Coding Agent Guide Package

Guide 02

Give a coding agent safe server access with SSH keys

SSH keys make it possible to grant access without sharing passwords. The customer installs the public key; the private key is never shared.

Public key and private key

An SSH key has two parts. The public key can be added to the server to grant access. The private key must remain secret and should never be sent in chat, email, or support tickets.

Important: a serious agent or developer does not need server passwords or private SSH keys. Access should be granted by authorizing a public key on the server.

Recommended process

  1. Clarify which server and project the agent will work on.
  2. Create or use a dedicated server user with only the needed permissions.
  3. Add the public key to the server.
  4. Test that login works before larger work starts.
  5. Remove the key when the project is finished or access is no longer needed.

Good access hygiene

  • Grant access only to the environment the agent needs.
  • Use separate keys for different people or projects.
  • Avoid shared passwords.
  • Document who has access and when it was granted.

What can the agent do after access is granted?

With approved SSH access, the agent can inspect the project, install dependencies, read safe logs, configure services, build the application, and verify that it runs. Production changes should still be approved before they run.

PreviousNext: What can agents do?