Step 1 – Generate an SSH Key

Open PowerShell on your local computer and run:

ssh-keygen -t ed25519 -C "my-service"

When asked where to save the key, you can press Enter to use the default location:

C:\Users\YourUser\.ssh\id_ed25519

When asked to enter a passphrase, you have two options:

  • Press Enter to leave it empty. This is the most convenient option because you will not be asked for the passphrase when using the key.
  • Enter a passphrase to protect your private key. If you do this, you may need to enter the passphrase when using the key, depending on your SSH client or key agent.
💡 Tip

For most users, leaving the passphrase empty is simpler and avoids additional prompts when connecting with SSH, SFTP, WinSCP, FileZilla or similar clients.


Step 2 – Display Your Public Key

Run the following command in PowerShell:

type $env:USERPROFILE\.ssh\id_ed25519.pub

Copy the full output. It should start with ssh-ed25519.


Step 3 – Add the Public Key to Your Service

Windows PowerShell does not include the ssh-copy-id command by default.

If you are using WSL, Git Bash or another Linux-like shell on Windows, you can add your public key automatically with:

ssh-copy-id username@server.hostname.com

Replace:

  • username with your service username.
  • server.hostname.com with your service hostname.

You will be asked for your SSH password. After successful authentication, your public key will be added automatically.

If ssh-copy-id is not available, add the public key manually using the steps below.

Log in to your service via SSH using your password:

ssh username@server.hostname.com

Create the ~/.ssh directory if it does not already exist:

mkdir -p ~/.ssh

Open the authorized_keys file:

nano ~/.ssh/authorized_keys

Paste your public key into the file, then save it.

Set the correct permissions:

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

Step 4 – Connect Using Your SSH Key

From PowerShell, connect to your service:

ssh username@server.hostname.com

If everything is configured correctly, you should be able to log in using your SSH key.


Using a Custom SSH Key File

If you saved your SSH key under a custom name or in a custom location, specify it with the -i option:

ssh -i ~/.ssh/my_custom_key username@server.hostname.com

On Windows PowerShell, it may look like this:

ssh -i $env:USERPROFILE\.ssh\my_custom_key username@server.hostname.com

Remove or Replace an SSH Key

If you want to remove an old SSH key or replace it with a new one, edit the authorized_keys file on your service.

Step 1 – Log in to Your Service

Log in using SSH:

ssh username@server.hostname.com

Step 2 – Open the authorized_keys File

Open the authorized_keys file:

nano ~/.ssh/authorized_keys

Each line in this file usually represents one allowed SSH public key.


Step 3 – Remove the Old Key

Find the old public key you want to remove and delete the whole line.

âš  Important

Do not remove all keys unless you are sure you can still log in using your SSH password or another working SSH key.


Step 4 – Add the New Key

Paste your new public key on a new line in the same file.

The public key usually starts with ssh-ed25519 or ssh-rsa.


Step 5 – Save the File and Check Permissions

Save the file and set the correct permissions:

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

Step 6 – Test the New Key

Open a new terminal window and test the connection before closing your existing SSH session:

ssh username@server.hostname.com

If the login succeeds, the new SSH key has been added correctly.


Optional: Create an SSH Config Entry

You can create an SSH config entry to make connecting easier.

On Linux or macOS, edit:

nano ~/.ssh/config

On Windows, edit or create:

C:\Users\YourUser\.ssh\config

Add the following configuration:

Host myservice
    HostName server.hostname.com
    User username
    IdentityFile ~/.ssh/id_ed25519

Replace:

  • myservice with any name you like.
  • server.hostname.com with your service hostname.
  • username with your service username.
  • ~/.ssh/id_ed25519 with the path to your private key if you used a different file.

After that, you can connect using:

ssh myservice

Troubleshooting

Permission Denied

If you receive a Permission denied error, verify that:

  • You added the correct public key to ~/.ssh/authorized_keys.
  • You are connecting with the correct service username.
  • You are using the correct service hostname.
  • Your private key is stored on your local device.

Wrong File Permissions

If SSH refuses to use your key, check the permissions on your service:

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

On your local Linux or macOS device, also make sure your private key has secure permissions:

chmod 600 ~/.ssh/id_ed25519

Debug SSH Connection

To get more details about the connection problem, use:

ssh -vvv username@server.hostname.com

This command shows detailed SSH debug output, which can help identify authentication issues.


Password Login

âš  Important

Adding an SSH key does not automatically disable password login. Password authentication is controlled by the server SSH configuration and cannot be disabled from the ~/.ssh directory by a regular user.


Verification

âš  Important

Make sure you copied the public key to your service, not the private key. The private key should always remain on your local device. If you replaced an SSH key, always test the new key in a separate terminal window before closing your current SSH session.

✔ SSH Key Setup Complete

If you can connect to your service using SSH without entering your SSH password, your SSH key authentication is configured correctly.

Was this answer helpful? 0 Users Found This Useful (0 Votes)