Skip to main content

Granting Support Access

Overview

Granting Support Access lets the Hypervisor support team SSH into your server when they need to investigate something. Instead of you copying our SSH public key by hand, a one-line curl ... | bash script does it for you. The same script can remove the key when you are done, take a backup of ~/.ssh/authorized_keys first, or check whether the key is currently installed.

The script does not stay on disk after it runs. There is nothing to uninstall.

Concepts

  • SSH is the standard secure-shell protocol used to log in to Linux servers from the command line.
  • Authorized keys file is ~/.ssh/authorized_keys. It lists the public keys that are allowed to log in to the current user account. Adding our public key to this file is what grants us access; removing it revokes us.
  • Support key is the SSH public key the Hypervisor support team uses. The script downloads it over HTTPS and verifies its SHA-256 checksum before installing it, so a tampered key cannot land on your server.

Commands

Run any of these directly from your management server's shell:

CommandDescription
curl -sSL https://packages.hypervisor.io/tools/hv_support.sh | bash -s -- addInstall the support key
curl -sSL https://packages.hypervisor.io/tools/hv_support.sh | bash -s -- removeRemove the support key
curl -sSL https://packages.hypervisor.io/tools/hv_support.sh | bash -s -- checkCheck if the key is installed
curl -sSL https://packages.hypervisor.io/tools/hv_support.sh | bash -s -- backupBack up authorized_keys

How it works

  1. The script lives only on Hypervisor's HTTPS CDN. There is no local file to manage.
  2. It verifies the downloaded payload via SHA-256 checksum and backs up your existing authorized_keys before touching it.
  3. Nothing is left on disk after the script finishes.

Admin steps

1. Grant temporary support access

curl -sSL https://packages.hypervisor.io/tools/hv_support.sh | bash -s -- add

What this does:

  • Downloads and verifies the key over HTTPS.
  • Appends it to ~/.ssh/authorized_keys.
  • Prints success or failure.

2. Revoke support access

curl -sSL https://packages.hypervisor.io/tools/hv_support.sh | bash -s -- remove

Guarantees:

  • Takes a backup of authorized_keys first.
  • Removes only the Hypervisor key. Your own keys are untouched.

3. Check current status

curl -sSL https://packages.hypervisor.io/tools/hv_support.sh | bash -s -- check

Outputs either "Hypervisor support key IS installed" or "Hypervisor support key NOT installed".

4. Manual backup

curl -sSL https://packages.hypervisor.io/tools/hv_support.sh | bash -s -- backup

Backup location:

~/.ssh/hypervisor_backups/authorized_keys_YYYYMMDD_HHMMSS

Why this is safe

  • HTTPS-only transport. No unencrypted downloads.
  • SHA-256 checksum verification of the downloaded key.
  • No persistence. The script does not leave anything on disk.

Troubleshooting

Permission errors

The script can fail if your SSH directory has wrong permissions. Fix them with:

chmod 700 ~/.ssh && chmod 600 ~/.ssh/authorized_keys

Still having problems

The script ships a built-in help mode:

curl -sSL https://packages.hypervisor.io/tools/hv_support.sh | bash -s -- help

Best practices

  • Always run remove once a support session is finished.
  • Periodically audit ~/.ssh/hypervisor_backups/ and delete old backups.
  • Run check before manually editing authorized_keys so you do not accidentally double-add or delete the key.