Generate, Import, and Maintain SSH Keys
This page explains the two main SSH Key workflows in detail: generating a new key pair in the browser and importing an existing public key into the platform. It also covers copying, deleting, naming, and rotation practices.
Generate, Import, and Maintain SSH Keys
This page explains the two main SSH Key workflows in detail: generating a new key pair in the browser and importing an existing public key into the platform. It also covers copying, deleting, naming, and rotation practices.
What to prepare before generating a key
Before you click Generate, decide the following:
- Who will use the key, such as an administrator, an automation runner, or a temporary operator.
- How the key should be named.
- Where the private key will be saved.
- Whether you need ED25519 or RSA.
Generate a new key pair in the web UI
- Open the SSH Keys page.
- Click Create.
- Choose Generate from the dropdown.
- Enter a name.
- Select the algorithm.
- Enter a comment.
- Click Generate.
What the fields usually mean
Name
- Used to identify the key inside the platform.
- Choose a clear name such as
prod-ops-adminordev-ci-runner.
Algorithm
ED25519is suitable for most modern environments.RSAis useful when you need compatibility with older systems.
Comment
- Use it for host name, owner, or purpose.
- It makes later cleanup and rotation easier.
What happens after generation
After a successful generation, the platform usually:
- Stores the public key under your account.
- Opens a dialog where you can copy or download the private key.
This dialog is critical
The private key is typically shown only once, so before you close the dialog you must do at least one of the following:
- Download the private key file.
- Copy the private key text and store it securely.
If you close the dialog directly, you usually cannot recover the private key from the platform later.
Import an existing public key
If you already have a public key, use the import flow:
- Click Create.
- Choose Import.
- Enter a name.
- Paste the full public key text.
- Submit the form.
Common validations during import
- Name cannot be empty.
- Public key content cannot be empty.
- The key format must be valid.
- The name cannot duplicate an existing entry.
- The same public key usually cannot be imported twice.
Copy public keys for reuse
When you want to reuse a key across multiple systems:
- Select one or more rows in the table.
- Click Copy.
- The selected public keys are copied to your clipboard.
If multiple keys are selected, the platform typically copies them as newline-separated text.
Delete and cleanup guidance
When deletion makes sense
- The key belonged to a user who no longer needs access.
- You completed a key rotation.
- The key was only for temporary testing.
What to confirm before deleting
- Whether any VM or script still depends on that key.
- Whether a replacement key already exists.
- Whether the relevant operators were informed.
Naming and rotation recommendations
Use at least two of the following in the key name:
- Environment, such as
prod,staging, ordev. - Role, such as
admin,deploy, orci. - Ownership, such as team name, system name, or responsible person.
This makes search, copying, and cleanup much easier later.
Common questions
I generated a key successfully but lost the private key. What now?
If the private-key dialog has already been closed, you usually cannot view it again. Generate a new key pair and replace the old one where needed.
Why does import say the format is invalid?
The most common reasons are incomplete pasted content, extra line breaks, or text that is not a standard SSH public key.
Where do I paste the copied public key?
The most common use cases are VM initialization, key distribution, or writing the key to another server's authorized_keys file.