Sail Knowledgebase

Managing SSH Keys with Sail CLI

In this article you will learn how to list, add and remove SSH keys from your Sail CLI production server.

If you like Sail, don't forget to give us a star on GitHub!

Using passwords to login to SSH is insecure and not recommended, especially as the root user. SSH keys are a much better option.

When provisioning a server with sail, a new SSH key is generated automatically, and placed in the .sail directory along with its public key. This key is used automatically for any interactions done through the Sail CLI.

However, you may sometimes need to work with your server outside of the Sail CLI context, and while you can still use that generated key, it is often convenient to use your own SSH keys.

Adding a new SSH key

To add a new SSH key, run:

sail ssh key add path/to/key.pub

This will add the specified SSH public key to the .ssh/authorized_keys file for the root user on the production server. You can also add SSH keys from a GitHub URL:

sail ssh key add https://github.com/username.keys

This will read all the public keys from username's GitHub profile and add them to the Sail server's authorized_keys file.

List existing authorized_keys

To get a list of existing authorized keys, run:

sail ssh key list

This will display a list of MD5 fingerprints of all public keys authorized to login as the root user on the server. You may use the fingerprints to compare keys to one another, or perhaps remove one.

Deleting SSH keys

To delete an SSH key from the authorized_keys file, run:

sail ssh key delete HASH

Where HASH is the MD5 fingerprint of a key you wish to delete.

If you're having trouble with SSH key management in Sail, please refer to our getting help section.