The Secure Shell (SSH) key pairs allow users to connect to Linux instances without requiring to input passwords and is the default access mechanism for almost all Linux images that you will use for OpenStack. Users can manage their own key pairs through the OpenStack Dashboard. Usually, this is the first task a new user has to do when given access to our OpenStack environment.
Load a web browser, point it to our OpenStack Dashboard address at http://192.168.100.200/
, and log in as a user, such as the demo
user created in the Adding users to Keystone recipe of Chapter 1, Keystone – OpenStack Identity Service, with the password openstack
.
Management of the logged-in user's key pairs is achieved with the steps discussed in the following sections.
Key pairs can be added by performing the following steps:
demo
) ensuring there are no spaces in the name, and then click on the Create Key Pair button:Key pairs can be deleted by performing the following steps:
Once we click on the Delete Key Pair button, the key pair will be deleted.
If you have your own key pairs that you use to access other systems, these can be imported into your OpenStack environment so that you can continue to use them for accessing instances within your OpenStack Compute environment. To import key pairs, perform the following steps:
ssh-keygen -t rsa -N "" -f id_rsa
.ssh/id_rsa
.ssh/id_rsa.pub
.ssh/id_rsa
file is our private key and has to be protected, as it is the only key that matches the public portion of the key pair: .ssh/id_rsa.pub
..ssh/id_rsa.pub
. Once entered, click on the Import Key Pair button:Once completed, we see the list of key pairs available for that user, including our imported key pair:
Key pair management is important, as it provides a consistent and secure approach for accessing our running instances. Allowing the user to create, delete, and import key pairs to use within their tenants enables them to create more secure systems.
The OpenStack Dashboard allows a user to create key pairs easily. The user must ensure, though, that the private key that he/she downloads is kept secure.
While deleting a key pair is simple, the user must remember that deleted key pairs that are associated with running instances will remove access to the running system. Every key pair created is unique, regardless of the name. The name is simply a label, but the unique fingerprint of the key is required and cannot be recreated.
Importing key pairs has the advantage that we can use our existing secure key pairs that we have been using outside OpenStack within our new private cloud environment. This provides a consistent user experience when moving from one environment to another.