Creating SSH Keys

If you need to access an instance in your application's environment, you can log in via SSH.

Engine Yard enables login access to application instances via SSH. We have standardized the secure practice of using key-based authentication. This protects our customers’ instances from brute force attacks against a user/password-based authentication. An added benefit of key-based authentication is the ability to log in to an instance without a password.

Create a local SSH keypair

In order to SSH into an Engine Yard Cloud slice, you’ll need an SSH keypair on your local machine.

To check for existing SSH keypairs:

$ ls -la ~/.ssh

and look for private keys and their corresponding public keys, e.g. id_rsa and

If you already have a key that you wish to use then move on to the Adding SSH Keys to Engine Yard Cloud article. If you do not have any keys or you wish to generate a new key to use, then you can generate it using multiple methods:

Method 1: *nix Based CLI

This method is used when working from a Unix-like operating system, such as Linux, or when using WSL (Windows Subsystem for Linux). From the CLI, run the following command:

$ ssh-keygen -t rsa 

You should see a similar output to the following:

Generating public/private rsa key pair. 
Enter file in which to save the key (/Users/tbird/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/tbird/.ssh/id_rsa.
Your public key has been saved in /Users/tbird/.ssh/
The key fingerprint is:
c9:26:4a:1b:7d:35:9f:c3:c2:b0:b4:5a:7c:8c:65:d9 tbird@jupiter
The key's randomart image is:
+--[ RSA 2048]----+
| |
| o  |
|        o * E    |
|     . + % + .   |
|    o o S = =    |
|   . + * . . .   |
|    o .          |
|                 |
|                 |
  • The command prompt should ask you where to save the key, the default path is fine if you have no other keys. If generating additional keys then ensure this filename is different from existing keys.
  • Entering a passphrase is more secure. You can use an ssh-agent so that you won’t have to type your passphrase every time you connect.
  • The rest of the output will automatically be generated.


Upon completion of the key generation command, two files have been generated in the location you specified to save the key. Assuming you accepted the default file to save the key to, then the location is in a .ssh directory in your home directory, and you should see the following files in ~/.ssh:


The file is the public key file that you’ll upload to Engine Yard Cloud.

If you are using WSL, you can access WSL files from Windows by running the following command in the Ubuntu terminal.

explorer.exe .

This will open the Linux directory in Windows Explorer, with the WSL prefix “\wsl$\Ubuntu-18.04\home\<username>”. You can then navigate to the .ssh directory.

Method 2: PuTTYgen

If you are using Windows, you can easily generate an SSH pair using Putty:

  1. Download and install the PuTTY SSH Client for Windows.
  2. Navigate to Start menu -> All Programs -> PuTTY -> PuTTYgen.
  3. Click Generate to generate the key and follow the instructions.


After the key has been generated, it will be displayed on the Publick key field. You can enter a passphrase in the Key passphrase and Confirm passphrase fields to protect the key, and then click on the Save the public key and Save private key options. You will need to select a location for both files.

Next step

After your SSH key pair has been generated, you will need to add your public key to Engine Yard Cloud.

If you have feedback or questions about this page, add a comment below. If you need help, submit a ticket with Engine Yard Support.


Article is closed for comments.