Overview

Xelon HQ provides two primary methods for accessing your virtual machines: the browser-based web console and SSH key-based authentication. The web console offers direct access to the VM's display output, equivalent to connecting a monitor and keyboard. SSH keys provide secure, passwordless remote access over the network.

Web Console

The web console provides a VNC-like interface directly in your browser. It is available for all VMs regardless of their network configuration or SSH setup, making it the reliable fallback when network access is unavailable.

Opening the Web Console

1. Navigate to the device detail page from Virtual Datacenter > All Devices and select the device.
2. Click the Open HTML5 Console button.
3. A new browser window opens with the console session.
4. Log in using the VM's local credentials (set during OS installation or template provisioning).

Renewing a Console Session

Console sessions have a time-limited token for security. If your session expires or becomes unresponsive:

1. Close the current console tab.
2. Return to the VM detail page.
3. Click Open HTML5 Console again to generate a new session token.

Session tokens are single-use and scoped to the requesting user. Sharing the console URL with others will not grant them access.

Console Keyboard Shortcuts

SSH Key Management

SSH keys allow you to authenticate to Linux VMs without a password. Xelon HQ maintains a library of SSH public keys that can be injected into VMs during creation.

Adding an SSH Key

1. Open a device from Virtual Datacenter > All Devices, then click the SSH keys tab.
2. Choose whether to create a new key or connect an existing key from your account.
3. For a new key: enter a descriptive name (e.g., "Work Laptop" or "CI/CD Pipeline") and paste the contents of your public key file (typically ~/.ssh/id_rsa.pub or ~/.ssh/id_ed25519.pub).
4. For an existing key: select the key from the dropdown list.
5. Click Save.

The SSH key will be added to the root user on the device. Note that password authentication remains active and must be disabled manually if desired.

Xelon HQ supports the following key types:

• RSA — 2048-bit minimum, 4096-bit recommended.
• Ed25519 — Recommended for new deployments. Shorter keys with equivalent security.
• ECDSA — Supported for compatibility with existing key pairs.

To generate a new Ed25519 key pair:

ssh-keygen -t ed25519 -C "your_email@example.com"

Removing an SSH Key

To remove an SSH key from a device:

1. Open a device from Virtual Datacenter > All Devices, then click the SSH keys tab.
2. Click Delete next to the key you want to remove.
3. Check the confirmation checkbox and enter your password to confirm the deletion.

Adding SSH Keys During VM Creation

When creating a new Linux VM, the creation wizard includes an SSH Keys step:

1. In the SSH Keys step, select one or more keys from your account's key library.
2. The selected public keys are automatically added to the default user's ~/.ssh/authorized_keys file during provisioning.
3. After the VM boots, you can connect immediately using the corresponding private key:

ssh -i ~/.ssh/id_ed25519 user@vm-ip-address

Best Practices for SSH Security

• Use Ed25519 keys — Ed25519 keys offer strong security with shorter key lengths and faster operations compared to RSA.
• Protect your private key — Never share your private key. Use a strong passphrase to encrypt it on disk.
• Disable password authentication — After confirming SSH key access works, disable password-based SSH login in the VM's /etc/ssh/sshd_config by setting PasswordAuthentication no.
• Use unique keys per device — Generate a separate key pair for each workstation or CI/CD system. This allows you to revoke access for a single device without affecting others.
• Rotate keys periodically — Replace SSH keys on a regular schedule (e.g., annually) and remove unused keys from both your Xelon HQ account and the VMs.
• Restrict root login — Disable direct root SSH access by setting PermitRootLogin no in the SSH configuration. Use sudo for privileged operations.