Create and host an SSH key on a cloud server
SSH keys can be used to securely connect to a server using the encrypted SSH protocol. It is a pair of keys: the private key is stored on the local computer and the public key is placed on the server.
We recommend using SSH keys instead of login and password to authenticate to the cloud server.
You can use SSH keys of types ed25519, rsa, ecdsa, and dsa. Learn more about SSH keys for the user.
-
Optional: add a public SSH key to the user profile.
1. Create an SSH key pair
You can create SSH keys in two ways:
- by the OS;
- using the OpenStack CLI.
Create a pair of SSH keys using OS tools
Linux/macOS
Windows
-
Open the CLI.
-
Generate a pair of SSH keys:
ssh-keygen -t <key_type>
Specify
<key_type>
— SSH key type:ed25519
,rsa
,ecdsa
ordsa
-
A message will appear asking you to select a directory to store the key pair — an example for an RSA key:
Enter file in which to save the key (~/.ssh/id_rsa):
To leave the default directory for storing keys, press Enter. If you want to select a different directory, enter it in the format
/path/to/id_rsa
and press Enter. -
Optional: enter a passphrase for additional security, repeat the passphrase and press Enter:
Enter passphrase (empty for no passphrase):
Enter same passphrase again: -
Wait for the message that the keys have been generated. Two files will be created:
id_rsa
(private key) andid_rsa.pub
(public key). The terminal will display the key fingerprint and its image:Your identification has been saved in ~/.ssh/id_rsa
Your public key has been saved in ~/.ssh/id_rsa.pub
The key fingerprint is:
The key's randomart image is: -
Output the public SSH key:
cat <path>
Specify
<path>
is the full path to the public key you specified in step 3, for example~/.ssh/id_rsa.pub
.
-
Install PuTTY.
-
Open the PuTTYgen application.
-
In the Parameters → Type of key to generate field, select the RSA key type.
-
Click Generate.
-
Move the cursor in the PuTTYgen window until a key pair is created.
-
After creating the keys, click Save public key and Save private key.
-
Specify a path to store the keys.
-
Optional: in the Key passphrase field, enter a passphrase for additional security.
-
Copy the public SSH key.
Create an SSH key pair through the OpenStack CLI
The SSH key will only be available to the single service user, project, and pool for which you have configured authorization in the OpenStack API.
When generating SSH keys through the OpenStack CLI, the public key is automatically added to the user's profile.
-
Generate a pair of SSH keys:
openstack keypair create <key_name> --private-key <file_for_key>
Specify:
<key_name>
— key name;<file_for_key>
— file that will store the private SSH key on the local computer.
2. Optional: add a public SSH key to the user profile
You can add a public SSH key to your profile or to another user's profile. Then place the key on the server when creating it or on an existing server.
The key will be available in all projects to which the user has been added.
If you generated an SSH key pair through the OpenStack CLI, the public key was automatically added to the user profile.
To your profile
To another user's profile
-
In the control panel, on the top menu, click Account.
-
Go to the Access section.
-
Open the SSH keys tab.
-
Click Add Key.
-
Enter the name of the key.
-
Insert a public SSH key in OpenSSH format.
-
Click Add.
Use the Add SSH Key section of the Change User Data or Role instructions. Only the Account Owner and User Administrator can add keys to other users.
The key will be available in all projects to which the user has been added.
3. Host a public SSH key on a cloud server
You can place a public SSH key when you create a cloud server or on an existing server.
To access the cloud server via SSH, you need to add a public SSH key to the ~/.ssh/authorized_keys
file on the server. You can add multiple keys, for example, if you need access for multiple users.
You can place public SSH keys on an existing server using a utility or manually.
Through the utility
Manually
The utility adds the public SSH key to the end of the ~/.ssh/authorized_keys
file. The command used creates the directory and file if they are not already created.
From Linux/macOS
From Windows
-
Open the CLI on the local computer.
-
Copy the public SSH key to the cloud server:
ssh-copy-id -i <path> <username>@<ip_address>
Specify:
<path>
— the full path to the public key on the local computer, e.g.~/.ssh/id_rsa.pub
;<username>
— username;<ip_address>
— public IP address of the server.
-
Enter the user's password.
-
Open the CLI on the local computer.
-
Copy the public SSH key to the cloud server:
scp <local_path> <username>@<ip_address>:<server_path>
Specify:
<local_path>
— the full path to the public key on the local computer;<username>
— username;<ip_address>
— public IP address of the server;<server_path>
— path for storing the public key on the server, e.g.C:\Users\username\.ssh\authorized_keys
.
-
Open the public SSH key file on the local computer:
Linux/macOS
Windows
cat <path>
Specify
<path>
is the full path to the public key on the local computer, for example~/.ssh/id_rsa.pub
.type <path>
Specify
<path>
— the full path to the public key on the local computer, for exampleC:\Users\username\.ssh\id_rsa.pub
. -
Copy the value of the public SSH key.
-
Navigate to the
.ssh
directory:cd .ssh
-
Create an
authorized_keys
file:touch authorized_keys
-
Add a public SSH key to the
authorized_keys
file:echo <public_ssh_key> >> ~/.ssh/authorized_keys
Specify
<public_ssh_key>
is the public SSH key that you copied in step 2. It starts withssh-rsa
. -
Configure access rights:
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys``