SSH Keys

The upload/import of your SSH key is done via User Profile section «SSH keys». The SSH keys managed there can then be assigned to one or more hostings under menu item «SSH access».

Upload/Import SSH key

If you don't have a SSH key pair (private/public key) yet, you can create one with OpenSSH command ssh-keygen:

Security

We recommend you to create the SSH key pair of type Ed25519, which is the latest and most secure standard. Alternatively you can use RSA with a minimum length of 4096-bit. The increased number of rounds (-a) is recommended to make your private key less vulnerable to brute-force attacks.

$ ssh-keygen -t ed25519 -a 100
# or:
$ ssh-keygen -t rsa -b 4096 -a 100

This will create your own key pair, which you can find in the following files:

# ed25519
~/.ssh/id_ed25519
~/.ssh/id_ed25519.pub

# rsa
~/.ssh/id_rsa
~/.ssh/id_rsa.pub

The file id_ed25519 represents the private key, which you should never pass on to anybody. The file id_ed25519.pub is your public key, which you can upload here.

If your system hides the directory ~/.ssh/ and it is too inconvenient for you to make it visible for the upload (in the macOS Finder hit this keystroke: Command+Shift+Dot), you can alternatively upload the complete content of the public key via copy-paste. Display it like this:

$ cat ~/.ssh/id_ed25519.pub

Please make sure that you copy the whole line without carriage returns. It is one long line, which usually starts with ssh-ed25519 or ssh-rsa.

Verification

Newly uploaded SSH keys (public key) are not automatically activated. For security reasons we decided to use the following procedure – click on «Verify» next to the SSH key:

1. Preview SSH Agreement: View the unsigned SSH agreement as a PDF and read it carefully.
2. Contact Information: Enter the complete contact information for the corresponding SSH key. Person and address may differ from the actual user or owner (customer) of a hosting subscription. If you have uploaded a key of an employee, please enter his correct address. A SSH key always belongs to a single person and should never be shared by several people!
3. Signature: Sign the SSH agreement by entering your signature via mouse or finger when using a smartphone and click on the «Sign» button afterwards. With this you accept the SSH agreement. We only accept this type of signature. Please do not send us a hand-signed SSH agreement.
4. Download Signed Agreement: Now download the SSH agreement as a PDF and make sure your address and signature show up on it.

Onlime GmbH will review your application and unlock the SSH key. Even if the SSH key has not yet been verified by us, it can already be added to a hosting under «SSH Access». It will simply be activated once we have verified it.

:: warning Attention! If you have accepted the SSH agreement by signing it, the contact data cannot be adjusted afterwards. :::

Fingerprint

How to check the fingerprint of your SSH key:

$ ssh-keygen -l -f ~/.ssh/id_ed25519.pub

or by explicitly specifying the fingerprint hash algorithm (on systems where SHA256 is not the default):

$ ssh-keygen -l -E sha256 -f ~/.ssh/id_ed25519.pub