Coolify Docs

Appearance

OpenSSH ​

Coolify uses SSH to connect to your server and deploy your applications. This is true even when using the localhost server where Coolify is running.

You have to configure SSH properly for Coolify to be able to access your servers.

Methods to setup ​

There are two ways to setup OpenSSH

IMPORTANT!

The SSH key must not have a passphrase or 2FA enabled for the user used to run the Coolify installation script or the SSH connection will fail.

Semi-automatic setup ​

1. Install OpenSSH Server ​

bash
apt update && apt install -y openssh-server
systemctl enable --now ssh

2. Configure SSH ​

  1. Edit SSH config:
bash
nano /etc/ssh/sshd_config
  1. Make these settings options:
ssh
PubkeyAuthentication yes
PermitRootLogin prohibit-password
Note

The PermitRootLogin option can be set to yes, without-password, or prohibit-password. For enhanced security, we recommend using prohibit-password.

IMPORTANT!

Make sure to add your SSH keys to the ~/.ssh/authorized_keys file before setting PermitRootLogin to prohibit-password, otherwise you may lock yourself out of the server.

  1. Restart SSH:
bash
systemctl restart ssh

Manual Setup ​

Note

The following steps are handled automatically by the Coolify installation script. Manual configuration is only needed if the automatic setup fails.

1. Install OpenSSH Server ​

bash
apt update && apt install -y openssh-server
systemctl enable --now ssh

2. Configure SSH ​

  1. Edit SSH config:
bash
nano /etc/ssh/sshd_config
  1. Make these settings options:
ssh
PubkeyAuthentication yes
PermitRootLogin prohibit-password
Note

The PermitRootLogin option can be set to yes, without-password, or prohibit-password. For enhanced security, we recommend using prohibit-password.

IMPORTANT!

Make sure to add your SSH keys to the ~/.ssh/authorized_keys file before setting PermitRootLogin to prohibit-password, otherwise you may lock yourself out of the server.

  1. Restart SSH:
bash
systemctl restart ssh

3. Generate SSH Key for Coolify ​

Run the following commands on the server:

  1. Generate SSH Key
bash
ssh-keygen -t ed25519 -a 100 \
  -f /data/coolify/ssh/keys/[email protected] \
  -q -N "" -C root@coolify
  1. Change ownership:
bash
chown 9999 /data/coolify/ssh/keys/[email protected]

4. Authorize the Public Key ​

  1. Add public key to authorized_keys file:
bash
mkdir -p ~/.ssh
cat /data/coolify/ssh/keys/[email protected] >> ~/.ssh/authorized_keys
  1. Change permissions:
bash
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

5. Add private key to Coolify ​

  1. Copy the content of private key:
bash
# This command will show you the content of the Private key, you have to copy the content manually
cat /data/coolify/ssh/keys/[email protected]
  1. Login to your Coolify dashboard and Add a new private key

On private key input field you have to paste the private key you copied on previous step:

  1. Navigate to the Servers tab and click on the localhost server
  1. Navigate to "Private key" page and select the Private key you added in the previous step.

6. Validate Server ​

Navigate to "General" page and Click Validate Server & Install Docker Engine.

Once finished, you should see a green Proxy Running status indicating everything is set up.