ssh-key-auth-flow

Cisco Intercloud Services–Creating SSH Keys

This blog post is intended to get you up and running with SSH Keys in Cisco Intercloud Services.

SSH keys provide you with a more secure way to authenticate. SSH keys are based on a public and private key pair, and are deemed to be more secure than passwords. They have been rated as almost impossible to decipher using a brute force style attack.

The public key is placed on the server and the private key is what is kept safe and secure.

In addition to keeping the private key secure, you can also chose to secure it with an additional passphrase, which we will do in the example below.

When the two keys match, you are granted access. Please refer to the image that describes the authentication flow in this posts header image.

Generating your first SSH Key Pair

There are a number of ways to create a new SSH key pair with the most common options being:

  1. PuTTYgen
  2. OpenSSL
  3. ssh-keygen

Today we are going to take a look at creating your new key pair using PuTTYgen.

To create your key pair, please follow these steps:

  1. Download the appropriate version of PuTTYgen from here.
  2. Run the PuTTYgen executable file – you should see the image below
    image
  1. Click on the Generate button to start creating your new key pair – see “1.” in the image above.
  2. Move your mouse around in the red box to generate the random key values – see “2.” in the image above.
  3. Once your key has been generated, you will be presented with an updated screen with additional options that allow you to:

    1. Update the key name / comment
    2. Set a pass phrase
    3. Save the public and private keys

    image

  4. Once you have updated your comment / description and set the passphrase, please save both your public and private keys.
  5. The next step is to copy your public key – this is in the red box in the image below
    image

That’s it, you have successfully created your first SSH Key Pair.

Uploading your first SSH Key to Cisco Intercloud Services

There are two ways in which you can upload your new SSH Key Pair into Cisco Intercloud services (CIS),

  1. By using the OpenStack APIs
  2. By using the OpenStack Horizon web portal

In this example we are going to use the OpenStack Horizon web portal based in Melbourne Region 1.

To upload your new public key, please follow these steps:

  1. Log into the Horizon web portal
  2. Click on the Access & Security link in the left hand menu, below Compute
  3. Click on the Key Pairs tab at the top of the screen
    image
  4. Click on the Import Key Pair button
  5. Name your Key Pair. Ensure that the name is something you can relate to.
  6. Paste the Public Key content that we copied in Step 7 above into the Public Key field
    image
    Please ensure that your public key format is the same as the one in the image above.
  7. Click on Import Key Pair

That’s it, you have should now see your newly imported key pair in the list within the Horizon console.