Server Controls
      Back to home
      1. Help Center
      2. How-to Guides
      3. Server Controls

      How do you generate and add an SSH key to the Cherry Servers client portal?

      A step-by-step guide to create and configure SSH keys for seamless server access.

      Key points to consider

      • Generating an SSH key provides secure, passwordless authentication for server access.
      • Public and private key pairs are generated. The private key remains securely on your local machine, In contrast, the public key can either be added to the Cherry Servers client portal for automated deployments or manually inserted directly onto the server for immediate access.
      • SSH key-based authentication helps protect against brute-force attacks and minimizes the risk of password-related vulnerabilities.
      • Adding the SSH key to the Cherry Servers client portal allows it to be linked with your servers, ensuring that deployed servers are immediately accessible without a password.
      • If you redeploy or rebuild a server, you may need to reset your known hosts to avoid SSH conflicts.

      Introduction

      SSH (Secure Shell) keys are a highly secure method for accessing remote servers without the need for traditional passwords. When generating an SSH key pair, it creates two cryptographic keys: a public key and a private key. These keys allow for secure, passwordless authentication, enhancing security and simplifying server management.

      Benefits of using SSH keys:

      • Stronger security – SSH keys offer robust protection against brute-force and password- guessing attacks, eliminating the need to expose server access through weak or reused credentials.
      • Seamless authentication - once configured, SSH keys enable direct access to your server without the need to enter a password each time. This is particularly useful for frequent server access, streamlining your workflow.
      • Scalable and flexible access - SSH keys are ideal for managing multiple servers. A single public key can be deployed across multiple instances, offering centralized and consistent authentication.
      • Compatibility across systems - SSH keys are supported across all major operating systems, including Linux, macOS, and Windows, ensuring seamless integration and management.

      SSH key types

      When creating an SSH key, you can choose from several key types, each with its strengths and use cases. Understanding these key types helps you select the most appropriate one for your server setup.

      1. RSA (Rivest–Shamir–Adleman)
        • Key length options: 2048, 3072, and 4096 bits.
        • Security level: strong but less secure than newer algorithms at the same key length.
        • Compatibility: RSA is the most widely supported SSH key type and is compatible with all SSH clients and servers.
      2. ED25519 (Edwards-curve Digital Signature Algorithm)
        • Key length: fixed at 256 bits.
        • Security level: high security with a much shorter key length; more efficient and faster than RSA.
        • Compatibility: supported by most modern SSH clients and servers (OpenSSH 6.5+).
      3. ECDSA (Elliptic Curve Digital Signature Algorithm)
        • Key length options: 256, 384, and 521 bits.
        • Security level: stronger per bit compared to RSA but slightly weaker than ED25519 for the same key size.
        • Compatibility: supported by most SSH servers, but less common than RSA.
      4. DSA (Digital Signature Algorithm)
        • Key length: fixed at 1024 bits.
        • Security level: weak by modern standards, considered deprecated, and not recommended.
        • Compatibility: supported but disabled by default in many modern OpenSSH implementations.

      Step-by-Step Instructions

      Step 1: Generate your SSH key

      1. Open your terminal:
        • Use Command Prompt (CMD) or PowerShell on Windows.
        • On Linux or macOS, simply open your default terminal application.
      2. Generate the SSH key pair:
        • To generate a new key, enter the following command: 
          $ ssh-keygen -t ed25519
        • If you prefer RSA, you can use this command: 
          $ ssh-keygen -t rsa -b 4096
      3. Choose the file location:
        You will be prompted to specify where to save the key. Press ENTER to accept the default location ~/.ssh/id_ed25519 or ~/.ssh/id_rsa (see Fig. 1).

        Fig. 1. Generating an ED25519 SSH key pair on Windows using Command Prompt.
      4. Set a passphrase (optional):
        For an additional layer of security, you can secure your SSH key with a passphrase. If you prefer not to, press ENTER twice to skip this step (see Fig. 2).

        Fig. 2. Specifying a passphrase during SSH key generation for enhanced security.
      5. SSH key generation complete:
        After completing the steps, you will see output like this (see Fig. 3):

        Fig. 3. Successful SSH key generation, displaying the key fingerprint and the random-art image for verification.
        This confirms that both your public key (.pub file) and private key are created.

      Step 2: Add your SSH key to the Cherry Servers client portal

      Important! Never share or upload your private key (id_ed25519 or id_rsa). The private key must stay on your local machine. Only the public key (ending with .pub) should be uploaded to the Cherry Servers client portal or inserted into the server. Exposing your private key can compromise server access!

      1. Locate your public key:
        • On Windows, it is usually stored in:
          C:\Users\<YourUsername>\.ssh\id_ed25519.pub (see Fig. 4)

          Fig. 4. The generated SSH key files (id_ed25519 for the private key and id_ed25519.pub for the public key) are stored in the .ssh directory. The public key is highlighted for clarity.
        • On Linux or macOS:
           ~/.ssh/id_ed25519.pub (see Fig. 5)

          Fig. 5. The generated SSH key files (id_rsa for the private key and id_rsa.pub for the public key) stored in the .ssh directory on a Linux system. The public key is highlighted for clarity.
      2. Open the public key file:
        Use any text editor to open the file (see Fig. 6).

        Fig. 6. The content of the public key (id_ed25519.pub) opened in Notepad on Windows.
      3. Copy the key contents:
        Highlight the entire key string and copy it to your clipboard. The key starts with ssh-ed25519 or ssh-rsa and ends with your machine's name.
      4. Navigate to Cherry Servers client portal:
        • Open your web browser and go to the Cherry Servers client portal.
        • Log in using your account credentials.
        • At the top right corner of the dashboard, click on your user icon. Switch to the user tab and select SSH keys from the menu (see Fig. 7).

          Fig. 7. Accessing the SSH key settings from the user menu in the Cherry Servers client portal user menu.
      5. Add the SSH key:
        • Click the blue "Add +" button to create a new SSH key entry. (see Fig. 8)

          Fig. 8. Click the “Add +” button to register a new SSH key.
        • In the pop-up window, provide a name (label) for your key, this helps you manage multiple keys later. Paste your copied public key into the "Key" field. Click "Add" to save it. (see Fig. 9)

          Fig. 9. Adding your SSH key by naming it and pasting the key content.
        • Once successful, you’ll see a confirmation message (see Fig. 10).

          Fig. 10. Success message confirming that the SSH key was saved.

      Step 3: Select your SSH key during server deployment or rebuild

      • Deploy a new server:
        When ordering a new server, you will be prompted to select an SSH key during the configuration step (see Fig. 11). This ensures that your SSH key will be automatically added to the server, allowing secure access without a password.


        Fig. 11. SSH key selection during a new server deployment.

      • Rebuild an existing server:
        The same SSH key selection is also available when rebuilding a server (see Fig. 12). This is useful when reinstalling the operating system or resetting your server configuration.


        Fig. 12. SSH key selection during a server rebuild.

      • Select your SSH key:
        From the drop-down menu labeled SSH keys, choose the key you previously added to the Cherry Servers client portal (see Fig. 13).


        Fig. 13. Selecting an existing SSH key from the list during server deployment or rebuild.
      • Access after deployment or rebuild:
        Once the process completes, you'll be able to connect via SSH using your private key without needing to enter a password manually.

      Step 4: Manually add your SSH key to a running server (if missed during deployment)

      If you forgot to select your SSH key during deployment, you can still add it manually:

      1. Copy your public key to the server:
        • For Windows: 
          $ type .\.ssh\id_ed25519.pub | ssh root@<Server's IP> "cat >> .ssh/authorized_key"
        • For Linux/macOS: 
          $ ssh-copy-id -i ~/.ssh/id_ed25519.pub root@<Server's IP>
      2. Authenticate:
        You will be prompted to enter your server password (see Fig. 14 and Fig. 15). This only happens once to add the key.

        Fig. 14. Adding the SSH key to a server manually using Windows CMD and type command. After successful authentication, this method appends the public key to the server's authorized_keys file.

        Fig. 15. Using ssh-copy-id on a Linux machine to copy the SSH public key to a remote server.
      3. Test your SSH login:
        Now, you should be able to SSH into the server without a password: 
        $ ssh root@<Server's IP>

      Step 5: Troubleshooting common SSH issues

      If you're unable to connect to your server using SSH, there are a few common causes and quick fixes that may resolve the problem:

      1. Host key verification failed (see Fig. 16 and Fig. 17).

        Fig. 16. "Host key verification failed" warning on Windows after a server rebuild, indicating a mismatch in the known_hosts file.

        Fig. 17. Host key verification error on Linux, showing the fingerprint mismatch and how to remove the outdated key using ssh-keygen.
        This error often appears after a server is rebuilt. Your system detects that the server's SSH fingerprint has changed. To fix it, remove the old host key from your known host's file:
        • On Windows (see Fig. 18): 
          $ ssh-keygen -f .\.ssh\known_hosts -R <Server's IP>

          Fig. 18. Removing outdated SSH host key on Windows using ssh-keygen -R.
        • On Linux/macOS (see Fig. 19): 
          $ ssh-keygen -f ~/.ssh/known_hosts -R <Server's IP>

          Fig. 19. Removing outdated SSH host key on Linux using ssh-keygen -R.
      2. Permission denied (publickey)
        This usually means the server doesn’t recognize your SSH public key. Check the following:

        • Ensure your public key is added to the server's ~/.ssh/authorized_keys file.

        • If using the Cherry Servers client portal, verify that the correct SSH key is attached to your server deployment or rebuild configuration.

      3. SSH connection timeout
        If your terminal hangs or fails to connect, consider the following checks:

        • Make sure your firewall allows incoming connections on Port 22.

        • Confirm you're using the correct IP address for the server.

        • Verify that the server is fully provisioned and online.

        For additional troubleshooting steps and access related issues, refer to our official guide: How to connect to your server and troubleshoot access issues

      Summary

      Using SSH keys for server access is a secure and efficient alternative to password-based login. By generating a key pair and adding the public key to the Cherry Servers client portal or directly to the server, you can establish password-less authentication for both new deployments and rebuilds. This guide covered key generation, integration with the portal, and common troubleshooting steps, helping you simplify server access while enhancing security across your infrastructure.