How-To: Add SSH keys

Last change on 2025-06-25 • Created on 2020-05-18 • ID: ST-AC1B1

Below explains how to add a SSH key on the host server of an existing Storage Box.

Before you follow this how-to guide, open the overview of your Storage Box in Hetzner Console to check if SSH support is enabled. If you want to upload the SSH key via SSH and it is not enabled yet, select the action "Change settings" and enable SSH support now. After you activate SSH, it can take a few minutes before you can access your Storage Box via TCP.

  1. Generating SSH keys

    You can use ssh-keygen to generate a new pair of SSH keys. Run the command on the device from which you want to connect to the Storage Box.

    local-device> ssh-keygen
    Generating public/private rsa key pair.
    Enter file in which to save the key (/root/.ssh/id_rsa):
    Enter passphrase (empty for no passphrase):
    Enter same passphrase again:
    Your identification has been saved in /root/.ssh/id_rsa.
    Your public key has been saved in /root/.ssh/id_rsa.pub.
    The key fingerprint is:
    cb:3c:a0:39:69:39:ec:35:d5:66:f3:c5:92:99:2f:e1 root@local-device
    The key's randomart image is:
    +--[ RSA 2048]----+
    |                 |
    |                 |
    |                 |
    |         .   =   |
    |      . S = * o  |
    |   . = = + + =   |
    |    X o =   E .  |
    |   o + . .   .   |
    |    .            |
    +-----------------+

    Warning: With the default settings, using ssh-keygen will overwrite an existing SSH key! As an alternative, with the parameter -f, you can specify a different file path.


  1. Uploading the SSH key

    On your local device, you should now see the private and the public key. To add the public key on the host server of your Storage Box, choose one of the following options:

    Option 1: Via SSH

    Run the following command to upload your public key to the host server of your Storage Box for both ports:

    local-device> cat ~/.ssh/id_rsa.pub | ssh -p23 uXXXXX@uXXXXX.your-storagebox.de install-ssh-key
    uXXXXX@uXXXXX.your-storagebox.de's password:
    Key No. 1 (ssh-rsa user@host) was installed in RFC4716 format
    Key No. 1 (ssh-rsa user@host) was installed in OpenSSH format

    You can now use the public SSH key to login without a password.


    Option 2: Extended SSH Service on Port 23 (SFTP/Rsync/BorgBackup)

    Port 23 uses the one-line OpenSSH format of the public key.

    • Upload with ssh-copy-id (OpenSSH 8.5+)

      ssh-copy-id -p 23 -s uXXXXX@uXXXXX.your-storagebox.de
    • Upload without ssh-copy-id (manually)

      If you have an older OpenSSH client software, you can also upload the public key manually:

      ssh -p 23 uXXXXX@uXXXXX.your-storagebox.de mkdir .ssh
      scp -P 23 .ssh/id_rsa.pub uXXXXX@uXXXXX.your-storagebox.de:.ssh/authorized_keys

    Option 3: SSH Service on Port 22 (SFTP)

    For the SSH service on port 22, you must convert your public key into the RFC4716 format and then upload it.

    • Converting your key to RFC4716 format

      ssh-keygen -e -f .ssh/id_rsa.pub > .ssh/id_rsa_rfc.pub

      The public SSH key should now look like the one below:

      cat .ssh/id_rsa_rfc.pub
      ---- BEGIN SSH2 PUBLIC KEY ----
      Comment: "<comment>"
      AAAAB3NzaC1yc2EAAAABIwAAAQEAz+fh731CVfH3FPM0vK5hX7NT5HogdBEQ4ryGJIeVMv
      mCQJWwrFtdWh1pXMyXsYzXq1xbjILgCZGn+H0qUBKopJaa/Pzsw5U0UyRgiFhU2k0eiHUq
      pkiixTbHcLsCj3kjAv5i07wZJ/ot246hLQD1PtSQtcX7nHvhdhenOTGO+ccpM2KEdX1E64
      eaTtO9Bf7X4OTXnRxS7tjYH9sls5DOunpvoIZLvbmcVw1+wMdJBXOAU6/tnkN5N3mYE4Hu
      JjnRtBAI9MS9Tt3DNAp1K/udUHA6hfYf08fxYs9uwsCM793b7FczmVvHEIwIKszG7Jwiwo
      Dqit4EExR8bNNCeD6D3Q==
      ---- END SSH2 PUBLIC KEY ----
    • Upload

      echo "mkdir .ssh" | sftp uXXXXX@uXXXXX.your-storagebox.de
      scp .ssh/id_rsa_rfc.pub uXXXXX@uXXXXX.your-storagebox.de:.ssh/authorized_keys

  1. Testing the SSH key

    Depending on which SSH key format you have uploaded, you should be able to log in without a password on port 22 and/or 23:

    sftp -P <22 oder 23> <Benutzername>@<Benutzername>.your-storagebox.de
    Connected to <Benutzername>.your-storagebox.de.
    sftp> quit