Cassette
Guides

Managing SSH Keys

Add, remove, and organize SSH keys for team access

Managing SSH Keys

SSH keys in Cassette work at the account level - add them once, and they're automatically installed on all your instances.

Adding Keys

  1. Click the gear icon in the top right and select Account
  2. Click the SSH Keys tab
  3. Enter a descriptive name (e.g., Sarah's MacBook or GitHub Actions Deploy)
  4. Paste the public key (the one ending in .pub)
  5. Click Add Key

The key is immediately active on all your instances.

Getting Your Public Key

BASH 
# Ed25519 (recommended)
cat ~/.ssh/id_ed25519.pub

# Or RSA
cat ~/.ssh/id_rsa.pub

Copy the entire output - it should start with ssh-ed25519 or ssh-rsa.

Naming Keys Properly

Use names that will make sense in 6 months:

Good: Jordan's 2024 MacBook Pro, GitHub Actions Deploy, Sarah - Work Laptop

Bad: id_ed25519, my key, laptop

Team Access

Adding a Team Member

  1. Ask them for their public key (never the private key)
  2. Add it in Account → SSH Keys tab with their name
  3. Done - they can now ssh cassette@INSTANCE_IP

Removing a Team Member

  1. Go to Account → SSH Keys tab
  2. Find their key and click Remove
  3. Confirm

Access revoked across all instances within seconds.

CI/CD Deploy Keys

Create a dedicated key pair with no passphrase:

BASH 
ssh-keygen -t ed25519 -C "github-actions-deploy" -f ~/.ssh/github_deploy

Add the public key to Cassette, then add the private key to your CI secrets. Never commit it.

Best practices:
- One key per CI system (GitHub Actions, GitLab CI, etc.)
- No passphrase for automated systems
- Rotate annually

Key Rotation

Every 6-12 months:

  1. Generate new key
  2. Add new key to Cassette
  3. Test SSH access with new key
  4. Remove old key

Both keys work during the transition - zero downtime.

Troubleshooting

Permission denied after adding key

  1. Wait 10 seconds for propagation
  2. Verify you're using cassette@IP not root@IP
  3. Check you're using the right key: ssh -i ~/.ssh/id_ed25519 cassette@IP
  4. Confirm it's in Account → SSH Keys tab

Key already exists

Each key can only be added once. Generate a new key if needed.

Security Notes

✓ Use Ed25519 keys (shorter, more secure)
✓ Use passphrases on personal keys
✓ Remove keys when team members leave
✓ Never share private keys

✗ Don't reuse keys across services
✗ Don't commit keys to repositories
✗ Don't skip key rotation

Related Guides

Previous
Web Console
Next
Firewall Configuration