Granting Support Access
Overview
Granting Support Access lets the Hypervisor support team SSH into your server when they need to investigate something. Instead of you copying our SSH public key by hand, a one-line curl ... | bash script does it for you. The same script can remove the key when you are done, take a backup of ~/.ssh/authorized_keys first, or check whether the key is currently installed.
The script does not stay on disk after it runs. There is nothing to uninstall.
Concepts
- SSH is the standard secure-shell protocol used to log in to Linux servers from the command line.
- Authorized keys file is
~/.ssh/authorized_keys. It lists the public keys that are allowed to log in to the current user account. Adding our public key to this file is what grants us access; removing it revokes us. - Support key is the SSH public key the Hypervisor support team uses. The script downloads it over HTTPS and verifies its SHA-256 checksum before installing it, so a tampered key cannot land on your server.
Commands
Run any of these directly from your management server's shell:
| Command | Description |
|---|---|
curl -sSL https://packages.hypervisor.io/tools/hv_support.sh | bash -s -- add | Install the support key |
curl -sSL https://packages.hypervisor.io/tools/hv_support.sh | bash -s -- remove | Remove the support key |
curl -sSL https://packages.hypervisor.io/tools/hv_support.sh | bash -s -- check | Check if the key is installed |
curl -sSL https://packages.hypervisor.io/tools/hv_support.sh | bash -s -- backup | Back up authorized_keys |
How it works
- The script lives only on Hypervisor's HTTPS CDN. There is no local file to manage.
- It verifies the downloaded payload via SHA-256 checksum and backs up your existing
authorized_keysbefore touching it. - Nothing is left on disk after the script finishes.
Admin steps
1. Grant temporary support access
curl -sSL https://packages.hypervisor.io/tools/hv_support.sh | bash -s -- add
What this does:
- Downloads and verifies the key over HTTPS.
- Appends it to
~/.ssh/authorized_keys. - Prints success or failure.
2. Revoke support access
curl -sSL https://packages.hypervisor.io/tools/hv_support.sh | bash -s -- remove
Guarantees:
- Takes a backup of
authorized_keysfirst. - Removes only the Hypervisor key. Your own keys are untouched.
3. Check current status
curl -sSL https://packages.hypervisor.io/tools/hv_support.sh | bash -s -- check
Outputs either "Hypervisor support key IS installed" or "Hypervisor support key NOT installed".
4. Manual backup
curl -sSL https://packages.hypervisor.io/tools/hv_support.sh | bash -s -- backup
Backup location:
~/.ssh/hypervisor_backups/authorized_keys_YYYYMMDD_HHMMSS
Why this is safe
- HTTPS-only transport. No unencrypted downloads.
- SHA-256 checksum verification of the downloaded key.
- No persistence. The script does not leave anything on disk.
Troubleshooting
Permission errors
The script can fail if your SSH directory has wrong permissions. Fix them with:
chmod 700 ~/.ssh && chmod 600 ~/.ssh/authorized_keys
Still having problems
The script ships a built-in help mode:
curl -sSL https://packages.hypervisor.io/tools/hv_support.sh | bash -s -- help
Best practices
- Always run
removeonce a support session is finished. - Periodically audit
~/.ssh/hypervisor_backups/and delete old backups. - Run
checkbefore manually editingauthorized_keysso you do not accidentally double-add or delete the key.