Common VPS task

How to connect to a VPS with SSH keys

SSH keys should be set before the server becomes public infrastructure. This guide covers key creation, first login, sudo users, and lockout checks.

Use this as a focused checklist for one common hosting task. The larger setup guides still cover full-site and full-server builds.

Difficulty
Beginner to intermediate
Time
15 to 45 minutes
Images
4 official examples

1. Create an SSH key on your computer

Use an Ed25519 key unless your provider or old software requires RSA. The public key goes to the VPS provider. The private key stays on your computer.

ssh-keygen -t ed25519 -C "[email protected]"
# Public key to upload:
type $env:USERPROFILE\.ssh\id_ed25519.pub
Warning

Never paste the private key into a hosting panel, ticket, chat, or document. Upload only the .pub file content.

2. Upload the public key before creating the server

Most providers let you add the SSH key during server creation. That's cleaner than creating the VPS with password login and fixing access later.

DigitalOcean SSH key setup section
DigitalOcean production Droplet setup: SSH key access should be created before the server becomes production infrastructure.
Hetzner creating a server documentation
Hetzner create a server: The server creation flow is where image, location, resources, SSH key, and firewall choices start.

3. Connect for the first time

ssh root@SERVER_IP
# If using a named key:
ssh -i $env:USERPROFILE\.ssh\id_ed25519 root@SERVER_IP
Hetzner connect to server documentation
Hetzner connect to server: Record the login method and initial IP address before changing firewall rules.
Hetzner SSH commands documentation
Hetzner connect to server: Keep SSH access tested from a second terminal before closing the first session.

4. Add a sudo user and test before closing root

adduser deploy
usermod -aG sudo deploy
rsync --archive --chown=deploy:deploy ~/.ssh /home/deploy
ssh deploy@SERVER_IP
sudo whoami
Second login

A new terminal can log in as the sudo user.

Sudo

`sudo whoami` returns root for the new user.

Root session

The original root session stays open during testing.

Firewall

SSH is allowed before changing firewall rules.

Official sources checked

DigitalOcean production Droplet setup

Used for SSH key and production setup sequence.

Hetzner create a server

Used for SSH key placement during server creation.

Hetzner connect to server

Used for first-login and command examples.

© 2026 WebHostWatch. We may earn affiliate commissions from links. Recommendations remain editorially independent.