SSH & Key Management
Add servers, generate SSH keys, and manage who can log in, all with no terminal commands.
CtrlOps handles two related things in one place: connecting to your servers (the Home page), and managing who can log in once you're connected (the SSH Management tab inside a server). Both work without ever asking you to remember an ssh command.
What you can do here
- Add a new server with a password or a
.pemkey. - Generate an SSH key pair on your local machine and copy the public key to the server.
- Add or revoke authorized keys on the server.
- Test connections before saving.
- Import or export your saved server list as a JSON backup.
Add a new server connection
This is what you do the very first time, on the Home page.
Open the Add Connection form
Open app → Click New Connection (top right)
A modal opens with two tabs: SSH-based Connection and .pem Key-based Connection.
Fill in the basics (both tabs)
| Field | What to enter |
|---|---|
| Server Name (optional) | A friendly name like Production API. Helps when you have many servers. |
| IP Address | The server's IP or hostname, e.g. 192.168.1.10 or api.yoursite.com |
| Username | The Linux user to log in as, e.g. ubuntu, root, ec2-user |
Pick your auth method
For password-based servers:
Stay on the SSH-based Connection tab. Toggle on Use password authentication. A password field appears.
| Field | What to enter |
|---|---|
| Password | Your SSH password. Click the eye icon to confirm what you typed. |
| Remember password | Check it to save the password (encrypted). Leave it unchecked to be prompted every time. |
For key-based servers (most cloud VMs):
Switch to the .pem Key-based Connection tab.
| Action | What it does |
|---|---|
| Select .pem Key File | Opens a file picker. Pick the private key file you downloaded from AWS, GCP, etc. |
| Manual path input | Or paste the full path to the key file if you know it. |
Test and save
Click Connect SSH (or Connect with .pem)
A spinner shows "Connecting to server...". CtrlOps tries to actually log in. After 5 seconds, you'll see a "Taking longer than usual" note if the server is slow.
If the connection works, the server is saved and you land in Instance Details straight away. If something fails, you'll see "Connection Failed" with the error and a list of things to check, fix the input and try again.
Windows servers are not supported. If you point CtrlOps at a Windows machine, you'll see "Windows Server Not Supported" with the list of OSes that work (Ubuntu, Debian, CentOS, RHEL, Fedora, Amazon Linux).
Manage your saved servers
Each saved server appears as a card on the Home page.
| Card element | What it shows / does |
|---|---|
| Server name | Bold heading. If you didn't set a name, the IP shows here. |
| Username and IP | Gray text in the form username@ip |
| Last connected | Small timestamp |
| Connect (play icon) | Tests the connection then opens Instance Details |
| Edit (pencil icon) | Opens the same form pre-filled, so you can change details |
| Delete (red trash icon) | Asks "Are you sure to delete this connection?". Click Yes to remove it. |
Connect with a "remember password" off
If you saved a connection without ticking Remember password, CtrlOps prompts you each time.
Click the server card → Password modal opens → Type the password → Click Connect
You'll see the server name at the top of the modal so you know which password is being asked for. Tick Remember password in this modal if you want to skip it next time.
Set up SSH keys for the first time (the wizard)
If you've never used SSH before, the wizard walks you through generating a key on your computer and copying the public part onto the server.
Open the wizard
Click SSH Setup (top right of Home, gear icon)
The wizard has three steps with a progress indicator at the top.
SSH installation check
CtrlOps checks if ssh is installed on your computer. If yes, you'll see the version and path. If no, you'll see install instructions for Mac, Windows, and Linux. Follow them, then click Check Again.
When SSH is found, click Next: Check SSH Keys.
SSH key setup
If you already have keys, they're listed with a Copy Public Key button next to each one. Skip ahead.
If you don't have keys, fill the small form:
| Field | What to enter |
|---|---|
| Key Type | Ed25519 (Recommended) by default, or RSA 4096 if your server only supports older keys |
| Email (Optional) | Used as a comment in the key file, only for your own bookkeeping |
Click Generate SSH Key → Wait for the success toast
The key is saved on your computer in the standard location (~/.ssh/). Click Next: Add to Server.
Add the public key to the server
Three methods are shown.
| Method | When to use it |
|---|---|
Method 1 (Recommended): Run ssh-copy-id username@server-ip from your terminal | When you can already log in with a password |
Method 2: Manually append to ~/.ssh/authorized_keys | When you have shell access via another tool |
| Method 3: Add through your cloud provider dashboard | First-time setup on AWS, GCP, etc. |
A "Detailed Setup Instructions" section expands to show exact commands for each method. Click Copy Key to copy the public key to your clipboard, then paste it wherever the method needs it.
Click Complete Setup to close the wizard. You can now use the key when adding a connection.
Manage authorized keys on a server (SSH Management tab)
Inside a connected server, the SSH Management tab is where you control who can log in.
Open app → Click your server → Click the SSH Management tab
You'll see a stat row at the top with four counters: Registry (total), ED25519 (secure), RSA (standard), Access (other types). Below that is the Registry Governance card showing the user being managed, plus the keys table.
Add an authorized key
Open the Add Key form
Click Add Key (top right of the Registry Governance section)
A modal opens titled Add SSH Key.
Paste the public key
The single field is labelled Public Key Payload with placeholder "Paste one or more OpenSSH keys here".
Paste the contents of a .pub file. You can paste several keys at once (one per line). A pulse-dot indicator shows "N Keys Detected, all will be added" as you paste.
Save
Click Add Key (or Add N Keys for multiple)
A toast confirms "Key added". The new key appears in the table immediately with a "SYNCING" label until the server confirms.
Only the public half of a key pair goes here. It's the file ending in .pub. Never paste a private key into this field.
See your existing keys
The keys table has four columns:
| Column | What it shows |
|---|---|
| Name / Identity | The key's comment or "Unnamed Signature" if blank |
| Signature | Type badge (ED25519 in green, RSA in blue) |
| Public Key Identity | The key string, blurred by default. Hover for the "CLICK TO REVEAL" tooltip, click to show full key. |
| Actions | Copy and Revoke buttons |
Copy a key
Click the Copy icon in the Actions column
A toast confirms "Key copied to clipboard". Useful when you want to add the same key to another server.
Revoke a key (remove access)
Click Revoke (red trash icon) on the row
A confirmation pops up titled "Revoke Key Access?" with the warning "This will immediately terminate target login signature."
Confirm
Click Revoke Now
The key is removed from the server's authorized_keys file immediately. The user with that key can no longer log in.
Revoking takes effect right away. Make sure you still have at least one other working key, or password access, before revoking the key you're currently using to connect, otherwise you'll lock yourself out.
Backup your saved servers
Useful when you switch computers or want a backup.
Export
Open app → Click the three-dot menu (top right) → Export
A save dialog opens with the default name ctrlops_servers_backup_YYYY-MM-DD.json. The file contains all your saved connections, including any saved passwords and key paths.
The export includes saved passwords. Treat the JSON file like a password file: store it securely.
Import
Three-dot menu → Import → Pick a JSON file
CtrlOps adds new connections and skips duplicates (matched by username, IP, port). You'll see a toast like "Import complete! Added 5 new servers, 2 duplicates skipped".
Tips
Prefer Ed25519 keys for new setups. They're shorter, faster, and at least as secure as RSA 4096.
Add a meaningful comment when generating a key (the Email field). When you have keys from several machines on a server, the comment is the only way to tell them apart.
Always test a new key by opening a fresh CtrlOps connection in another window before revoking the one you're using. If something is wrong, you still have a way in.