How to Add and Delete SSH Keys?
Managing secure access to your server is essential for keeping your systems protected and under control. If you’ve ever used a hosting provider’s web interface to change your SSH keys, you might have noticed that it often triggers a full server reinstall—completely wiping your data. Fortunately, there’s a much safer alternative. With just a few commands, you can manually change your SSH keys on a running server without reinstalling the system or losing any information.
This guide will walk you through how to add or remove SSH keys manually, using straightforward steps that work on Linux and BSD servers. Whether you’re working from a Linux, Mac, or Windows machine, we’ll cover everything you need to know. Plus, we’ll show you an alternative method that works from any workstation, giving you flexibility no matter your setup.
Prerequisites
- Before you get started, make sure the following requirements are met:
- You have an SSH key in OpenSSH format. If you don’t already have one, refer to our guide to creating an SSH key.
- Your server is running Linux or BSD.
- You’re working from a Linux, Mac, or Windows workstation.
How to Add an SSH Key to Your Server
From a Linux or Mac Workstation
Most Linux systems come with the ssh-copy-id utility pre-installed. On macOS, you can install it using Homebrew, MacPorts, or by downloading it manually with curl.
Use the following command to copy your SSH public key to the server:
ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
Replace ~/.ssh/id_rsa.pub with the actual path to your public key if it’s different.
Replace [email protected] with your server’s username and IP address or domain.
When you run the command, you’ll see output similar to this:
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/your_user/.ssh/id_rsa.pub" /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]’s password:
After entering your password, the utility installs the key and confirms:
Number of key(s) added: 1
Now try logging into the machine, with: “ssh ‘[email protected]′”
and check to make sure that only the key(s) you wanted were added.
From a Windows Workstation
Windows users can use a one-liner in PowerShell to copy their public key to the server. This command pipes your key into the remote server’s authorized_keys file:
type $env:USERPROFILE\.ssh\id_rsa.pub | ssh [email protected] "cat >> ~/.ssh/authorized_keys"
Make sure to adjust the file path if your key is stored under a different name.
Replace [email protected] with your actual server credentials.
Alternate Method (Works From Any Workstation)
If ssh-copy-id isn’t available or you prefer doing things manually:
SSH into your server:
ssh [email protected]
Open the authorized_keys file using a text editor:
nano ~/.ssh/authorized_keys
Copy your public key from your local machine and paste it into the file.
Save the file and exit the editor. Your new SSH key is now active.
How to Remove an SSH Key
There’s no automated way to remove SSH keys—you’ll need to do it manually. Here’s how:
SSH into your server:
ssh [email protected]
Open the authorized_keys file:
nano ~/.ssh/authorized_keys
Locate the line containing the public key you want to remove and delete it.
Save and close the file. That key will no longer be able to access your server.
Final Thoughts
Manually changing SSH keys on a running server is a smart and secure way to manage access without risking data loss. Avoiding automated tools that reinstall your server helps you maintain uptime and full control over your configuration.
Whether you’re rotating keys for security reasons, granting access to a team member, or just cleaning up unused credentials, these simple steps make it easy to manage SSH access from any workstation. Always remember to test your new key before removing the old one to prevent accidental lockouts.