Skip to main content

How to Generate and Use SSH Keys in OpenStack:

This guide walks you through generating SSH keys from scratch, configuring them in OpenStack, and using them for secure instance access. These steps will help you manage your OpenStack instances securely and efficiently using SSH key pairs. 

Step-by-Step Guide: Generating and Using SSH Key Pairs in OpenStack: 

Step 1: Generate SSH Key Pair Locally: 
To begin, you need to generate an SSH key pair on your local machine. This pair consists of a public and a private key. 
Generate a new SSH key pair on your local system (Linux/macOS). Run the following command in your terminal:
# ssh-keygen -t rsa -b 2048
Enter the file name for the key: When prompted, provide the file name and path to save the key. By default, it will be saved in ~/.ssh/id_rsa. You can press Enter to accept the default location. 
Set a passphrase (optional): You can choose to set a passphrase for additional security or leave it blank for easy access. 

This will create two files:
id_rsa: The private key (keep this safe and never share it). 
id_rsa.pub: The public key (this is what you'll upload to OpenStack). 

Step 2: Upload the Public Key to OpenStack:
Once you’ve generated your SSH key pair, you need to upload the public key (id_rsa.pub) to OpenStack. 

Option 1: Using the OpenStack CLI 

Upload the public key to OpenStack:
# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
Replace mykey with the name you want to give this key pair in OpenStack. 

Verify that the key pair has been uploaded:
# openstack keypair list
You should see your key pair (mykey) in the list. 

Option 2: Using the Horizon (Web Interface) 

Login to Horizon: Go to your OpenStack Horizon dashboard. 
Navigate to Key Pairs: Go to Project > Compute > Key Pairs. 
Create Key Pair: 
Click Import Key Pair. 
Provide a name (e.g., mykey). 
Copy the contents of your public key file (id_rsa.pub) and paste it into the text box. 
Click Import Key Pair. 

Step 3: Launch an Instance Using the SSH Key Pair:
You now have an SSH key pair associated with your OpenStack account. When you create a new instance, you can use this key pair for secure access. 

Option 1: Using the OpenStack CLI 
Launch an instance with the key pair:
# openstack server create --image <image-id> --flavor <flavor-id> --key-name mykey --network <network-id> <instance-name>
Example:
# openstack server create --image cirros --flavor m1.small --key-name mykey --network private my-instance
Check the instance status:
# openstack server list
Wait for the instance status to become "ACTIVE". 

Option 2: Using Horizon (Web Interface):
Navigate to Instances:
Go to Project > Compute > Instances. 
Click Launch Instance. 
Select Key Pair:
Under the Key Pair tab, select the mykey key pair created earlier. 
Proceed with launching the instance. 

Step 4: Access the Instance Using SSH:
Once your instance is up and running, you can access it using your private key. 

Run the following SSH command:
# ssh -i ~/.ssh/id_rsa <username>@<instance-floating-ip>
Example:
# ssh -i ~/.ssh/id_rsa ubuntu@192.168.0.10

Ensure the private key file has the correct permissions:
# chmod 600 ~/.ssh/id_rsa
This ensures that only you can read the key. 

Username: The default username depends on the image you used: 
For Ubuntu, it’s usually ubuntu. 
For CentOS, it’s centos. For Cirros, it’s cirros. 

Floating IP: This is the public IP of the instance, which allows you to SSH into it. 

Step 5: Verifying Key Pair Injection in the Instance: 
To confirm that the key pair has been correctly injected into the instance: 
Log into the instance via SSH. 
Check the ~/.ssh/authorized_keys file:
# cat ~/.ssh/authorized_keys
The public key you uploaded should be listed in this file.

Key Pair Troubleshooting: 
If you're unable to access your instance via SSH: 

Check Floating IP: Ensure the instance has a floating IP assigned, and that you're using the correct IP. Security Group Rules: Verify that the security group allows SSH access (port 22). You can add the rule using:
# openstack security group rule create --proto tcp --dst-port 22 <security-group-id>
Correct Key: Ensure you're using the correct private key file to connect to the instance. 

SSH key pairs are a simple and secure method to manage access to OpenStack instances. By following the steps in this guide, you can generate SSH keys from scratch, upload them to OpenStack, and access your instances securely without the need for passwords.
Labels:

Comments

Post a Comment

Popular posts from this blog

How to Check Hardware Details on Linux:

  Whether you're troubleshooting hardware issues, planning an upgrade, or just curious about your system’s specifications, Linux provides a variety of commands to gather comprehensive hardware information. Here are some essential commands: 1.  Use lscpu to get detailed information about the CPU, including architecture, cores, threads, and CPU speeds. # lscpu                                                 2. The lshw command provides a complete overview of hardware configuration, including CPU, memory, storage, and network. You’ll likely need superuser privileges to run it. # sudo lshw                                                                               ...
Post a Comment
Read more

testing

09052025 T-1 { "volume_groups" : { "vgroot" : { "vgsize" : "304G" , "fs_type" : "xfs" } } , "logical_volumes" : { "root" : { "lvroot" : { "vgname" : "vgroot" , "lvname" : "lvroot" , "lvsize" : "12G" , "mountpoint" : "/" , "purpose" : "root filesystem" , "disk" : 1 , "partition" : 2 } } , "swap" : { "lvswap" : { "vgname" : "vgroot" , "lvname" : "lvswap" , "lvsize" : "4G" , "mountpoint" : "NA" , "purpose" : "swap" , "disk" : 1 , "partit...
Post a Comment
Read more

How Virtual Machines are Created in OpenStack: A Complete Backend Workflow:

When creating a Virtual Machine (VM) in OpenStack, several components work together in the backend to provision the instance. Here's a step-by-step explanation of how the process flows: 1. User Request Interface Used : The user initiates the VM creation through the Horizon Dashboard (web UI), the OpenStack CLI ( openstack server create ), or the OpenStack API. Request Information : The request includes parameters such as: VM name. Image (the operating system or custom image to boot from). Flavor (the compute, memory, and storage specifications). Network (which network the VM will be connected to). Security Groups (firewall rules). Key Pair (for SSH access). 2. API (Nova API) Component : Nova (Compute service). Process : The request is received by the Nova API , which validates the request (checks if the requested resources like the image, flavor, and network exist). If valid, the API creates an entry in the database for the new instance. Nova's Role : Nova is the core service r...
Post a Comment
Read more