My customer account My customer account (#NIC#) ┃ Sales contact ┃ Webmail ┃

Support ▾

┃

Resources ▾

┃ OVHcloud Blog

Welcome to OVHcloud.

Go to webmail

Bare Metal Cloud
- Dedicated Servers
  Dedicated Servers
  Rise ServersHosting websites, streaming platforms and business applic...
  Advance ServersVersatile servers, adapted to suit your business needs.
  Storage ServersStore large amounts of data, archive or perform backups.
  HG Premium Customisable Servers - Big DataResource-intensive production uses, while offering high s...
  Game ServersHigh performance for video game designers and streaming p...
  Hosting ServersIdeal for Web hosting in Australia and Singapore
  Enterprise ServersEnterprise-level with up to 20 cores
  Infrastructure ServersHigh-bandwidth and top-range components
  Australian ServersAll our Australia hosted servers
  Distributions and licencesSee all our distributions and licences
- Virtual Private Servers
  Virtual Private Servers
  All VPSsView our full range of Virtual Private Servers
  Plesk-as-a-ServiceBuild and maintain your websites with one of the simplest...
  Help
- Managed Bare Metal
  Managed Bare Metal
  Managed Bare Metal Essentials powered by VMwareYour dedicated cloud available in 90 minutes
- Managed Big Data Clusters
- Data Platforms
  Data Platforms
  Logs Data PlatformIndex and analyse your logs in real time. Receive alerts ...
- Network and security solutions
  Network and security solutions
  All our network solutionsChoose the best options to enhance and secure your infras...
  Failover IPAn IP you can transfer between servers
  vRackConnect all of your infrastructures privately across the ...
  OVHcloud ConnectConnect your datacentre to OVHcloud
  BandwidthUpgrade your default guaranteed bandwidth
  Anti-DDoS Keep your dedicated infrastructures protected against DDo...
Hosted Private Cloud
Hosted Private Cloud
Get started Hosted Private Cloud
Quick Access
Public Cloud
Public Cloud
Get started Public Cloud
Quick Access
Web Cloud
Web Cloud
Get started Web Cloud
Quick Access
Enterprise
Enterprise
Get started Enterprise
Quick Access
Programs
Programs
Get started Programs
Quick Access
About
About

OVH Guides

Installing an OVHcloud SSH key

This guide will explain how to install an OVHcloud SSH key, allowing our administrators to make changes

Last updated 2018/04/19

Objective

In some cases, OVHcloud administrators will need to perform interventions on your dedicated server.

This guide will explain how to install an OVHcloud SSH key, allowing our administrators to make changes. It will also explain how to disable it.

Requirements

You must be logged in via SSH (root access).

Instructions

Step 1: install the key

Once you are logged in via SSH, enter the following command (listed in French below):

If your server is hosted by OVHcloud in Europe:

wget ftp://ftp.ovh.net/made-in-ovh/cle-ssh-public/installer_la_cle.sh -O installer_la_cle.sh ; sh installer_la_cle.sh

If your server is hosted by OVHcloud in Canada:

wget ftp://ftp.ovh.net/made-in-ovh/cle-ssh-public/installer_la_cleCA.sh -O installer_la_cle.sh ; sh installer_la_cle.sh

If this operation is complete, the file authorized_keys2 will have been created. It contains information in this form:

cat /root/.ssh/authorized_keys2
>>> from="XX.XX.XX.XX" ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIE.... suppport@cache-ng...
>>> from="::ffff:XX.XX.XX.XX" ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIE.... suppport@cache-ng...

Step 2: troubleshoot

Even if the key is correctly installed, our administrators still may not be able to access your server. If this is the case, please check the following points:

Check that the file /root/.ssh/authorized_keys2 exists

To check that this file exists, enter the following command:

cat /root/.ssh/authorized_keys2

Check that the SSH server is configured to accept connections from the root user.

To do this, check the following settings in the /etc/ssh/sshd_config folder:

PermitRootLogin yes
'AuthorizedKeysFile' .ssh/authorized_keys2
UsePAM yes

Then restart the SSH service:

/etc/init.d/sshd restart

Check that the default root user directory is /root.

You can use /etc/passwd to check this:

/# grep root /etc/passwd
>>> root:x:0:0:root:/root:/bin/bash

The 6th part of the line (parts are separated by :) must be /root.

Check that the firewall software will not block access.

If you are using firewall software, you will need to add an authorisation rule for the source cache-ng.ovh.net (cache-ng.ovh.ca for servers in Canada) with your SSH port as a destination port (port 22 by default). Below is an example of an iptables rule:

For a server in France:

iptables -t filter -A INPUT -p TCP -s cache-ng.ovh.net --dport 22 -j ACCEPT
iptables -t filter -A OUTPUT -p TCP -s cache-ng.ovh.net --dport 22 -j ACCEPT

For a server in Canada:

iptables -t filter -A INPUT -p TCP -s cache-ng.ovh.ca --dport 22 -j ACCEPT
iptables -t filter -A OUTPUT -p TCP -s cache-ng.ovh.ca --dport 22 -j ACCEPT

Check that the SSH port has not been customised.

If you have customised your SSH port, please specify which port you have chosen so that the administrator can log in.

Step 3: disable the key

Once the administrator has finished with the intervention, you can disable the SSH key. To do this, simply modify the file authorized_keys2 and add a comment (with #), as shown below:

cat /root/.ssh/authorized_keys2
>>> #from="XX.XX.XX.XX" ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIE.... support@cache-ng...
>>> #from="::ffff:XX.XX.XX.XX" ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIE.... support@cache-ng...

Go further

Introduction to SSH.

Join our community of users on https://community.ovh.com/en/.

These guides might also interest you...

Dedicated servers
Hardware Diagnostics