Skip to main content

How to Generate and Use SSH Keys in OpenStack:

This guide walks you through generating SSH keys from scratch, configuring them in OpenStack, and using them for secure instance access. These steps will help you manage your OpenStack instances securely and efficiently using SSH key pairs. 

Step-by-Step Guide: Generating and Using SSH Key Pairs in OpenStack: 

Step 1: Generate SSH Key Pair Locally: 
To begin, you need to generate an SSH key pair on your local machine. This pair consists of a public and a private key. 
Generate a new SSH key pair on your local system (Linux/macOS). Run the following command in your terminal:
# ssh-keygen -t rsa -b 2048
Enter the file name for the key: When prompted, provide the file name and path to save the key. By default, it will be saved in ~/.ssh/id_rsa. You can press Enter to accept the default location. 
Set a passphrase (optional): You can choose to set a passphrase for additional security or leave it blank for easy access. 

This will create two files:
id_rsa: The private key (keep this safe and never share it). 
id_rsa.pub: The public key (this is what you'll upload to OpenStack). 

Step 2: Upload the Public Key to OpenStack:
Once you’ve generated your SSH key pair, you need to upload the public key (id_rsa.pub) to OpenStack. 

Option 1: Using the OpenStack CLI 

Upload the public key to OpenStack:
# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
Replace mykey with the name you want to give this key pair in OpenStack. 

Verify that the key pair has been uploaded:
# openstack keypair list
You should see your key pair (mykey) in the list. 

Option 2: Using the Horizon (Web Interface) 

Login to Horizon: Go to your OpenStack Horizon dashboard. 
Navigate to Key Pairs: Go to Project > Compute > Key Pairs. 
Create Key Pair: 
Click Import Key Pair. 
Provide a name (e.g., mykey). 
Copy the contents of your public key file (id_rsa.pub) and paste it into the text box. 
Click Import Key Pair. 

Step 3: Launch an Instance Using the SSH Key Pair:
You now have an SSH key pair associated with your OpenStack account. When you create a new instance, you can use this key pair for secure access. 

Option 1: Using the OpenStack CLI 
Launch an instance with the key pair:
# openstack server create --image <image-id> --flavor <flavor-id> --key-name mykey --network <network-id> <instance-name>
Example:
# openstack server create --image cirros --flavor m1.small --key-name mykey --network private my-instance
Check the instance status:
# openstack server list
Wait for the instance status to become "ACTIVE". 

Option 2: Using Horizon (Web Interface):
Navigate to Instances:
Go to Project > Compute > Instances. 
Click Launch Instance. 
Select Key Pair:
Under the Key Pair tab, select the mykey key pair created earlier. 
Proceed with launching the instance. 

Step 4: Access the Instance Using SSH:
Once your instance is up and running, you can access it using your private key. 

Run the following SSH command:
# ssh -i ~/.ssh/id_rsa <username>@<instance-floating-ip>
Example:
# ssh -i ~/.ssh/id_rsa ubuntu@192.168.0.10

Ensure the private key file has the correct permissions:
# chmod 600 ~/.ssh/id_rsa
This ensures that only you can read the key. 

Username: The default username depends on the image you used: 
For Ubuntu, it’s usually ubuntu. 
For CentOS, it’s centos. For Cirros, it’s cirros. 

Floating IP: This is the public IP of the instance, which allows you to SSH into it. 

Step 5: Verifying Key Pair Injection in the Instance: 
To confirm that the key pair has been correctly injected into the instance: 
Log into the instance via SSH. 
Check the ~/.ssh/authorized_keys file:
# cat ~/.ssh/authorized_keys
The public key you uploaded should be listed in this file.

Key Pair Troubleshooting: 
If you're unable to access your instance via SSH: 

Check Floating IP: Ensure the instance has a floating IP assigned, and that you're using the correct IP. Security Group Rules: Verify that the security group allows SSH access (port 22). You can add the rule using:
# openstack security group rule create --proto tcp --dst-port 22 <security-group-id>
Correct Key: Ensure you're using the correct private key file to connect to the instance. 

SSH key pairs are a simple and secure method to manage access to OpenStack instances. By following the steps in this guide, you can generate SSH keys from scratch, upload them to OpenStack, and access your instances securely without the need for passwords.
Labels:

Comments

Post a Comment

Popular posts from this blog

temp-1

  🔧 vast_id Configuration Key: vast_id Description This section defines the VAST ID , a unique numeric identifier used by internal systems for asset tracking, automation, or integration with enterprise management platforms. It helps associate the server with inventory records, monitoring tools, or deployment workflows. ✅ Used during provisioning to register the system in centralized databases or orchestration systems. JSON Format json 1 "vast_id" : 12194 ✅ Can also be provided as a string: json 1 "vast_id" : "12194" Field Reference vast_id String or Integer Unique identifier for the system in VAST (Verizon Asset Systems Tracker) 12194 ✅ Must be non-empty and numeric — leading zeros may be stripped depending on system. Validations Enforced vast_id  is required and must be a non-empty string or integer Ensures the field is present and contains usable data If  vast_id  is a string, it must not be blank or whitespace-only Prevents " " , "...
Post a Comment
Read more

testing

09052025 T-1 { "volume_groups" : { "vgroot" : { "vgsize" : "304G" , "fs_type" : "xfs" } } , "logical_volumes" : { "root" : { "lvroot" : { "vgname" : "vgroot" , "lvname" : "lvroot" , "lvsize" : "12G" , "mountpoint" : "/" , "purpose" : "root filesystem" , "disk" : 1 , "partition" : 2 } } , "swap" : { "lvswap" : { "vgname" : "vgroot" , "lvname" : "lvswap" , "lvsize" : "4G" , "mountpoint" : "NA" , "purpose" : "swap" , "disk" : 1 , "partit...
Post a Comment
Read more

temp

 {   "_id": {     "$oid": "6841e4b0fd270b2ab92d7eaa"   },   // 📌 [Auto-generated]   // Description: Unique system identifier for internal use (MongoDB ObjectId).   // Type: ObjectId (string)   // Required: No (automatically handled)   "vast_id": "21452",   // 📌 [Required]   // Description: Your unique request ID or reference number.   // Type: string   // Format: Numeric string (e.g., "21452")   // Example: "21452"   "env": "dev",   // 📌 [Required]   // Description: The environment where the VM will be deployed.   // Type: string   // Allowed values: "dev", "qa", "uat", "prod"   // Example: "dev" for development, "prod" for production   "ver": "0.2",   // 📌 [Do Not Modify]   // Description: Template version. Used by automation to ensure compatibility.   // Type: string   // Format: Semantic versioning (e.g., "...
Post a Comment
Read more