CloudStick is a server control panel for developers and agencies that lets you manage cloud servers on AWS, DigitalOcean, Vultr, Linode, and Hetzner without using the command line. Plans start at $9/month — the Basic plan covers 1 server with unlimited websites; Pro at $19/month and Business at $49/month cover unlimited servers.

Will features I pay for ever get moved to a higher plan?

No. CloudStick is committed to keeping all features you currently pay for within your existing plan. New features may be added to higher tiers, but existing plan features will never be removed or require a forced upgrade.

What happens to my servers if I cancel CloudStick?

Your servers remain fully operational after cancellation. CloudStick does not host your servers — it manages them. If you cancel, you lose access to the CloudStick dashboard, but your servers continue running on your cloud provider.

Is there a free trial for CloudStick?

Yes. CloudStick offers a 7-day free trial on all paid plans with no credit card required. You can explore every feature and upgrade, downgrade, or cancel at any time during or after the trial.

SSH & ACCESS

June 24, 2026

How to Generate and Use SSH Keys (Mac, Windows, Linux)

9 min read

CloudStick Team

WordPress Engineer

Share this article

Generate and Use SSH Keys

Choosing the Right Key Type

Use Ed25519 for all new SSH keys. It produces shorter keys than RSA (256-bit vs 2048–4096 bit), connects faster, and is considered more secure against side-channel attacks. RSA 4096 is still fine if you need compatibility with very old servers or hardware tokens that don't support Edwards curves.

Avoid DSA (deprecated and broken), ECDSA (fine but Edwards curve Ed25519 is superior), and RSA below 2048 bits. If you have old RSA 1024-bit keys in production, rotate them immediately — they are considered crackable.

Generate Keys on Mac and Linux

Both macOS and Linux include OpenSSH by default. Open Terminal and run:

# Ed25519 (recommended)
ssh-keygen -t ed25519 -C "work-laptop-2026"
# RSA 4096 (for legacy compatibility)
ssh-keygen -t rsa -b 4096 -C "work-laptop-2026"
# Save to a custom path (useful for multiple keys):
ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519_digitalocean -C "do-server"
# View your public key (safe to share):
cat ~/.ssh/id_ed25519.pub
# Output: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5... work-laptop-2026

The -C flag sets a comment label — use it to identify which machine the key belongs to, not your email. When you have 10 authorized_keys entries, "work-laptop-2026" is far more useful for auditing than "user@machine".

Generate Keys on Windows

Windows 10 and 11 include OpenSSH. Open PowerShell (no admin required) and use the same ssh-keygen command:

# PowerShell — same command as Mac/Linux
ssh-keygen -t ed25519 -C "windows-laptop"
# Keys are saved to:
C:\Users\YourName\.ssh\id_ed25519
C:\Users\YourName\.ssh\id_ed25519.pub
# Print your public key:
type $env:USERPROFILE\.ssh\id_ed25519.pub
# For PuTTY users: import private key into PuTTYgen
# File > Load private key > Save as PuTTY .ppk format

Windows Subsystem for Linux (WSL): If you use WSL, generate keys inside the WSL environment (~/.ssh/ in Linux home). Keys stored in Windows (/mnt/c/Users/...) will have incorrect permissions and SSH will refuse to use them.

Add Your Key to the Server

Copy your public key to the server's ~/.ssh/authorized_keys file. The key must be on a single line with no line breaks:

# Easiest: ssh-copy-id
ssh-copy-id -i ~/.ssh/id_ed25519.pub ubuntu@203.0.113.10
# Manual: copy-paste the public key
# On server, run:
mkdir -p ~/.ssh && chmod 700 ~/.ssh
echo "ssh-ed25519 AAAA... your-label" >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
# Test immediately (from a NEW terminal):
ssh -i ~/.ssh/id_ed25519 ubuntu@203.0.113.10
# Debug with verbose output if it fails:
ssh -vvv -i ~/.ssh/id_ed25519 ubuntu@203.0.113.10 2>&1 | head -50

Managing Multiple Keys

If you manage multiple servers or have separate keys for work and personal use, the SSH agent saves you from specifying the key file on every connection. Add keys to the agent at login:

# Start the agent and add your key:
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_ed25519
ssh-add ~/.ssh/id_ed25519_work
# List loaded keys:
ssh-add -l
# macOS: add to keychain so it persists across reboots:
ssh-add --apple-use-keychain ~/.ssh/id_ed25519

CloudStick SSH Vault

CloudStick's SSH Vault stores public key references centrally in your account. When you add a new server, you choose which stored keys get added to authorized_keys during provisioning — no manual ssh-copy-id required.

The SSH Keys section in each server's panel shows which users have which keys authorized. Revoke access by removing a key from a user — the change takes effect immediately without touching the server directly. For agencies managing team access across dozens of servers, this centralized approach eliminates the manual key-sync problem that causes most accidental lockouts.

How to Secure SSH with Keys and Disable Password Login

Once your keys are generated, harden your server by disabling password authentication entirely in sshd_config.

How to Use SSH Config Files to Manage Multiple Servers

SSH config files let you assign key files, usernames, and ports per host so you connect with a single short alias.