When you set up a cloud provider, we ask you for the private key portion of your public key. This is not something you will normally see at other similar service providers. Other services place their own keys on your servers. We chose not to do this – we will never place any of our keys on your servers.
Our choice has a number of advantages – chief among them being that if one customers’ keys are compromised it does not affect other customers. If we placed our keys on your servers and our keys are compromised then all of our customer servers would be compromised. We’d rather not expose you to that risk.
Additionally, you can deny future access to your servers by simply revoking your key on the server. That’s a relatively simple process. If our keys were on your servers you’d have to remember to revoke those keys too. Also a simple process but yet an additional thing for you to remember. Its just better all around if all you had to worry about was your own keys.
Of course, the disadvantage means that you have to manage your keys. If this is the first time you’re dealing with key pairs it might seem daunting. Don’t worry though, it quickly gets easier.
All in all this means that in order for our systems to log in and manage the server on your behalf it uses the keys that you provide to us. If you use multiple server providers we strongly recommend that you use a different set of keys with each provider. So if you spin up servers at Digital Ocean and Linode, you’ll end up using two sets of keys.