Below explains how to add a SSH key on the host server of an existing Storage Box.
Before you follow this how-to guide, open the overview of your Storage Box in Hetzner Console to check if SSH support is enabled. If you want to upload the SSH key via SSH and it is not enabled yet, select the action "Change settings" and enable SSH support now. After you activate SSH, it can take a few minutes before you can access your Storage Box via TCP.
-
Generating SSH keys
You can use
ssh-keygen
to generate a new pair of SSH keys. Run the command on the device from which you want to connect to the Storage Box.local-device> ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: cb:3c:a0:39:69:39:ec:35:d5:66:f3:c5:92:99:2f:e1 root@local-device The key's randomart image is: +--[ RSA 2048]----+ | | | | | | | . = | | . S = * o | | . = = + + = | | X o = E . | | o + . . . | | . | +-----------------+
Warning: With the default settings, using
ssh-keygen
will overwrite an existing SSH key! As an alternative, with the parameter-f
, you can specify a different file path.
-
Uploading the SSH key
On your local device, you should now see the private and the public key. To add the public key on the host server of your Storage Box, choose one of the following options:
Option 1: Via SSH
Run the following command to upload your public key to the host server of your Storage Box for both ports:
local-device> cat ~/.ssh/id_rsa.pub | ssh -p23 uXXXXX@uXXXXX.your-storagebox.de install-ssh-key uXXXXX@uXXXXX.your-storagebox.de's password: Key No. 1 (ssh-rsa user@host) was installed in RFC4716 format Key No. 1 (ssh-rsa user@host) was installed in OpenSSH format
You can now use the public SSH key to login without a password.
Option 2: Extended SSH Service on Port 23 (SFTP/Rsync/BorgBackup)
Port 23 uses the one-line OpenSSH format of the public key.
-
Upload with
ssh-copy-id
(OpenSSH 8.5+)ssh-copy-id -p 23 -s uXXXXX@uXXXXX.your-storagebox.de
-
Upload without
ssh-copy-id
(manually)If you have an older OpenSSH client software, you can also upload the public key manually:
ssh -p 23 uXXXXX@uXXXXX.your-storagebox.de mkdir .ssh scp -P 23 .ssh/id_rsa.pub uXXXXX@uXXXXX.your-storagebox.de:.ssh/authorized_keys
Option 3: SSH Service on Port 22 (SFTP)
For the SSH service on port 22, you must convert your public key into the RFC4716 format and then upload it.
-
Converting your key to RFC4716 format
ssh-keygen -e -f .ssh/id_rsa.pub > .ssh/id_rsa_rfc.pub
The public SSH key should now look like the one below:
cat .ssh/id_rsa_rfc.pub ---- BEGIN SSH2 PUBLIC KEY ---- Comment: "<comment>" AAAAB3NzaC1yc2EAAAABIwAAAQEAz+fh731CVfH3FPM0vK5hX7NT5HogdBEQ4ryGJIeVMv mCQJWwrFtdWh1pXMyXsYzXq1xbjILgCZGn+H0qUBKopJaa/Pzsw5U0UyRgiFhU2k0eiHUq pkiixTbHcLsCj3kjAv5i07wZJ/ot246hLQD1PtSQtcX7nHvhdhenOTGO+ccpM2KEdX1E64 eaTtO9Bf7X4OTXnRxS7tjYH9sls5DOunpvoIZLvbmcVw1+wMdJBXOAU6/tnkN5N3mYE4Hu JjnRtBAI9MS9Tt3DNAp1K/udUHA6hfYf08fxYs9uwsCM793b7FczmVvHEIwIKszG7Jwiwo Dqit4EExR8bNNCeD6D3Q== ---- END SSH2 PUBLIC KEY ----
-
Upload
echo "mkdir .ssh" | sftp uXXXXX@uXXXXX.your-storagebox.de scp .ssh/id_rsa_rfc.pub uXXXXX@uXXXXX.your-storagebox.de:.ssh/authorized_keys
-
-
Testing the SSH key
Depending on which SSH key format you have uploaded, you should be able to log in without a password on port 22 and/or 23:
sftp -P <22 oder 23> <Benutzername>@<Benutzername>.your-storagebox.de Connected to <Benutzername>.your-storagebox.de. sftp> quit