SSH Keys
SSH keys provide secure access to your pods and virtual machines. Manage your keys from the SSH Keys page.
Why SSH Keys?
SSH keys are more secure than passwords:
- No password to intercept
- Unique per-device authentication
- Can be revoked without changing passwords
- Industry-standard security
Viewing SSH Keys
Navigate to SSH Keys to see all your keys:
- Name: Key identifier
- Type: RSA or ED25519
- Fingerprint: Unique key identifier
- Created: When the key was added
- Last Used: Recent activity
- Default: Whether it’s your default key
Adding an Existing Key
If you already have an SSH key:
Step 1: Find Your Public Key
# View your public key
cat ~/.ssh/id_rsa.pub
# or
cat ~/.ssh/id_ed25519.pub
Step 2: Add to Podstack
- Click Add SSH Key
- Enter a descriptive name
- Paste your public key (starts with
ssh-rsaorssh-ed25519) - Click Add Key
Generating a New Key
Create a new key pair directly in Podstack:
Step 1: Generate
- Click Generate New Key
- Choose key type:
- ED25519 (recommended): Faster, smaller, more secure
- RSA: Wider compatibility, choose 4096-bit
- Enter a name for the key
- Click Generate
Step 2: Download Private Key
Important: Download the private key immediately!
- Click Download Private Key
- Save securely to your computer
- The private key is shown only once
Step 3: Configure Local Machine
# Move to SSH directory
mv ~/Downloads/podstack_key ~/.ssh/
# Set correct permissions
chmod 600 ~/.ssh/podstack_key
# (Optional) Add to SSH agent
ssh-add ~/.ssh/podstack_key
Setting a Default Key
The default key is automatically selected when creating pods/VMs:
- Find the key in the list
- Click Set as Default
- Key is marked with a default badge
Using SSH Keys
When Creating Resources
- During pod/VM creation
- Select an SSH key from the dropdown
- Key is automatically configured in the resource
Connecting
# Using default SSH key
ssh root@<resource-address>
# Using specific key
ssh -i ~/.ssh/podstack_key root@<resource-address>
Key Types
ED25519 (Recommended)
# Generate locally
ssh-keygen -t ed25519 -C "your_email@example.com"
Benefits:
- Faster authentication
- Smaller key size
- Strong security
- Modern standard
RSA
# Generate locally (use 4096 bits)
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
Benefits:
- Universal compatibility
- Well-tested
- Works with older systems
Managing Keys
Viewing Key Details
Click on a key to see:
- Full public key
- Fingerprint
- Resources using this key
- Creation and usage dates
Deleting a Key
- Find the key in the list
- Click Delete
- Confirm deletion
Warning: Resources using this key will lose SSH access. Add a new key to those resources first.
Security Best Practices
Protect Private Keys
# Correct permissions
chmod 600 ~/.ssh/your_private_key
# Never share private keys
# Never commit to git
Use Passphrases
Add a passphrase when generating keys:
ssh-keygen -t ed25519 -C "email@example.com"
# Enter passphrase when prompted
Regular Rotation
- Rotate keys periodically (every 6-12 months)
- Revoke keys for departed team members
- Use different keys for different purposes
SSH Agent
Use SSH agent to avoid typing passphrases:
# Start agent
eval "$(ssh-agent -s)"
# Add key
ssh-add ~/.ssh/podstack_key
Troubleshooting
Permission Denied
# Check key permissions
ls -la ~/.ssh/
# Fix permissions
chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_*
chmod 644 ~/.ssh/id_*.pub
Wrong Key Used
# Specify key explicitly
ssh -i ~/.ssh/correct_key root@host
# Or configure in ~/.ssh/config
Host podstack
HostName resource.cloud.podstack.ai
User root
IdentityFile ~/.ssh/podstack_key
Key Not Working
- Verify key is added to Podstack
- Verify key is assigned to the resource
- Check you’re using the matching private key
- Verify key type is supported
SSH Config File
Simplify connections with SSH config:
# Edit ~/.ssh/config
Host my-pod
HostName abc123.cloud.podstack.ai
User root
IdentityFile ~/.ssh/podstack_key
# Then connect simply with:
ssh my-pod
Next Steps
- Create API Tokens for programmatic access
- Deploy a Pod using your SSH key