The Secure Shell (SSH) key pairs allow users to connect to Linux instances without requiring to input passwords and is the default access mechanism for almost all Linux images that you will use for OpenStack. Users can manage their own key pairs through the OpenStack Dashboard. Usually, this is the first task a new user has to do when given access to our OpenStack environment.
Load a web browser, point it to our OpenStack Dashboard address at http://192.168.100.200/, and log in as a user, such as the demo user created in the Adding users to Keystone recipe of Chapter 1, Keystone – OpenStack Identity Service, with the password openstack.
Management of the logged-in user's key pairs is achieved with the steps discussed in the following sections.
Key pairs can be added by performing the following steps:
- A new key pair can be added to our system by clicking on the Access & Security tab under the Project | Compute section:
- We will now see a screen allowing access to security settings and key pair management. Under the Key Pairs tab, there will be a list of valid key pairs that we can use when launching and accessing our instances. To create a new key pair, click on the Create Key Pair button:
- On the Create Key Pair screen, type in a meaningful name (for example,
demo) ensuring there are no spaces in the name, and then click on the Create Key Pair button:
- Once the key pair is created, we will be asked to save the private key portion of our key pair on the disk:
- Click on the Access & Security tab to return to our list of key pairs. We will now see the newly created key pair listed. When launching instances, we can select this new key pair and gain access to it only by using the private key that we have stored locally:
Key pairs can be deleted by performing the following steps:
- When key pairs are no longer required, we can delete them from our OpenStack environment. To do so, click on the Access & Security tab on the left of the screen.
- We will then be presented with a screen allowing access to security settings and key pair management, as shown in the following screenshot. Under Key Pairs, there will be a list of key pairs that we can use to access our instances. To delete a key pair from our system, click on the Delete Key Pair button for the key pair that we want to delete:
- We will be presented with a confirmation dialog box:
Once we click on the Delete Key Pair button, the key pair will be deleted.
If you have your own key pairs that you use to access other systems, these can be imported into your OpenStack environment so that you can continue to use them for accessing instances within your OpenStack Compute environment. To import key pairs, perform the following steps:
- We can import key pairs that have been created in our traditional Linux-based environments into our OpenStack setup. If you don't have one already, run the following command from your Linux-based or other Unix-based host:
ssh-keygen -t rsa -N "" -f id_rsa - This will produce the following two files on our client:
.ssh/id_rsa.ssh/id_rsa.pub
- The
.ssh/id_rsafile is our private key and has to be protected, as it is the only key that matches the public portion of the key pair:.ssh/id_rsa.pub. - We can import this public key to use in our OpenStack environment so that, when an instance is launched, the public key is inserted into our running instance. To import the public key, ensure that you're at the Access & Security screen, and, then, under Key pairs, click on the Import Key Pair button:
- We are presented with a screen that asks us to name our key pair and paste in the contents of our public key, as shown in the following screenshot. So, name the key pair and then copy-and-paste the contents of the public key into the space—for example, the contents of
.ssh/id_rsa.pub. Once entered, click on the Import Key Pair button:
Once completed, we see the list of key pairs available for that user, including our imported key pair:
Key pair management is important, as it provides a consistent and secure approach for accessing our running instances. Allowing the user to create, delete, and import key pairs to use within their tenants enables them to create more secure systems.
The OpenStack Dashboard allows a user to create key pairs easily. The user must ensure, though, that the private key that he/she downloads is kept secure.
While deleting a key pair is simple, the user must remember that deleted key pairs that are associated with running instances will remove access to the running system. Every key pair created is unique, regardless of the name. The name is simply a label, but the unique fingerprint of the key is required and cannot be recreated.
Importing key pairs has the advantage that we can use our existing secure key pairs that we have been using outside OpenStack within our new private cloud environment. This provides a consistent user experience when moving from one environment to another.