Katapult permits and recommends the use of SSH keys for virtual machine access. You are able to allow access to a given machine through either organisation-specific or user-specific SSH keys. For the avoidance of confusion; especially considering the use of the word organisation elsewhere within Katapult, you can find an explanation of the different types of SSH key below. The organisations, users and roles guide might be useful reading prior to this guide.
An individual user on Katapult is able to add one or more SSH key to their personal Katapult account. From the organisation perspective it is possible to assign the keys from an individual user account to one or more of your virtual machines. If a user to which you have permitted SSH access happens to change their SSH key(s) then Katapult will automatically push those changes out to every machine they are permitted access. This removes the potentially time consuming process of manual updating every virtual machine's operating system. For added security, a user is able to define a set of IP addresses to which their key may be used. Refer to the permit specific user SSH keys how-to guide for more detail on enabling specific users access to a machine, or in-fact; all of your organisation's users if needed.
Organisation specific SSH keys allow you to permit access to selected machines from either another virtual machine on Katapult, an external machine entirely or if your organisation prefers; your users. For example, you might wish for an external backup service to access your data using your organisation specific SSH key. This use case would also apply if you prefer to provide users with your organisations key instead of them using their own. As an added level of security it is possible to restrict access to your organisation SSH key to a set of IP addresses, added to an address list. To find out to assign an organisation key to a given virtual machine, see the permit specific organisation SSH keys how-to guide.