Generate SSH Keypairs
Utilizing SSH keys represents the recommended best practice for secure access to Virtual Machines. Setting a user password within your image poses a security risk, as each VM instantiated from this image will share the same password, thereby increasing vulnerability to brute-force attacks.
When creating Linux virtual machines, it is essential to either generate or upload an SSH key prior to VM instantiation. Subsequently, this SSH key will be automatically provisioned within the newly created instance.
Creating an SSH key pair in OpenStack can be done through both the Horizon Dashboard and the OpenStack CLI. Here are the instructions for both methods.
Create an SSH Key Pair
-
Navigate to Project > Compute > Key Pairs and click Create Key Pair. In the popup window that appears enter the name for your key pair, choose
SSH Keyfrom Key Type dropdown menu, and click Create Key Pair. -
After creating the key pair, a file with the
.pemextension will be automatically downloaded to your local machine. This file contains your private key. Save this file in a secure location and make sure its permissions are set properly to ensure its security. -
You should now see the new key pair listed in Project > Compute > Key Pairs section with the name you specified.
Source the OpenStack RC File:
-
Download and source your OpenStack RC file to load your credentials and environment variables.
-
Run the following command in your terminal:
- You will be prompted to enter your OpenStack password.
Create the SSH Key Pair:
- Use the following command to create an SSH key pair:
- Replace
mykeywith your desired key pair name and~/.ssh/id_rsa.pubwith the path to your existing public key. If you don't have an existing SSH key, you can generate one usingssh-keygen:
- This will create a private key
id_rsaand a public keyid_rsa.pubin the~/.sshdirectory.
Verify Key Pair Creation:
- You can list your key pairs to verify the creation:
Save the Private Key:
- If you created a new key pair without specifying an existing public key, the private key will be output to your terminal. Save this private key to a file (e.g.,
mykey.pem):
- Set the appropriate permissions on the private key file:
By following these steps, you can create SSH key pairs in OpenStack using both the Horizon Dashboard and the OpenStack CLI.
Upload an Existing SSH Key Pair to OpenStack
Copy the Public Key:
- Display the public key content using:
- Copy the entire output, including the
ssh-rsaprefix and your email at the end.
Upload the SSH Key to OpenStack:
- Navigate to Project > Compute > Key Pairs and click Import Public Key.
- Provide a name for the key pair.
- Choose the
SSH Keyfrom Key Type dropdown menu. - Paste the public key content into the Public Key field.
- You can also upload the public key from a file by clicking Choose File under Load Public Key from a file.
- Click Import Public Key.
Use an SSH Key to Access an Instance
- When launching a new instance, select the uploaded key pair under the Key Pair section.
- Ensure the private key file is saved with appropriate permissions.
-
Access the instance using the downloaded private key:
-
(IPv4): To reach your instance, which is placed in an IPv4 private network, via SSH from the outside world, you need to have a Router with an interface connected to that subnet and a Floating IP attached to that instance. If all those prerequisites are met, you can connect to the instance by executing the below command:
Managing SSH keys in OpenStack can be done either by generating the keys on your local machine or through the Horizon Dashboard. Both methods provide a secure way to access your instances, allowing you to choose the approach that best fits your workflow and security preferences.