This error means the server rejected your presented key.
First confirm you’re using the right default user for the image and that your key file has 600 permissions. Check that the key you’re using matches the public key in ~/.ssh/authorized_keys inside the instance; if you recently edited or replaced that file, your key may no longer be authorized.
When you’re locked out, use the web Console to log in and restore the correct public key to the appropriate user’s `authorized_keys`. If the instance was rebuilt, you must use the newer key you downloaded at rebuild time.
Password authentication is disabled by default for security. You can enable it only from inside the instance or via the Console, after which you would adjust the SSH server configuration (for example, PasswordAuthentication: yes) and set a strong password for the target user.
Even when enabled, key‑based login remains the recommended method because it is more resistant to brute‑force attacks.
No. For security reasons, Bahnhof cannot recover or resend your private key. Access control to your instance is under your ownership. Always store key material in a secure password manager or secrets vault and keep offline backups when appropriate.
ICMP (ping) is blocked by default in many security group templates. To allow ping, open the VPS in your dashboard, locate the Security Groups attached to the instance, and add an ingress ICMP rule (type 8, echo request) and a corresponding egress ICMP rule (type 0, echo reply). Once those rules are saved and applied, ping <floating-ip> should begin to respond unless ICMP is also blocked by a host firewall inside the instance.
Application access is controlled by Security Groups on the platform and, optionally, a firewall inside the guest OS.
In the dashboard, open the instance details, find the Security Group assigned to the server, and create a rule for the protocol and port your service uses—for example, TCP 8080 for an admin UI or TCP 143/993 for IMAP.
Keep the source set to a specific CIDR if you want to restrict access; use 0.0.0.0/0 only when you intend the port to be reachable from anywhere on the internet. If the port is still blocked after adding the rule, check ufw or iptables within the VM and allow the same port there as well.
You can approximate “open” networking by adding permissive Security Group rules that allow all TCP, UDP and ICMP, but there is no single switch that disables the platform’s filtering.
It’s normally better to open only the ports your application requires and keep the rest closed. If you also run a host firewall, make sure its policy matches your Security Group intent to avoid confusion.
IPv6 isn’t available for VPS/VPC in this environment yet. Use IPv4 floating IPs for public access and consider a reverse proxy or tunneling solution if you need IPv6 reachability from the outside world.
Outbound and inbound SMTP on port 25 is typically restricted to prevent abuse. If you have a legitimate need to run mail services, raise a request with support and be aware that reverse DNS (PTR) is not provided on VPS/VPC, which limits deliverability. Relaying mail through a dedicated provider is usually the better approach.
A floating IP remains yours as long as you keep it allocated to your account. You can associate and disassociate it from instances when needed. If you delete the instance and release the IP, there is no guarantee you can obtain the same address later, so plan migrations before deallocating an address.
You can reset your VPS by selecting “Rebuild VPS” in your VPC’s details page. This also lets you change the operating system. Before proceeding, ensure you have backups or snapshots, as rebuilding will erase and replace all data on the root disk.
The small/medium/large plans are not resizeable in place. To change capacity you provision a new instance of the desired size and migrate your applications or data to it. If frequent resizing is a requirement, consider VPC or custom flavors where resizing and horizontal scaling are part of the design.
Start with the web Console to confirm the VM is running. If you can reach a shell, check disk space with df -h and memory pressure with free -h or the kernel log for OOM events using dmesg.
Networking problems are often caused by mismatched Security Group and guest firewall settings; if the Console works but the network doesn’t, align the rules on both sides. Service daemons that fail to start can usually be inspected via systemctl status <service> and journal logs, and a quick reboot from the dashboard may clear a stuck state after you fix the underlying issue.
On fixed VPSs, snapshots provide a point‑in‑time capture of the system disk when you have backup slots available.
Create a snapshot from the VPS details when the instance is in a consistent state; stopping application services briefly reduces the risk of data corruption. Restores can be initiated from the same view and will revert the disk to the captured state.
In VPC, you can snapshot whole instances or back up individual volumes from Horizon or Skyline, which makes it easy to roll back experiments or clone environments.
Regardless of platform snapshots, maintain application‑level backups for databases and user uploads so you can restore selectively without rolling back the whole VM.
When an invoice reaches its due date and remains unpaid, the account may be suspended and access to compute resources restricted.
Leverantörer skjuter vanligtvis upp radering under en grace period, men förlita dig inte på detta; betala det utestående beloppet snabbt för att undvika automatisk rensning av instanser och snapshots.
If an accidental charge caused the issue, contact us so they can review and unsuspend after resolution.
Most TLDs can be transferred if they meet age and status requirements. Unlock the domain at your current registrar, retrieve the EPP/Auth code, and initiate the transfer from your Bahnhof account.
Some registries impose a 60–90 day waiting period after registration or recent changes; check your TLD rules if a transfer is rejected. Keep DNS up during the move by avoiding nameserver changes until the transfer completes.
Domain registrations are non‑refundable because the registry fees are committed at purchase. Review spelling, TLD choice and contact details before you confirm payment to avoid costly mistakes.
Yes. Open the domain’s details and switch off auto‑renew. The domain will then expire at the end of the current term unless you renew manually. If you still need the name, renew it a few days before expiry to avoid redemption surcharges.
You can pay with credit card. Cryptocurrencies aren’t supported. Keep a valid card on file for automatic renewals to avoid service interruption.
Annual billing is available for many services. Switching consolidates invoices and reduces administrative overhead. You can contact us if you like to to move your plan to annual if that fits your budgeting better.
Invoices are often generated ahead of the next cycle. If you cancel after an invoice has been created, you might still see the charge. Contact us with the cancellation reference; they can void or refund that invoice when the underlying service is confirmed canceled.
Refunds are limited.
VPS plans are generally non‑refundable once provisioned, except where a platform failure or duplicate charge occurred.
Domains are non‑refundable. If you believe you’ve been billed in error, contact us to open a ticket promptly so that we can investigate while records are fresh.
VAT handling follows local tax rules. For usage‑based VPC, a monthly VAT invoice summarizes consumption, whereas wallet top‑ups or auto‑refills may be treated as prepayments. Keep your company details and VAT ID accurate in your profile to ensure correct tax treatment on documents.
VPS is a convenient single‑server product with fixed shapes and minimal knobs to turn; it’s ideal for light to moderate workloads and quick experiments. VPC exposes an OpenStack project where you design networks, attach volumes, choose flavors, and scale out with multiple instances or load balancers. If you want flexibility, snapshots, custom images, or blue‑green deployments, VPC is the right tool.
Yes, but it’s self‑managed. You can bootstrap clusters with tools like kubeadm or a distribution of your choice, store etcd data on durable volumes, and front the control plane with floating IPs or a load balancer. Patching, backups and upgrades remain your responsibility; consider a managed service if you prefer a hands‑off model.
Yes, in VPC you can. Use Horizon, Skyline or the image API to upload a bootable image, then create instances from it or attach an ISO to reinstall a VM. This is useful for standardizing golden images across environments.
PTR is not offered for VPS/VPC public addresses. If rDNS is mandatory—for example, to run professional mail—you’ll need a custom solution through sales or use a third‑party mail service that provides the necessary DNS records and reputation management.
VPC resources are usually billed pay‑as‑you‑go against your wallet in short intervals. When the balance reaches zero, resources are suspended and subsequently removed if not recharged. Additional floating IPs can often be allocated on request, subject to address availability and account checks; release addresses you no longer need to control costs. To avoid interruptions in the service ensure to configure automatic top-ups.
If encryption at rest is a requirement, you can use filesystems like LUKS inside the guest or select an application‑level encryption strategy so that data is protected before it hits the disk.
Bandwidth and CPU policies differ by plan and are optimized for typical small‑business and developer use. Short bursts are fine, but sustained high utilization may be throttled by fair‑use policies on shared infrastructure.
If you expect constant heavy traffic, large databases, or CPU‑bound processing, look at VPC with higher‑end flavors or a dedicated server so you have predictable headroom.
Small, Medium and Large instances have 100Mbps (not burstable), 150Mbps (burstable to 200Mbps), and 250Mbps (burstable to 500Mbps) limits respectively.
Yes.
Certain records must be retained to comply with Swedish law and accounting rules, so the account cannot be purged in the absolute sense. Support can close the account, stop renewals, and remove non‑essential personal data while preserving the legally required information. You’ll still be able to request copies of invoices and historical statements if needed for your records.
You can run mail software, but without PTR on VPS/VPC and with strict SMTP policies on the internet, deliverability will be challenging.
For business‑critical email, a specialist provider or a custom solution with proper rDNS, monitoring, and reputation management is recommended. If you proceed on a VPS, relay outbound mail through a reputable SMTP service and harden your DNS with SPF, DKIM and DMARC.
The backbone includes network‑level mitigation that absorbs common volumetric attacks before they reach your server. Application‑layer protections (WAFs, rate limiting, bot management) remain your responsibility. Place a reverse proxy like Nginx or a CDN with WAF in front of your app if you expect targeted layer‑7 traffic.
Trials and special pricing are not typically offered. The month‑to‑month nature of VPS is the de facto trial—spin up an instance, test your workload, and cancel before the next cycle if it isn’t a fit.
