Tiller
/
Sign in Get Started

SSH Keys

SSH keys provide secure, password-less access to your servers. This guide explains what SSH keys are, why you need them, and how to add them to Tiller.

What are SSH Keys?

SSH keys are a pair of cryptographic keys used to authenticate when connecting to servers. They consist of:

  • Private key - Stays on your local machine (never share this)
  • Public key - Installed on servers you want to access

When you connect to a server, the server uses your public key to verify your private key, granting you access without requiring a password.

Why Use SSH Keys?

SSH keys offer several advantages over password authentication:

  • More Secure - Keys are much harder to brute-force than passwords
  • More Convenient - No need to type passwords every time you connect
  • Better for Automation - Scripts and tools can authenticate without user interaction
  • Easier Revocation - You can remove a key from a server without changing passwords

Do I Need an SSH Key?

SSH keys are optional for Tiller. You can use the web-based terminal in your browser without SSH keys.

However, SSH keys are recommended if you want to:

  • Connect to your server from your local terminal (e.g., ssh tiller@your-server.tiller.sh)
  • Use tools like scp or rsync to transfer files
  • Access your server from scripts or automation tools
  • Use your preferred local terminal instead of the web interface

Checking for Existing Keys

Before creating a new key, check if you already have one: 

ls -la ~/.ssh/id_*.pub

If you see files like id_ed25519.pub or id_rsa.pub, you already have a key and can skip to adding it to Tiller.

Creating a New SSH Key

macOS & Linux

Open your terminal and run: 

ssh-keygen -t ed25519 -C "your_email@example.com"

When prompted:

  1. Press Enter to accept the default file location
  2. Enter a passphrase (recommended but optional)
  3. Confirm the passphrase

Windows

Open PowerShell and run: 

ssh-keygen -t ed25519 -C "your_email@example.com"

Follow the same prompts as macOS/Linux above.

Finding Your Public Key

After creating a key, display your public key: 

cat ~/.ssh/id_ed25519.pub

This will output something like: 

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAbcd1234... your_email@example.com

Copy the entire line—this is your public key.

Adding Your Key to Tiller

  1. Log in to your Tiller account
  2. Navigate to SettingsSSH Keys
  3. Click Add SSH Key
  4. Give your key a name (e.g., "MacBook Pro" or "Work Laptop")
  5. Paste your public key into the text field
  6. Click Save

Your SSH key will automatically be added to any new servers you create. For existing servers, you can add keys from the server's detail page.

Connecting to Your Server

Once your key is added to a server, connect using: 

ssh tiller@your-server.tiller.sh

Replace your-server.tiller.sh with your server's actual subdomain (found on the server detail page).

Troubleshooting

Permission Denied

If you get "Permission denied (publickey)", check:

  • Your public key is added to Tiller
  • The key is added to the specific server
  • You're using the correct username (tiller)
  • Your private key permissions are correct: chmod 600 ~/.ssh/id_ed25519

Wrong Key Format

Make sure you're copying the public key (id_ed25519.pub), not the private key (id_ed25519). Public keys start with ssh-ed25519 or ssh-rsa.

Security Best Practices

  • Never share your private key - Only add public keys to servers
  • Use a passphrase - Adds an extra layer of security
  • Use modern key types - Prefer ed25519 over older rsa keys
  • Keep backups - Store your private key securely (password manager, encrypted backup)
  • Revoke old keys - Remove keys from servers when you no longer need them