Create and place an SSH key on a cloud server

SSH keys can be used for secure server connection via an encrypted SSH protocol. This is a pair of keys: the private key is stored on your local computer, and the public key is placed on the server.

We recommend using SSH keys instead of a login and password for authorization on a cloud server.

You can use SSH keys of the types ed25519, rsa, ecdsa, and dsa. Learn more about SSH keys for users.

1. Create an SSH key pair.

2. Optional: add a public SSH key to your user profile.

3. Place a public SSH key on a cloud server.

1. Create an SSH key pair

You can create SSH keys in two ways:

• via the OS;
• using the OpenStack CLI.

Create an SSH key pair via the OS

Linux/macOS

1. Open the CLI.

2. Generate an SSH key pair:

   ssh-keygen -t <key_type>

   Specify <key_type> — the SSH key type: ed25519, rsa, ecdsa or dsa

3. A message about choosing the directory to store the key pair in will appear — an example for an RSA key:

   Enter file in which to save the key (~/.ssh/id_rsa):

   To leave the directory for storing keys set to default, press Enter. If you want to select another directory, enter it in the format /path/to/id_rsa and press Enter.

4. Optional: enter a passphrase for additional protection, repeat it, and press Enter:

   Enter passphrase (empty for no passphrase):
   Enter same passphrase again:

5. Wait for the message confirming that the keys have been generated. Two files will be created: id_rsa (private key) and id_rsa.pub (public key). The key fingerprint and its image will appear in the terminal:

   Your identification has been saved in ~/.ssh/id_rsa
   Your public key has been saved in ~/.ssh/id_rsa.pub
   The key fingerprint is:
   The key's randomart image is:

6. Output the public SSH key:

   cat <path>

   Specify <path> — the full path to the public key you specified in step 3, for example ~/.ssh/id_rsa.pub.

Windows

1. Install PuTTY.

2. Open the PuTTYgen application.

3. In the Parameters → Type of key to generate field, select the RSA key type.

4. Click Generate.

5. Move the cursor in the PuTTYgen window until the key pair is created.

6. After creating the keys, click Save public key and Save private key.

7. Specify the path for storing the keys.

8. Optional: in the Key passphrase field, enter a passphrase for additional protection.

9. Copy the public SSH key.

Create an SSH key pair via OpenStack CLI

The SSH key will be available only for the single service user, project, and pool for which you configured authorization in the OpenStack API.

When generating SSH keys via the OpenStack CLI, the public key is automatically added to the user profile.

1. Open the OpenStack CLI.

2. Generate an SSH key pair:

   openstack keypair create <key_name> --private-key <file_for_key>

   Specify:

   • <key_name> — the key name;
   • <file_for_key> — the file where the private SSH key will be saved on your local computer.

2. Optional: add a public SSH key to the user profile

A public SSH key can be added to your own profile or to another user's profile. You can then place the key on the server when creating or on an existing server.

The key will be available in all projects to which the user has been added.

If you generated the SSH key pair via the OpenStack CLI, the public key was automatically added to the user profile.

To your profile

1. In the control panel, in the upper right corner, open the menu (account number) and select Profile.

2. Go to the Access section.

3. Open the SSH keys tab.

4. Click Add key.

5. Enter the key name.

6. Paste the public SSH key in OpenSSH format.

7. Click Add.

To another user's profile

Use the Add SSH key subsection of the Edit user data or permissions instructions. Only the Account Owner and a user with the iam.admin role can add keys for other users.

The key will be available in all projects to which the user has been added.

3. Place a public SSH key on a cloud server

You can place a public SSH key when creating a cloud server or on an existing server.

To access a cloud server via SSH, you need to add a public SSH key to the ~/.ssh/authorized_keys file on the server. You can add multiple keys, for example, if you need access for multiple users.

You can place public SSH keys on an existing server using a utility or manually.

Using a utility

The utility adds the public SSH key to the end of the ~/.ssh/authorized_keys file. The command used creates the directory and file if they do not exist yet.

From Linux/macOS

1. Open the CLI on your local computer.

2. Copy the public SSH key to the cloud server:

   ssh-copy-id -i <path> <username>@<ip_address>

   Specify:

   • <path> — the full path to the public key on your local computer, for example ~/.ssh/id_rsa.pub;
   • <username> — user name;
   • <ip_address> — the server's public IP address.

3. Enter the user password.

From Windows

1. Open the CLI on your local computer.

2. Copy the public SSH key to the cloud server:

   scp <local_path> <username>@<ip_address>:<server_path>

   Specify:

   • <local_path> — the full path to the public key on your local computer;
   • <username> — user name;
   • <ip_address> — the server's public IP address;
   • <server_path> — the path for storing the public key on the server, for example C:\Users\username\.ssh\authorized_keys.

Manually

1. Open the file with the public SSH key on your local computer:

   Linux/macOS

   cat <path>

   Specify <path> — the full path to the public key on your local computer, for example ~/.ssh/id_rsa.pub.

   Windows

   type <path>

   Specify <path> — the full path to the public key on your local computer, for example C:\Users\username\.ssh\id_rsa.pub.

2. Copy the public SSH key value.

3. Connect to the server.

4. Go to the .ssh directory:

   cd .ssh

5. Create the authorized_keys file:

   touch authorized_keys

6. Add the public SSH key to the authorized_keys file:

   echo <public_ssh_key> >> ~/.ssh/authorized_keys

   Specify <public_ssh_key> — the public SSH key you copied in step 2. It starts with ssh-rsa.

7. Configure access rights:

   chmod 700 ~/.ssh
   chmod 600 ~/.ssh/authorized_keys``

SSH keys for users

How to add a key to a user profile	For yourself: in the control panel, in the upper right corner, open the menu (account number) → Profile → section Access → tab SSH keys; for another user: in the control panel, in the top menu, click IAM → section Users or Service Users → user page; will be added automatically when creating SSH keys via the OpenStack CLI (openstack keypair create command); via API; via Terraform
How to place it on a cloud server when creating a server	Via OpenStack CLI (openstack server create command); via API; via Terraform
Available for users	For a single user of any type
Available in projects	In all projects to which the user has been added
Available in pools	Available in all pools if added in the control panel: IAM → section Users or Service Users → user page; available only in pools to which they were added via OpenStack CLI, API, Terraform
Where to view the list of keys	Own: in the control panel, in the upper right corner, open the menu (account number) → Profile → section Access → tab SSH keys; other users: in the control panel, in the top menu, click IAM → section Users or Service Users → user page; via OpenStack CLI (openstack keypair list command); via API; via Terraform