Keypairs
A keypair is basically a couple of private and public keys.
Most common example is SSH keypair allowing you to login to your Unix instance.
Key pairs are used to:
- connect to an instance (eg. SSH)
- generate and encrypt password (eg. Windows or OPNsense appliance)
Info
Keypairs have to be created before instances creation. They will be associated during the instance creation process.
Import an existing keypair
You may import your existing keypair using the following command:
openstack keypair create --public-key ~/.ssh/ssh_my_rsa_key.pub my_keypair
+-------------+-------------------------------------------------+
| Field | Value |
+-------------+-------------------------------------------------+
| fingerprint | 53:c0:03:5f:27:6f:c2:66:b4:e4:f3:26:e0:f8:82:4a |
| name | my_keypair |
| user_id | b1580497f51e4d10b9110c60c154562c |
+-------------+-------------------------------------------------+
You may import your existing keypair by navigating to the Key Pairs
section and clkicking on Import Public Key
:
Name your keypair, set its type and import it.
Create a new keypair
A new keypair can also be created.
openstack keypair create my_keypair > ~/.ssh/my_keypair
chmod 600 ~/.ssh/my_keypair
The private key is saved to ~/.ssh/my_keypair
and can then be used for
instance creation (using the --key-pair argument on the command line) and/or
for SSH.
Name your keypair and click on Create Key Pair
Your keypair has been automatically downloaded.
You may now use the keypair to connect to a instance with this command :
ssh -i ~/.ssh/ ~/.ssh/ssh_my_rsa_key adminuser@my-instance-name
Keypair for password encryption
Some operating systems, such as Windows or OPNsense require a specific
keypair type commonly called OpenSSL RSA keypair
, RSA PKCS #1 v1.5
keypair
or SSH keypair in pem format
.
These operating systems, during the first boot, will generate a random
password and send it to the metadata server of OpenStack.
To do so securely, the instance will encrypt the password using the public
key set at the creation of to the instance and post the result as base64 to the
metadata server, making it readable only by the owner of the private key.
Note
This form of Keypair is different than OpenSSH-RSA type.
They must be generated in this exact format to work.
No conversion to RSA PKCS #1 v1.5 for existing key is possible.
To generate a RSA PKCS #1 v1.5
keypair, you can use the following command :
ssh-keygen -t rsa -m pem -f my_keypair
This will create my_keypair
and my_keypair.pub
that you can use to
decrypt instance generated password.