Learn how to create and manage SSH keys on your local device to connect to Public Cloud instances.
Using the SSH protocol enables a secure channel over an unsecured network in a client-server architecture, connecting an SSH client with an SSH server. Creating an SSH key set provides you with a public and a private key. You can place the public key on a server and then connect to it with a client that has the corresponding private key. If the public and private SSH keys match up, you will be logged in without needing a password.
This is usually the most secure and convenient connection method and the default on Public Cloud instances.
Requirements
- a Public Cloud project in your OVHcloud account
- an SSH client application (command line or GUI)
This guide is not applicable for standard Windows Server installations since they rely on the Remote Desktop Protocol
(RDP) for connections.
You can find more information in our create a Public Cloud instance guide.
Instructions
Creating an SSH key pair
The following instructions cover two methods of using SSH keys:
- Creating an Open SSH key pair and connecting to a server from the command line SSH client
- Creating a PuTTY key pair and connecting to a server from the PuTTY SSH client
You can use both methods side by side, but keep in mind that PuTTY
stores key files in a specific format, which makes them incompatible with SSH key files created with the Open SSH client. This means that a private key created with the command line SSH client will have to be converted to the PuTTY format first and vice versa.
Creating an SSH key pair from the command line
From a Mac computer or a device with a Linux OS installed, open the command line application (Terminal
).
Verify that you have a folder named .ssh
in your $HOME
directory. If the folder does not exist, create it:
On a current Windows OS, open the Command Prompt
by typing "cmd" into the search bar (or open PowerShell
from the menu). Go to the directory .ssh
for your active Windows user (by default: C:\Users\WindowsUsername\.ssh
):
Use the following command to create a 4096-bit RSA key:
Using the option -t
with this command allows you to specify a different encryption method, for example:
The command line will prompt you to save the newly created key in the standard file:
You can confirm with Enter
to accept the proposed file name or enter an individual name. This is relevant if more than one key pair is placed in the .ssh
directory. You can find more information about this in the section Managing multiple SSH keys.
This example uses the standard file names id_rsa
and id_rsa.pub
.
You can protect your SSH key with a passphrase at the next prompt. This is recommended for added security.
NOTE: Remote access to your instance is only as secure as the client device storing the private key. Protecting your device and files from unauthorized access is therefore crucial when using SSH keys.
For convenience and security purposes, consider using a password manager on your device, such as the open-source solution KeePass
.
All SSH keys should be stored in the .ssh
directory. The public key files will have .pub
added to the filename.
In order to view and export your public key, use the command cat
on your .pub
key file. Copy this key string to add it to a new instance or to import it into the OVHcloud Control Panel.
In a MacOS Terminal you can use the commands pbcopy
and pbpaste
to handle key strings faster. For example, use this command to copy the key from the file id_rsa.pub
to the clipboard:
pbcopy < ~/.ssh/id_rsa.pub
On a Windows OS, you can open the file with the Notepad
application from the File Explorer
(right-click
on the file and select Open with
) or use one of the following commands (in \Users\WindowsUsername\.ssh
):
cmd
powershell
Copy this key string to add it to a new instance or to import it into the OVHcloud Control Panel.
Clipboard usage
When working from a Windows command line, you can use a right-click
to paste the content of your clipboard into the command line window. To copy a string from the command line window, highlight it, then press Enter
. You can also find these functions via a right-click
on the menu bar.
Creating an SSH key pair with PuTTY
PuTTY is an open-source SSH client software with a graphical user interface, available for Windows and other operating systems. It provides a companion software to create SSH keys: PuTTY Key Generator
(PuTTYgen
).
The main purpose of PuTTY
is to manage SSH connections from a Windows client device to a GNU/Linux remote host. PuTTY
stores key files in a specific format that is incompatible with SSH key files created with the Open SSH client natively included in most contemporary operating systems.
If necessary, keys generated from the command line as explained above can be converted into the PPK format in order to use them with the PuTTY
client. For the most convenient use of SSH keys, decide on an option, and stick to it (Open SSH private keys or PuTTY
private keys).
If it is not already installed (check your applications list or use the search function), download PuTTY
from the official website. The recommended standard installation package contains PuTTYgen
but it is available as a standalone file on the website as well.
Open PuTTYgen
and select a supported encryption algorithm. This example uses RSA. Enter 4096 as the number of bits in the bottom right corner, then click on the button Generate
.
Move your mouse cursor freely about the area below the progress bar:
The key is ready when the progress bar is full.
Copy this key string to add it to a new instance or to import it into the OVHcloud Control Panel.
Save both keys as files by clicking the corresponding buttons and also enter a passphrase to protect them.
Remote access to your instance is only as secure as the client device storing the private key. Protecting your device and files from unauthorized access is therefore crucial when using SSH keys.
For convenience and security purposes, consider using a password manager on your device, such as the open-source solution KeePass
.
One advantage of using PuTTY
is the ability to save different connections as Sessions
. Find further information below.
Managing multiple SSH keys on your local device
You might want to use multiple SSH key pairs to connect to different remote hosts.
PuTTY
, skip to the corresponding section below.Since all keys should be placed in the folder .ssh
on your local device, the file names have to be different. When you create a new key pair and you are asked to provide a file name, enter a name of your choice. Match it to the name of your instance for example.
When connecting to the corresponding server, specify the name of the key file in addition to the user and server details:
Example:
As noted in previous sections, the same instructions will work on a Windows client. Only replace ~/
with the file path of your Windows user folder, by default C:\Users\WindowsUsername\
. (Example: ssh -i C:\Users\Username\.ssh/myInstance_rsa ubuntu@203.0.113.100
)
Using the "config" file
The alternative to adding the option -i
each time is to edit a file named config
inside the folder ~/.ssh
(\Users\Username\.ssh
for Windows). You can use it to configure details for different connections (username, port, key file, optional parameters, etc.)
If this file exists inside .ssh
, it probably contains some information already. Depending on your working environment, consider creating a backup copy of the original first.
Example of .ssh
folder content:
With the config
file, multiple SSH connections can be stored along with their parameters, in addition to standard values. Using the full potential of this file can become complex since it is most useful for experienced users managing multiple servers regularly.
Following is a simple example to explain how to configure an SSH connection to an instance.
Open the file and add the following lines at the top:
You can then connect to the instance with the alias name you have defined as Host
:
Only the server IP and the key file were specified in the previous example but more details can be added.
To configure an SSH connection to a second server with the username "rocky", the modified SSH port "49160" and the private key in the file "myserver_rsa", extend the file content as shown in this example:
You can then connect to this server by entering:
You can read the corresponding man page for more information.
Using PuTTY
PuTTY
can save credentials and parameters of an SSH connection as a Session
. This also enables you to connect to different servers using individual keys.
Open PuTTY
and expand the subsection SSH
in the left-hand menu, then click on Auth
and Credentials
.
Click on the Browse
button and select the PuTTY
private key file (keyfile.ppk
) from the folder in which you have saved it.
The key file is now associated with the current SSH session. Switch to Session
in the left-hand menu and enter your login credentials for the server (username@IPv4_address
).
Enter a name for this connection under Saved Sessions
and click on Save
to add it to the list.
From now on, you can click on this Session
item and open a connection to your server. To test it, click on Open
. If you have protected the key file with a passphrase, you have to enter it at this point.
Adding additional public keys to your instance
To add SSH keys for other users accessing your instance, repeat the key creation steps but use the appropriate $HOME
folder or Windows Users
directory of the user in question to create and store the SSH keys (or execute the commands on this person's dedicated device).
Use our dedicated guide for a detailed explanation of these steps.
Go further
- Creating and Connecting a Public Cloud instance
- Getting Started with SSH
- How to Configure Additional SSH Keys
For more information and tutorials, please see our other Public Cloud guides or other OVHcloud products and services.
If you need training or technical assistance to implement our solutions, contact your sales representative or click on this link to get a quote and ask our Professional Services experts for a custom analysis of your project.