Setting Up SSH Key Authentication and Mount Hertzner Storage Box In Proxmox Backup Server
This guide explains how to set up SSH key authentication for your Hetzner Storage Box, configure subuser access, and automate the mounting of the storage box locally for seamless use.
Generating an SSH Key Pair
SSH keys allow secure, passwordless authentication. To create a new SSH key, open a terminal and run:
ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519 -N ""This generates two files:
- The private key:
~/.ssh/id_ed25519 - The public key:
~/.ssh/id_ed25519.pub
Uploading the Public Key to the Storage Box
For the main user, the easiest way to install the public key is by using Hetzner’s install-ssh-key script. Run:
cat ~/.ssh/id_ed25519.pub | ssh -p23 u123456@u123456.your-storagebox.de install-ssh-keyReplace u123456 with your Hetzner Storage Box username and u123456.your-storagebox.de with your Storage Box hostname. Enter your password when prompted. This installs the key in both RFC4716 (port 22) and OpenSSH (port 23) formats.
If the automated method doesn’t work, convert the public key to RFC4716 format using:
ssh-keygen -e -f ~/.ssh/id_ed25519.pub > ~/.ssh/id_ed25519_rfc.pubThen, upload the keys manually:
sftp -P23 u123456@u123456.your-storagebox.de
mkdir .ssh
chmod 700 .ssh
put ~/.ssh/id_ed25519.pub .ssh/authorized_keys
put ~/.ssh/id_ed25519_rfc.pub .ssh/authorized_keys_rfc
chmod 600 .ssh/authorized_keys .ssh/authorized_keys_rfc
exitTesting SSH Key Authentication
Verify that you can log in to the Storage Box without a password. Test port 23 (OpenSSH format):
ssh -p23 -i ~/.ssh/id_ed25519 u123456@u123456.your-storagebox.deTest port 22 (RFC4716 format):
ssh -p22 -i ~/.ssh/id_ed25519 u123456@u123456.your-storagebox.deBoth should connect without prompting for a password.
Configuring Subusers
Hetzner subusers have their own hostnames and usernames, for example:
- Host:
u123456-sub1.your-storagebox.de - Username:
u123456-sub1
To set up SSH key authentication for a subuser, run:
cat ~/.ssh/id_ed25519.pub | ssh -p23 u123456-sub1@u123456-sub1.your-storagebox.de install-ssh-keyThen test the connection:
ssh -p23 -i ~/.ssh/id_ed25519 u123456-sub1@u123456-sub1.your-storagebox.deMounting the Storage Box Locally
Install SSHFS if it’s not already installed:
apt update && apt install -y sshfs sshpassCreate a mount point:
mkdir -p /mnt/hetzner-backupMount the Storage Box:
sshfs -p23 -o IdentityFile=/root/.ssh/id_ed25519,allow_other,reconnect u123456@u123456.your-storagebox.de:/ /mnt/hetzner-backupVerify the mount:
df -h /mnt/hetzner-backupTo mount a subuser directory, replace the username and hostname:
sshfs -p23 -o IdentityFile=/root/.ssh/id_ed25519,allow_other,reconnect u123456-sub1@u123456-sub1.your-storagebox.de:/ /mnt/subuser-backupAutomating the Mount
To ensure the Storage Box mounts automatically after a reboot, add it to /etc/fstab. Open the file:
nano /etc/fstabAdd this line for the main user:
u123456@u123456.your-storagebox.de:/ /mnt/hetzner-backup fuse.sshfs IdentityFile=/root/.ssh/id_ed25519,_netdev,allow_other,reconnect 0 0For a subuser, add:
u123456-sub1@u123456-sub1.your-storagebox.de:/ /mnt/subuser-backup fuse.sshfs IdentityFile=/root/.ssh/id_ed25519,_netdev,allow_other,reconnect 0 0Test the configuration:
systemctl daemon-reloadmount -a
df -hTroubleshooting
If the storage size appears incorrect or the mount is read-only, ensure you are mounting the correct path (/). Verify the permissions of the .ssh directory and keys:
chmod 700 .ssh
chmod 600 .ssh/authorized_keysIf SSH key authentication fails, re-upload the key and test with:
ssh -vvv -p23 -i ~/.ssh/id_ed25519 u123456@u123456.your-storagebox.deFor subuser issues, confirm the subuser is correctly configured in Hetzner’s management interface.
Conclusion
This guide helps you set up SSH key authentication, configure subuser access, and mount your Hetzner Storage Box locally. Once set up, you’ll have a secure and automated way to manage your storage. If you encounter any issues, feel free to reach out! 🚀
