clouder ssh-key
Manage SSH keys — both local keys and keys registered with your cloud provider. SSH keys are used for authenticating to VMs created by Clouder.
Commands
clouder ssh-key create
Create an SSH key pair locally and register it with the cloud provider when supported.
clouder ssh-key create <name> [OPTIONS]
| Argument | Description |
|---|---|
name (required) | Name for the SSH key |
| Option | Short | Description |
|---|---|---|
--type | -t | Key type: ed25519 (default), rsa |
--region | -r | AWS region for key pair import (AWS only) |
The key pair is generated locally in ~/.ssh/ using ssh-keygen.
- AWS context: imports the public key as an EC2 key pair (
import-key-pair). - OVH context: registers the public key in OVH cloud keys.
- Azure context: keeps keys local (Azure has no account-level SSH key registry).
Example:
clouder ssh-key create my-key
clouder ssh-key create my-key -t rsa
clouder ssh-key ls
List SSH keys (both local and cloud-registered where available).
clouder ssh-key ls
AWS region override:
clouder ssh-key ls --region us-east-1
Shows two tables:
- Local keys from
~/.ssh/with their paths. - Cloud keys registered with the current provider:
- AWS: EC2 key pairs (name, fingerprint)
- OVH: cloud SSH keys (id, name, fingerprint, public key)
- Azure: local keys only
clouder ssh-key set-current
Set or clear the default SSH key used for all commands.
clouder ssh-key set-current
Lists the SSH keys available in ~/.ssh/ and asks you to pick one as the default. You can also choose (clear default) to unset it. The selection is stored in ~/.clouder/clouder.yaml and automatically used by:
clouder sshclouder kubeadm setup,enable-ingress-nginx,smoke-test, etc.
An explicit --key/-i flag on any command still takes priority.
Example:
clouder ssh-key set-current
# SSH keys:
# 1. ci-cd (current default)
# 2. id_ed25519
# 3. (clear default)
# Select SSH key number or type key name [1]:
clouder ssh-key download
Save a private key to ~/.ssh/ with correct permissions (600).
clouder ssh-key download <name> [OPTIONS]
| Argument | Description |
|---|---|
name (required) | Name to save the key as (e.g. my-server) |
| Option | Short | Description |
|---|---|---|
--key | -k | Private key content or path to a file containing it |
If --key is not provided, you'll be prompted to paste the key content interactively.
Example:
# From a file
clouder ssh-key download my-server --key /path/to/downloaded-key.pem
# Paste interactively
clouder ssh-key download my-server
Notes
- During
clouder vm create, you can pick from existing local keys or generate a new one. - Use
clouder ssh-key set-currentto avoid being prompted for a key every time. The stored default is used whenever no explicit key is provided and no cluster-specific key exists. - Keys generated during VM creation are named
<vm-name>-key. clouder sshauto-detects keys matching<vm-name>-keyin~/.ssh/.