Difference between revisions of "OpenStack Key Pairs Test"

From CAC Documentation wiki
Jump to navigation Jump to search
(Created page with "The best way to provide secure and easy access to your Red Cloud instances is through the use of key pairs for [https://www.ssh.com/ssh/public-key-...")
 
Line 21: Line 21:
 
The newly created key pair will now be shown in the list.  It can be deleted using the button on the right of its entry, and clicking on the key pair's name will show more information about it, including its public key.
 
The newly created key pair will now be shown in the list.  It can be deleted using the button on the right of its entry, and clicking on the key pair's name will show more information about it, including its public key.
  
You now '''must save the private key that you copied''' to your computer's clipboard into a file having the ".pem" extension.  If you save the file with any other extension, you may not get the correct formatting.  If you are on Mac or Linux, make sure to set the file to appropriate permissions with <code>chmod 600 <key name>.pem</code>.
+
You now '''must save the private key that you copied''' to your computer's clipboard into a file having the ".pem" extension.  If you save the file with any other extension, you may not get the correct formatting.   
 +
 
 +
After copying the private key, open any simple text editor, but not a word processing app like Word. On Windows that could be Notepad, on Mac it could be TextEditor, and on Linux that could be any text editor you have installed, like gedit. Next, open a new text file, and paste the private key text into the new file. Make sure to paste all the text you copied from the private key dialogue from Red Cloud. The text you paste should include BEGIN/END RSA PRIVATE KEY, accompanied with dashes.
 +
 
 +
Next, save the file as <code><key name>.pem</code>, where <code><key name></code> is your key name, in an easily accessible directory. Make sure to have only a .pem extension on the saved file, without any extra .txt or such extensions.
 +
 
 +
Lastly, if you are on Mac or Linux, make sure to set the file to the appropriate permissions. Open a terminal to access the directory with your saved key file, and enter <code>chmod 600 <key name>.pem</code> to change the permissions.
  
 
The sections below will describe how this file is used to [[#Using_Your_Key_Pair_to_Connect_to_a_Linux_Instance|connect to a Linux instance]] or retrieve the [[#Using_Your_Key_Pair_to_Connect_to_a_Windows_Instance|administrator account's password for a Windows instance]].
 
The sections below will describe how this file is used to [[#Using_Your_Key_Pair_to_Connect_to_a_Linux_Instance|connect to a Linux instance]] or retrieve the [[#Using_Your_Key_Pair_to_Connect_to_a_Windows_Instance|administrator account's password for a Windows instance]].

Revision as of 20:32, 14 December 2020

The best way to provide secure and easy access to your Red Cloud instances is through the use of key pairs for SSH authentication. Key pairs are made up of a private key that only you know, and a public key that is distributed to people and systems with which you would like to have secure communications. Red Cloud allows you to easily generate or upload such key pairs to use with your instances.

When you create a new instance, you should specify a key pair to be used for logging in to that instance. You can only add a key pair to an instance at the time of its creation, not afterwards, so it is important not to overlook this step. It is possible to generate a new key pair during the process of creating an instance.

In Linux instances, the pair's public key is installed into the root (or ubuntu user) account at the time of its creation, allowing you to login simply by providing the private key. For Windows instances, you will need to provide the private key to the Red Cloud web interface in order to fetch a valid password for logging in to the instance's administrator account.

Key pairs are created per user within an account, so other account members will not be able to use the key pairs you create. You will also not be able to use a given key pair in multiple accounts unless you import it into each account.

Creating a Key Pair

Your key pairs can be managed through the Red Cloud web interface by selecting the "Compute" tab [1] and then selecting the "Key Pairs" sub-tab [2]. This will display a list of your current key pairs as well as buttons for creating, importing or deleting key pairs. Begin by clicking "Create Key Pair" [3], which raises a simple wizard dialog.

KeyPairList.png

Enter a unique and meaningful name for the key pair [1] and then click "Create Keypair" [2]. Note that if the name you entered is invalid, the error message will be displayed in the underlying "Key Pairs" web page. The text for your private key is then displayed in the wizard. It is critical that you copy this text, either by selecting all of the text in the display and using a hot key or context menu item to copy it to the clipboard, or by clicking the "Copy Private Key to Clipboard" button [3]. This will be your only chance to copy the text, so do not forget to do so. When you have copied it, click "Done" [4] to close the wizard.

KeyPairWizard.png

The newly created key pair will now be shown in the list. It can be deleted using the button on the right of its entry, and clicking on the key pair's name will show more information about it, including its public key.

You now must save the private key that you copied to your computer's clipboard into a file having the ".pem" extension. If you save the file with any other extension, you may not get the correct formatting.

After copying the private key, open any simple text editor, but not a word processing app like Word. On Windows that could be Notepad, on Mac it could be TextEditor, and on Linux that could be any text editor you have installed, like gedit. Next, open a new text file, and paste the private key text into the new file. Make sure to paste all the text you copied from the private key dialogue from Red Cloud. The text you paste should include BEGIN/END RSA PRIVATE KEY, accompanied with dashes.

Next, save the file as <key name>.pem, where <key name> is your key name, in an easily accessible directory. Make sure to have only a .pem extension on the saved file, without any extra .txt or such extensions.

Lastly, if you are on Mac or Linux, make sure to set the file to the appropriate permissions. Open a terminal to access the directory with your saved key file, and enter chmod 600 <key name>.pem to change the permissions.

The sections below will describe how this file is used to connect to a Linux instance or retrieve the administrator account's password for a Windows instance.

Importing a Key Pair

If you already have an SSH key pair that you would like to use with Red Cloud, you can import it rather than creating a new one. To do so, click the "Import Key Pair" button [1] on the Key Pairs page. This brings up a dialog for creating a key pair.

KeyPairImport.png

The Import Key Pair dialog contains some detailed instruction for generating key pairs on your computer. Using either an existing key or one that you generate by following those instructions, enter a unique and meaningful name for the key pair [1] and paste the entire text from its public key into the provided space [2]. This public key text should begin with "ssh-rsa" and end with a name, with a long string of letters and numbers in between. When you have entered those two values, click "Import Key Pair" [3]. They key pair will be imported and will appear in the Key Pairs list.

KeyPairImportDialog.png

Selecting a Key Pair When Creating an Instance

During the process of creating an instance you have the opportunity to assign a key pair to the new instances. This happens in the Key Pair tab [1] of the Launch Instance dialog. If you have not previously created or imported a key pair into your project, you can do so here [2]. If you would like to use one of the existing key pairs in the project, click the up arrow button in the list of existing key pairs [3].

KeyPairSelection.png

Using Your Key Pair to Connect to a Linux Instance

If you specified a key pair when creating a Linux instance, the key pair's public key was installed into the initial user account on the instance. When connecting to the instance using the SSH command, you can pass the corresponding private key to establish a secure connection without need for a password. The following example of the SSH command syntax is for a private key stored in the file "my_key_rsa" and a CentOS system where the initial account is named "centos".

   ssh -i my_key_rsa centos@128.84.8.1

For more information, see the section on Accessing Instances including some troubleshooting tips. If you would like to connect to a Linux instance using the [PuTTY] application, you will first need to convert your private key from the "pem" format to PuTTY's "ppk" format using the puttygen tool that is installed with PuTTY.

Using Your Key Pair to Connect to a Windows Instance

To log on to a Windows instance for the first time you will need to use the "admin" account and a password that you can retrieve through the web interface by providing your private key. Under the "Compute" tab and the "Instances" sub-tab, find your Windows instance in the list. With the instance running, open the menu on the right side of its list entry and select the "Retrieve Password" option. This will display a dialog box where you can enter your private key.

KeyPairWindows.png

The dialog displays the name of the key pair that was assigned when the instance was created, along with the public part of the key pair. You need to provide the private key (in "pem" format) by either choosing a file that contains it [1] or by pasting the text of the private key (including the header and footer) into the space provided [2]. Once the private key is entered, click the "Decrypt Password" button [3]. If the key does not match, an error message will be displayed in the background web page. If the key matches, a password for the "admin" user will be displayed [4]. Copy this password into your computer's clipboard and supply it when logging into your Windows instance using the Remote Desktop application.

For more information, see the section on Accessing Instances.