SSH keyring management

In order to simplify access during the creation of servers or instances, we provide you with a way to manage your SSH keyring via your Gandi interface.

To use this feature, start by logging into our website and going to the “Account Management” tab, and then “SSH keys” which you will see on the right. You will then be provided with an interface that you can use to add or delete your public SSH keys.

You must have a public/private SSH pair for this to work. Please note that the private key remains on your computer, it is the public key is what you will provide to Gandi and put in your keyring.

Key generation

  • Linux : To generate a pair of keys (public/private), you can use the tool provided with OpenSSH (“ssh-keygen'” available by default under Linux) with the following command: ssh-keygen.
$ ssh-keygen -t rsa -b 2048
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa):
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/user/.ssh/example_rsa.
Your public key has been saved in /home/user/.ssh/
The key fingerprint is:
eb:79:fb:3f:15:ff:3a:04:dd:46:74:3b:da:a2:2b:9b alex@jbim
The key's randomart image is:
+--[ RSA 2048]----+
|               .o|
|                +|
|             . = |
|            . +.+|
|        S    + oo|
|         .  . o o|
|        .  . . ..|
|       . oo . o .|
|        oE++..o+ |

By default, the keys are placed in the .ssh subdirectory in your home directory.

$ ls ~/.ssh/
authorized_keys  id_rsa       known_hosts
  • Windows : You can use the 'PuttyGen' generator that can be downloaded on this page

The .pub file is your public key, it is the one that must be added to your keychain. The id_rsa file contains your private key, which muse NEVER be communicated. Only the public key must be sent to a server or an instance!

Adding a key to your keychain

We are now going to add the key to our keychain. We must first, however, recover the key's content:

$ cat .ssh/ 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7ReoJ3g7inzFkE3EazHf8R9ypx6WOonQbbT43/n0PCUU6/7MZgv3GK7lNkwV4L+oaTLm5cjVDLwpiWrkFZtOpekv+gkxqwIFT8R+AeHbNbIov3An/WZXOxJmgIm/p8cdiHtgA0wsJydol9OOHDdd/g+oRy0OG8U6zk/3Wtme7EZBLqGfBMjrnJBacHM65RyIzDnuwN0ejSX3GvtMoqIkWLpbaCFotR23fhs1hz4q6fZZctNGNG/6pzap9QOn8WHV6B+F4/N1I4Pk4QAeUOoC5UXkwNAinhSYPitwFlqmM3IU/spkzUedJc6uZp4lZ+Fl1VE9YKYjuAvu904PhSp2r alex@jbim

Next, to add it, go to the following address and click on “Add an SSH key” and copy and paste the contents of your SSH key where prompted:

You can add as many keys as you want to your keyring:

Deployment of the SSH key on an instance

During the creation of the instance

During the creation of the instance, you have the possibility of deploying an SSH key:

  • By choosing a key that is already present in your keyring,
  • By indicating the SSH key directly in the corresponding field (with the possibility of adding it to the keyring)

On an existing instance

To easily deploy a key on a pre-existing instance, go to the instance's control panel, and then in the “Access” table, click on “Add” that you see to the right of “SSH keys”:

A popup will then appear, where you can either add a key that is already present in your keyring or add a new one:

Deployment of an SSH key on a server

To deploy an SSH key from your keyring to a new server, proceed with the creation of the server as usual, and then in the “Connection parameters” section, you will be able to:

  • Select an existing SSH key from your keyring,
  • Add a key that is not present in the keyring, and then add it automatically to the keyring afterwards.

By only indicating one SSH key, your server's console will not be available. If you want to use the console, you will need to activate it and define a password beforehand. For this, see our page on activating the emergency console

Last modified: 09/24/2014 at 14:37 by Ryan A. (Gandi)