Create and host an SSH key | Документация Selectel

Create and host an SSH key on a cloud server

SSH keys can be used to securely connect to server via the encrypted SSH protocol. This is a key pair: the private key is stored on the local computer and the public key is hosted on the server.

We recommend using SSH keys instead of login and password to authenticate to the cloud server.

SSH keys of types ed25519, rsa, ecdsa, and dsa can be used.

Create an SSH key pair.
Optional: add public SSH key to cloud platform.

The way a key is added to the cloud platform affects its availability in projects, pools, and to users, as well as the way it is placed on the server when created. See the SSH-keys-for-project-and-service-user table for more information on key differences.
Place a public SSH key on a cloud server: when creating a server or on an existing server.

Create SSH keys⁠

Linux/macOS
Windows
OpenStack CLI

Open the CLI.
Generate a pair of SSH keys:
```
ssh-keygen -t <key_type>
```
Specify <key_type> — SSH key type: ed25519, rsa, ecdsa or dsa.
A message will appear asking you to select a directory to store the key pair — example for rsa key:
```
Enter file in which to save the key (~/.ssh/id_rsa):
```
To leave the default directory for storing keys, press Enter. If you want to select a different directory, enter it in the format /path/to/id_rsa and press Enter.
Optional: enter a passphrase for additional security, repeat the passphrase and press Enter:
```
Enter passphrase (empty for no passphrase):
Enter the same passphrase again:
```
Wait for a message that the keys have been generated. Two files will be created: id_rsa (private key) and id_rsa.pub (public key). The key fingerprint and its image will appear in the terminal:
```
Your identification has been saved in ~/.ssh/id_rsa
Your public key has been saved in ~/.ssh/id_rsa.pub
The key fingerprint is:
The key's randomart image is:
```
Output the public SSH key:
```
cat <~/.ssh/id_rsa.pub>
```
Specify <~/.ssh/id_rsa.pub>, which is the full path to the public key that you specified in step 3.
Optional: add a public SSH key to the cloud platform, place a public SSH key when creating a server, or on an existing server.

When generating SSH keys through the OpenStack CLI, the public key will automatically be added to the cloud platform.

Such an SSH key will only be available to the pool and service user that are specified in the rc.sh access file, as well as that user's projects.

Learn more about SSH keys-for-project-and-service-user.

Open OpenStack CLI.
Make sure that the correct pool and service user are specified in the rc.sh file.
Generate a pair of SSH keys:
```
openstack keypair create <key_name> --private-key <file_for_key>
```
Specify:
- <key_name> is the key name;
- <file_for_key> — the file that will store the private SSH key on the local computer.
Optional: place a public SSH key when creating a server or on an existing server.

Add a public SSH key to the cloud platform⁠

A public SSH key can be added to the cloud platform and then placed when creating a server.

The way a key is added to the cloud platform affects its availability in projects, pools, and to users, as well as the way it is placed on the server when created. See table for more information on key differences.

For the project
For the service user

The key will only be available in one project, for all users.

In Control Panel, go to Cloud Platform → Access.
Open the SSH keys tab.
Click Add SSH Key.
Enter the name of the key.
Insert a public SSH key in OpenSSH format.
Click Add Key.

Place a public SSH key on a cloud server when creating a server⁠

Control panel
OpenStack CLI

Only SSH keys for project are available.

In Control Panel, go to Cloud Platform → Servers.
Click Create Server.
In the Access block, add an SSH key to the server:
- select the SSH key that you added to the cloud platform — you can select only SSH keys for the project;
- or add a new SSH key that you created earlier. The key will be added to the cloud platform and will only be available for the project.
Select the rest of the server settings — see the Create Cloud Server instructions for details.
Press Create.

Only SSH keys-for-project-and-service-user are available.

The SSH key and the server must be in the same pool.

Open OpenStack CLI.
Create a cloud server:
```
openstack server create \
    [--image <image> | --volume <volume> | --snapshot <snapshot>] \
    --flavor <flavor> \
    --availability-zone <pool_segment> \
    --nic net-id=<net_uuid> \
    --key-name <key_name> \
    <server_name>
```
Specify:
- source type:
  - --image <image> — to create a server from ready-made or own-image. The <image> parameter is the name or ID of the image, the list can be viewed with openstack image list;
  - --volume <volume> — to create a server from disk. The <volume> parameter is the name or ID of the disk, the list can be viewed with openstack volume list;
  - --snapshot <snapshot> — to create a server from snapshot. The <snapshot> parameter is the name or ID of the snapshot, the list can be viewed with openstack snapshot list;
- <flavor> — server flavor (configuration) name or ID, the list can be viewed with openstack flavor list — see the View Configuration List instructions for details;
- <pool_segment> — pool segment where the server will be created, the list can be viewed with openstack availability zone list;
- <net_uuid> — ID of the private or public network to which the server will connect, the list can be viewed with openstack network list;
- <key_name> is the name of the SSH key for the service user, the list can be viewed with openstack keypair list;
- optional: --block-device-mapping vdb=<extra_volume_name> — name of additional disk, the list can be viewed with openstack volume list;
- Optional: --tag <tag_name> --os-compute-api-version 2.52 — tag to add more information about the server;
- Optional: --tag preemptible --os-compute-api-version 2.72 — tag to create preemptible server;
- optional: --user-data <user_data.file> — path to the script with Base64 encoded data. Scripts and tasks from the script will be executed at the first boot of the operating system. You can see sample scripts in the User data instructions;
- <server_name> is the server name.

Host a public SSH key on an existing cloud server⁠

To access the cloud server via SSH, you need to add a public SSH key to the ~/.ssh/authorized_keys file on the server. You can add multiple keys, for example, if you need access for multiple users.

Public SSH keys can be placed in two ways:

copy key to server from local computer via ssh-copy-id command;
place key on server manually.

Copy a public SSH key from a local computer using ssh-copy-id⁠

The ssh-copy-id command adds the public SSH key to the end of the ~/.ssh/authorized_keys file. The command creates a directory and a file if they have not already been created.

From Linux/macOS
From Windows

Open the CLI on the local computer.
Copy the public SSH key to the cloud server:
```
ssh-copy-id -i <~/.ssh/id_rsa.pub> <username>@<ip_address>
```
Specify:
- <~/.ssh/id_rsa.pub> is the full path to the public key on the local computer;
- <username> is the username;
- <ip_address> is the public IP address of the server.
Enter the user's password.

Open cmd on the local computer.
Copy the public SSH key to the cloud server:
```
scp </path/to/file> <username>@<ip_address>:C:\Users\<username>\.ssh\authorized_keys
```
Specify:
- </path/to/file> is the full path to the public key on the local computer;
- <username> is the username;
- <ip_address> is the public IP address of the server.

Place a public SSH key on the server manually⁠

Open the public SSH key file on the local computer:
- Linux/macOS
- Windows
cat ~/.ssh/id_rsa.pub
type C:\Users\<username>\.ssh\id_rsa.pub
Copy the value of the public SSH key.
Connect to server.
Navigate to the .ssh directory:
```
cd .ssh
```
Create an authorized_keys file in the .ssh folder:
```
touch authorized_keys
```
Add a public SSH key to the authorized_keys file:
```
echo <public_ssh_key> >> ~/.ssh/authorized_keys
```
Specify <public_ssh_key>, which is the public SSH key you copied in step 2. It starts with ssh-rsa.

Configure access rights:

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

SSH keys for project and service user⁠

A public SSH key can be added to the cloud platform:

for cloud platform project;
or for service user with role Project Administrator or Project Supervisor.

	SSH key for project	SSH key for service user
How to add a key to the cloud platform	In the control panel under Cloud Platform → Access	In the control panel under User Management → tab Service Users → user page; will be added automatically when SSH keys are created via OpenStack CLI (openstack keypair create command); via API; via Terraform; via selvpc CLI
How to deploy to a cloud server when creating a server	In the Control Panel	Via OpenStack CLI (openstack server create command); via API; via Terraform
For which users is available	For all project users	For one service user with the roles Project Administrator or Project Supervisor
In which projects is available	In one project	In all projects to which the service user has been added
In which pools is available	Only in the pool to which it has been added	Available in all pools, if it has been added in the control panel under Available in all pools, if it has been added in the control panel under Available only in pools to which it was added via OpenStack CLI, API, Terraform, selvpc CLI
Where to see the list of keys	In the control panel under Cloud Platform → Access	In the control panel under User Management → tab Service Users → user page; via OpenStack CLI (openstack keypair list command); via API; via Terraform; via selvpc CLI

Create and host an SSH key on a cloud server

Create SSH keys⁠​

Add a public SSH key to the cloud platform⁠​

Place a public SSH key on a cloud server when creating a server⁠​

Host a public SSH key on an existing cloud server⁠​

Copy a public SSH key from a local computer using ssh-copy-id⁠​

Place a public SSH key on the server manually⁠​

SSH keys for project and service user⁠​