Creating SSH Keys

If you need to access an instance in your application's environment, you can log in via SSH.

Engine Yard enables login access to application instances via SSH. We have standardized the secure practice of using key-based authentication. This protects our customers’ instances from brute force attacks against a user/password-based authentication. An added benefit of key-based authentication is the ability to log in to an instance without a password.

Create a local SSH keypair

In order to SSH into an Engine Yard Cloud slice, you’ll need an SSH keypair on your local machine.

To check for existing SSH keypairs:

$ ls -la ~/.ssh

and look for private keys and their corresponding public keys, e.g. id_rsa and

If you already have a key that you wish to use then move on to the Adding SSH Keys to Engine Yard Cloud article. If you do not have any keys or you wish to generate a new key to use, then you can generate it using multiple methods:

Method 1: *nix Based CLI

This method is used when working from a Unix-like operating system, such as Linux, or when using WSL (Windows Subsystem for Linux). From the CLI, run the following command:

$ ssh-keygen -t rsa 

You should see a similar output to the following:

Generating public/private rsa key pair. 
Enter file in which to save the key (/Users/tbird/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/tbird/.ssh/id_rsa.
Your public key has been saved in /Users/tbird/.ssh/
The key fingerprint is:
c9:26:4a:1b:7d:35:9f:c3:c2:b0:b4:5a:7c:8c:65:d9 tbird@jupiter
The key's randomart image is:
+--[ RSA 2048]----+
| |
| o  |
|        o * E    |
|     . + % + .   |
|    o o S = =    |
|   . + * . . .   |
|    o .          |
|                 |
|                 |
  • The command prompt should ask you where to save the key, the default path is fine if you have no other keys. If generating additional keys then ensure this filename is different from existing keys.
  • Entering a passphrase is more secure. You can use an ssh-agent so that you won’t have to type your passphrase every time you connect.
  • The rest of the output will automatically be generated.


Upon completion of the key generation command, two files have been generated in the location you specified to save the key. Assuming you accepted the default file to save the key to, then the location is in a .ssh directory in your home directory, and you should see the following files in ~/.ssh:


The file is the public key file that you’ll upload to Engine Yard Cloud.

If you are using WSL, you can access WSL files from Windows by running the following command in the Ubuntu terminal.

explorer.exe .

This will open the Linux directory in Windows Explorer, with the WSL prefix “\wsl$\Ubuntu-18.04\home\<username>”. You can then navigate to the .ssh directory.

Method 2: PuTTYgen

If you are using Windows, you can easily generate an SSH pair using Putty:

  1. Download and install the PuTTY SSH Client for Windows.
  2. Navigate to Start menu -> All Programs -> PuTTY -> PuTTYgen.
  3. Click Generate to generate the key and follow the instructions.


After the key has been generated, it will be displayed on the Publick key field. You can enter a passphrase in the Key passphrase and Confirm passphrase fields to protect the key, and then click on the Save the public key and Save private key options. You will need to select a location for both files.

Next step

After your SSH key pair has been generated, you will need to add your public key to Engine Yard Cloud.

If you have feedback or questions about this page, add a comment below. If you need help, submit a ticket with Engine Yard Support.


  • Avatar
    Takasumi Shindo

    Following github online help explain about SSH Keys.

    Generating SSH Keys

    Comment actions Permalink
  • Avatar
    Takasumi Shindo

    各種 OS 上での SSH 鍵の作り方については、GitHub の  に詳しく説明されています。

    Comment actions Permalink
  • Avatar
    Permanently deleted user

    Hi Mr. Shindo,

    Thank you so much for your comment. It's helpful for everyone. 

    Takahiro Imanaka

    進藤 様 



    Engine Yard 今中

    Comment actions Permalink
  • Avatar
    Andrew Jenkins

    Hi, I have a little bit of critique.

    1) Your directions presume a singular RSA key is installed onto a users' computer and fail to provide any additional information on how to handle the situation where a user may already have another SSH key in place for another site/purpose. (Almost overwrote the RSA key that I'd already created for github using their specified syntax including the "-b 4096" suffix - and a different user identity - due to that omission)

    I realize that it might be presumed to be "given" knowledge, at least for IT support staff who work in your company and hosting industry, but it's not the case for everyone who patronizes your company's services, at a guess, especially for the "little guys".

    2) You forget to remind the user that following addition of the new key, they need to APPLY to the instance(s) for which it will be used.

    Again, this might be considered "apriori" for IT people who do this stuff over and over and over again, day in day out, (figuratively speaking) but not necessarily for the outside world. Personally, I've performed this process less times than I have fingers over the past 10 years.


    Andrew Jenkins

    Comment actions Permalink
  • Avatar
    Paul Tingle

    Hi Andrew,

    Thanks for you feedback. I've updated the document to cover handling existing keys. With regards to the required Apply run, this is covered in the document, which should be worked through as the next stage of the process.

    Comment actions Permalink

Please sign in to leave a comment.

Powered by Zendesk