Set up SSH keys

If you need to access an instance in your applications environment, you can login via SSH.

Engine Yard enables login access to application instances via SSH. We have standardized on the secure practice of using key based authentication. This protects our customers’ instances from brute force attacks against a user/password based authentication. An added benefit of key based authentication is the ability to login to an instance without a password.

Create a local SSH keypair

In order to SSH into an Engine Yard Cloud slice, you’ll need an SSH keypair on your local machine.

To check for existing SSH keypairs:

$ ls -la ~/.ssh

and look for private keys and their corresponding public keys, e.g. id_rsa and

If you already have a key that you wish to use then move on to the Add an SSH key to an Environment article.

If you do not any keys or you wish to generate a new key to use, then the command you run from a *nix based command line terminal is this: 

$ ssh-keygen -t rsa 

You should see a similar output to the following:

Generating public/private rsa key pair. 
Enter file in which to save the key (/Users/tbird/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/tbird/.ssh/id_rsa.
Your public key has been saved in /Users/tbird/.ssh/
The key fingerprint is:
c9:26:4a:1b:7d:35:9f:c3:c2:b0:b4:5a:7c:8c:65:d9 tbird@jupiter
The key's randomart image is:
+--[ RSA 2048]----+
| |
| o  |
|        o * E    |
|     . + % + .   |
|    o o S = =    |
|   . + * . . .   |
|    o .          |
|                 |
|                 |
  • The command prompt should ask you where to save the key, the default path is fine if you have no other keys. If generating additional keys then ensure this filename is different from existing keys.
  • Entering a passphrase is more secure. You can use an ssh-agent so that you won’t have to type your passphrase every time you connect.
  • The rest of the output will automatically be generated.


Upon completion of the key generation command, two files have been generated in the location you specified to save the key. Assuming you accepted the default file to save the key to, then the location is in a .ssh directory in your home directory, and you should see the following files in ~/.ssh:


The file is the public key file that you’ll upload to Engine Yard Cloud.

Next step

Add your public key to Engine Yard Cloud.

If you have feedback or questions about this page, add a comment below. If you need help, submit a ticket with Engine Yard Support.


  • Avatar
    Takasumi Shindo

    Following github online help explain about SSH Keys.

    Generating SSH Keys

    Comment actions Permalink
  • Avatar
    Takasumi Shindo

    各種 OS 上での SSH 鍵の作り方については、GitHub の  に詳しく説明されています。

    Comment actions Permalink
  • Avatar
    Takahiro Imanaka

    Hi Mr. Shindo,

    Thank you so much for your comment. It's helpful for everyone. 

    Takahiro Imanaka

    進藤 様 



    Engine Yard 今中

    Comment actions Permalink
  • Avatar
    Andrew Jenkins

    Hi, I have a little bit of critique.

    1) Your directions presume a singular RSA key is installed onto a users' computer and fail to provide any additional information on how to handle the situation where a user may already have another SSH key in place for another site/purpose. (Almost overwrote the RSA key that I'd already created for github using their specified syntax including the "-b 4096" suffix - and a different user identity - due to that omission)

    I realize that it might be presumed to be "given" knowledge, at least for IT support staff who work in your company and hosting industry, but it's not the case for everyone who patronizes your company's services, at a guess, especially for the "little guys".

    2) You forget to remind the user that following addition of the new key, they need to APPLY to the instance(s) for which it will be used.

    Again, this might be considered "apriori" for IT people who do this stuff over and over and over again, day in day out, (figuratively speaking) but not necessarily for the outside world. Personally, I've performed this process less times than I have fingers over the past 10 years.


    Andrew Jenkins

    Comment actions Permalink
  • Avatar
    Paul Tingle

    Hi Andrew,

    Thanks for you feedback. I've updated the document to cover handling existing keys. With regards to the required Apply run, this is covered in the document, which should be worked through as the next stage of the process.

    Comment actions Permalink

Please sign in to leave a comment.

Powered by Zendesk