Contact UsGet started

Adding a new user SSH key

Written by
Updated at April 10, 2025

The public SSH key of the root user is added when you lease a BareMetal server. To connect to the server over SSH, the user needs the private part of the SSH key.

If you have lost the private part of the SSH key you specified when leasing the server, you can add a new public SSH key to the root user profile.

Create a new SSH key pair

Before you add a key to the BareMetal server, create a new SSH key pair on your local computer for the root user to access the server over SSH:

  1. Open the terminal.

  2. Use the ssh-keygen command to create a new key:

    ssh-keygen -t ed25519 -C "<optional_comment>"

    You can specify an empty string in the -C parameter to avoid adding a comment, or you may not specify the -C parameter at all: in this case, a default comment will be added.

    After running this command, you will be prompted to specify the name and path to the key files, as well as enter the password for the private key. If you only specify the name, the key pair will be created in the current directory. The public key will be saved in a file with the .pub extension, while the private key, in a file without extension.

    By default, the command prompts you to save the key under the id_ed25519 name in the following directory: /home/<username>/.ssh. If there is already an SSH key named id_ed25519 in this directory, you may accidentally overwrite it and lose access to the resources it is used in. Therefore, you may want to use unique names for all SSH keys.

If you do not have OpenSSH installed yet, follow this guide to install it.

  1. Run cmd.exe or powershell.exe (make sure to update PowerShell before doing so).

  2. Use the ssh-keygen command to create a new key:

    ssh-keygen -t ed25519 -C "<optional_comment>"

    You can specify an empty string in the -C parameter to avoid adding a comment, or you may not specify the -C parameter at all: in this case, a default comment will be added.

    After running this command, you will be prompted to specify the name and path to the key files, as well as enter the password for the private key. If you only specify the name, the key pair will be created in the current directory. The public key will be saved in a file with the .pub extension, while the private key, in a file without extension.

    By default, the command prompts you to save the key under the id_ed25519 name in the following folder: C:\Users\<username>/.ssh. If there is already an SSH key named id_ed25519 in this directory, you may accidentally overwrite it and lose access to the resources it is used in. Therefore, you may want to use unique names for all SSH keys.

Create keys using the PuTTY app:

  1. Download and install PuTTY.

  2. Add the folder with PuTTY to the PATH variable:

    1. Click Start and type Change system environment variables in the Windows search bar.
    2. Click Environment Variables... at the bottom right.
    3. In the window that opens, find the PATH parameter and click Edit.
    4. Add your folder path to the list.
    5. Click OK.

  3. Launch the PuTTYgen app.

  4. Select EdDSA as the pair type to generate. Click Generate and move the cursor in the field above it until key creation is complete.

    ssh_generate_key

  5. In Key passphrase, enter a strong password. Enter it again in the field below.

  6. Click Save private key and save the private key. Do not share its key phrase with anyone.

  7. Click Save public key and save the public key to a file named <key_name>.pub.

Add a new key to the root user profile

Depending on the situation, you can use several methods for adding a new SSH key.

Tip

To paste text from the clipboard to the KVM console, use the Paste text here field in the upper right corner.

If you still can connect to the server as a root user with the password generated when leasing the server, you can add a new public SSH key without Rescue CD:

  1. Connect to the BareMetal server's KVM console.

  2. Authenticate as a root user in the KVM console terminal:

    • When prompted for username , type root and press ENTER:

      my-server login: root

    • In the Password: row, enter the root user's password generated when leasing the server.

  3. Navigate to the directory storing the SSH keys of the root user. Here is an example:

    cd /root/.ssh/

  4. Replace the authorized_keys file contents with your new public SSH key:

    echo "<new_SSH_key>" | tee authorized_keys

    If you want to add a new key without deleting the old one, include the -a parameter to the tee command:

    echo "<new_SSH_key>" | tee -a authorized_keys

    Note

    At this stage, you can also change the root user password for access to the server or change any other server OS settings that may prevent the server from booting or accepting connections correctly, as well as diagnose and troubleshoot errors as needed.

  5. Log out of the root user profile in the KVM console:

    logout

  6. From your local computer, connect to the server with a new SSH key to make sure it works:

    ssh root@<server_public_IP_address>

If you cannot connect to the server as a root user with the password generated when leasing the server, you can add a new public SSH key using the Rescue CD boot image. Proceed in the KVM console.

To add a new SSH key of the root user or to change other BareMetal server settings:

  1. Start the server from the Rescue CD image.

    In the main SystemRescue menu, select Boot SystemRescue using default options, press ENTER and wait for SystemRescue to load.

  2. View information about the server storage devices (disks and partitions created on them):

    fdisk -l

    Result:

    Disk /dev/sda: 838.36 GiB, 900185481216 bytes, 1758174768 sectors
Disk model: SAMSUNG MZ7GE900
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/0 size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: D79F5407-DEEC-4A1D-983F-3AC5********

Device      Start      End         Sectors      Size  Type
/dev/sda1   2048       614399      612352       299M  BIOS boot
/dev/sda2   614400     21585919    20971520     10G   Linux filesystem
/dev/sda3   21585920   34168831    12582912     6G    Linux filesystem
/dev/sda4   34168832   1732861951  1698693120   810G  Linux filesystem


Disk /dev/sdb: 838.36 GiB, 900185481216 bytes, 1758174768 sectors
Disk model: SAMSUNG MZ7GE900
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/0 size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: CDZACB4C-1618-4BAF-A6BB-D2B9********

Device      Start      End         Sectors      Size  Type
/dev/sdb1   2048       614399      612352       299M  BIOS boot
/dev/sdb2   614400     21585919    20971520     10G   Linux filesystem
/dev/sdb3   21585920   34168831    12582912     6G    Linux filesystem
/dev/sdb4   34168832   1732861951  1698693120   810G  Linux filesystem

Disk /dev/md127: 6 GiB, 6438256640 bytes, 12574720 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/0 size (minimum/optimal): 512 bytes / 512 bytes

Disk /dev/md126: 9.99 GiB, 10729029632 bytes, 20955136 sectors = 512 bytes
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/0 size (minimum/optimal): 512 bytes / 512 bytes

Disk /dev/md125: 809.88 GiB, 869596659712 bytes, 1698430976 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/0 size (minimum/optimal): 512 bytes / 512 bytes

Disk /dev/loop: 824.97 MiB, 865046528 bytes, 1689544 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes

    In the example above, the fdisk utility outputs information about the physical disks (/dev/sda and /dev/sdb) and their partitions, as well as the partitions of the RAID array created on the server (/dev/md127, /dev/md126, and /dev/md125).

    The disks /dev/sda and /dev/sdb are used in the RAID array, whereas the root file system of the server OS resides in the 809.88 GiB /dev/md125 partition. This is the partition you need to mount.

  3. Mount the partition with the root file system of the BareMetal server OS:

    mount /dev/md125 /mnt

  4. Create a new SystemRescue OS shell with the environment in the previously mounted BareMetal server OS file system:

    chroot /mnt /bin/bash

  5. Navigate to the directory storing the SSH keys of the root user. Here is an example:

    cd /root/.ssh/

  6. Replace the authorized_keys file contents with your new public SSH key:

    echo "<new_SSH_key>" | tee authorized_keys

    If you want to add a new key without deleting the old one, include the -a parameter to the tee command:

    echo "<new_SSH_key>" | tee -a authorized_keys

    Note

    At this stage, you can also change the root user password for access to the server or change any other server OS settings that may prevent the server from booting or accepting connections correctly, as well as diagnose and troubleshoot errors as needed.

  7. After performing all the required actions in the server’s file system, exit the environment you created.

    exit

  8. Unmount the BareMetal server file system:

    umount /dev/md125 /mnt

    Result:

    umount: /mnt: not mounted.

  9. Disable the virtual CD drive in the KVM console:

    1. In the KVM console window, in the top menu, select MediaVirtual Media Wizard... or click the CD icon.
    2. In the window that opens, click Disconnect under CD/DVD Media1.
    3. Click Close.

  10. Restart the server:

    reboot

  11. From your local computer, connect to the server with a new SSH key to make sure it works:

    ssh root@<server_public_IP_address>

See also

Previous
Using Rescue CD
Next
Restoring the OS bootloader