SSH keys allow you to securely connect to your Instances, Elastic Metal servers, and Mac minis without using a password. An SSH key consists of a key pair, which has two elements:
You can generate the SSH key pair on your local machine. The process will depend on your operating system.
To complete the actions presented below, you must have:
On macOS and Linux, you can generate the SSH key pair directly from the terminal.
Open the terminal application by clicking on the corresponding icon.
Type the following command and press Enter to generate a new key:
It is strongly recommended to use Ed25519 for increased security and performance. If you cannot use Ed25519 keys, you can create an RSA4096 key as a fallback option:
When prompted to enter a file path in which to save the key, either specify a path or press Enter to accept the default location (~/.ssh/id_ed25519).
Enter a passphrase when prompted. This step is optional but recommended for increased security. If you do not want to set a passphrase, press Enter directly.
Confirm the passphrase by entering it again when prompted, and press Enter:
The key pair will be generated in the specified filepath. The key pair consists of:
id_ed25519.pubid_ed25519Ensure that the private key file (<key_name>) is kept secure. Do not share it with unauthorized parties. You can set appropriate permissions on the file to restrict access using the following command:
Display the content of the public key with the following command and copy it:
Copy the content of the public key displayed. You will need this in the next step. It should look something like this:
On Windows, you can use the third-party application PuTTYgen to generate an SSH key pair.
Download and install PuTTY on your local computer. The PuTTYgen application is automatically installed along with the main PuTTY application.
Launch PuTTYgen by double-clicking the application icon.
Select EdDSA and click the Generate button. You can also add a passphrase before generating the key to increase security.
Move the mouse around the blank area as instructed to generate randomness.
The public and private key are generated, and the following screen will display:
Complete the steps on the screen to finish:
Ensure that the private key file (<key_name>) is kept secure. Do not share it with unauthorized parties.
Open a terminal or command prompt on your local machine. This could be Terminal on macOS/Linux or the Command Prompt/PowerShell on Windows.
Run the following command to generate the RSA key pair:
This command will generate two files:
<key_name>: The private key file (e.g., id_rsa)<key_name>.pub: The public key file (e.g., id_rsa.pub)Ensure that the private key file (<key_name>) is kept secure. Do not share it with unauthorized parties. You can set appropriate permissions on the file to restrict access using the following command:
You must upload the content of the public part of the SSH key pair you just generated to the Scaleway interface. This is then transferred to your Instance during the boot process. You can then connect and authenticate from your local machine, where your private key is stored, to the remote Instance, where the public key can be found.
Log into the Scaleway console, and navigate to the Credentials tab of your Project Dashboard:
Scroll down to the SSH key section, and click Add a new SSH key.
Paste the content of the public key (which you copied in the previous step) into the pop-up box, and optionally add a description. Then click Add an SSH key.
You will now be able to connect to your Instances via SSH.
If you have any difficulties connecting to an Instance after uploading a new public SSH key to your Project, try the following:
scw-fetch-ssh-keys --upgrade command, which launches a script on your Instance to update your SSH keys. You can then check that the new key has been added to the authorized_keys file (~/.ssh/authorized_keys). Note that this command works only for Instances.