Technical guide on injecting public SSH keys during the Hovixa VPS deployment process. Learn to eliminate password vulnerability and automate secure root access via SolusVM 2.
Managing SSH Keys During Initial VPS Deployment
Using SSH keys instead of traditional passwords is the industry standard for securing Linux infrastructure. SSH keys provide cryptographic proof of identity that is virtually impossible to brute-force. Hovixa's SolusVM 2 platform allows you to inject your public SSH keys into the guest OS during the initial provisioning phase, ensuring your server is secured from the very first boot.
1. Generating Your SSH Key Pair
Before deploying, you must have a key pair on your local machine. If you do not have one, generate a high-entropy Ed25519 key (recommended) or an RSA 4096-bit key.
# On your local terminal: ssh-keygen -t ed25519 -C "[email protected]"
This creates two files: a private key (keep this secret) and a public key (e.g., id_ed25519.pub), which you will provide to Hovixa.
2. Injecting Keys During Deployment
When creating a new Virtual Machine at vm.hovixa.com, you have two primary methods for key injection:
Method A: The "SSH Keys" Field
- During the "Create Virtual Machine" process, locate the SSH Keys section.
- Click Add New Key.
- Paste the entire contents of your
id_ed25519.pubfile (starts withssh-ed25519 ...). - Select this key before clicking Create.
Method B: Using Cloud-Init Scripts
For advanced deployments where you want to add keys for multiple users or configure custom permissions, use the Cloud-Init field:
#cloud-config
ssh_authorized_keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAA... user@local
3. Verifying the Deployment
Once the VPS status reaches Running, attempt to log in from your terminal. The system should grant access without prompting for a password (unless you set a passphrase on the key itself).
ssh root@your_vps_ip
4. Troubleshooting Injection Failures
| Common Issue | Diagnostic / Solution |
|---|---|
| Permission Denied | Verify that your local SSH agent is using the correct private key (ssh-add -l). |
| Prompted for Password | Cloud-init may still be running. Wait 60 seconds and retry. Ensure you selected the key in the portal. |
| Broken authorized_keys | Access the VM via VNC Console and check /root/.ssh/authorized_keys for syntax errors. |
5. Technical Implementation Details
- Metadata Service: SolusVM 2 passes the SSH key data to the instance via an internal metadata drive (CD-ROM mount). The
cloud-initservice inside the guest OS reads this data and writes it to~/.ssh/authorized_keys. - Immutable Security: Keys injected at deployment are only added to the root user by default. If you create secondary users later, you must manually copy the keys to their respective
.sshdirectories. - Disabling Password Auth: For maximum security, after verifying your key works, edit
/etc/ssh/sshd_configand setPasswordAuthentication no, then restart the SSH service.
Security Tip: Never share your **private key** with Hovixa support or anyone else. Our engineers only ever need your IP address and (occasionally) permission to access the hypervisor; we will never ask for your keys.
