Skip to content

⚡ Create an SSH key pair

Summary
This tutorial shows you how to create an SSH key pair from the web interface and command line.
Internet
https://pouta.csc.fi/dashboard/project/key_pairs
flowchart LR
    A(Log in to<br>pouta.csc.fi) --> B(Select compute<br>and 'key pairs')
    B --> C{Import<br>existing key}
    subgraph existing [Import key]
        direction TB
        D(Click the<br>'Import public key'<br>button) --> E{Key pair<br>exists}
        E -->|No| F(Generate key pair in terminal with <code>ssh-keygen</code> command)
        E -->|Yes| G(Name the key pair and upload the <b>public</b> key)
        F --> G
    end
    subgraph poutakey [Generate key]
        direction LR
        H(Click the<br>'create a key pair'<br>button) --> I(Name the key pair and download the private key)
        I --> J(Fix the private key file access rights)
    end
    C -->|Yes| existing
    C -->|No| poutakey

Prerequisites

  1. cPouta service is enabled in the MyCSC project.

🟩 Procedure

Sign in to cPouta. Select 'Key Pairs' 1⃣ from the Compute menu on the left.

Click the '+ Create Key Pair' 2⃣ button.

Create a key pair

Enter a name for your key pair 3⃣, choose SSH Key 4⃣ key type and click the '+ Create Key Pair' 5⃣ button.

Name the key pair

The download of the private key will start automatically 6⃣.

Failure

Do not lose the private key. There is no way to re-download or recover it from cPouta or CSC.

Download the private key

Open the Terminal and change your location to the directory where the private key was downloaded.

Enter the command ssh-keygen -lf gold-key.pem (replace the filename with yours) and note the error message.

Use the command chmod 400 gold-key.pem to fix the error.

Terminal
$ ssh-keygen -lf gold-key.pem
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for 'gold-key.pem' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
gold-key.pem is not a key file.
$ chmod 400 gold-key.pem
$ ssh-keygen -lf gold-key.pem
2048 SHA256:A4A6xYaMxlreU3L0bUVc7ZPwroRAS5/TZLG01sZD+so no comment (RSA)
$ ▁

That's it!

You now have an SSH key pair that can be used to log in to virtual machine(s) associated with that key pair.

Import SSH public key

If you want to use an existing key pair or create your own (e.g. using a different cryptosystem), you can upload the public key in to the cPouta.

Note

By default OpenStack uses RSA 2048 bit cryptographic algorithm with its SSH keys.

In case you do not have an existing key pair, below is an example of how to create one from the command line in a directory called pouta_ssh_key.

Terminal
$ mkdir pouta_ssh_key
$ cd pouta_ssh_key
$ ssh-keygen -f gold-key-cli
Generating public/private ed25519 key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in gold-key-cli
Your public key has been saved in gold-key-cli.pub
The key fingerprint is:
SHA256:RgyTgepdI79ETQU+72hJ6unYMkxjpCN7yzEOr2YLN8Y cbrown@localhost
The key's randomart image is:
+--[ED25519 256]--+
|     .+o.o.      |
|    . .=.        |
|   .  .o*        |
|. o .++=.o       |
| * ..=+.S        |
|=.O...o.         |
|.@E=o. .         |
|.+O=  .          |
|*+o..            |
+----[SHA256]-----+
$ ▁

Note

The ssh-keygen example above is from the macOS environment. By default it uses the ED25519 cryptographic algorithm.

Click the ' Import Public Key' 7⃣ to upload the public key in to the cPouta environment.

Import the public key

Enter a name for your key pair 8⃣.

Select 'SSH Key' 9⃣ as the key type.

Click the 'Choose File' 1⃣0⃣ button and select the public key file, or copy and paste the contents of the public key file to upload.

Click the ' Import Public Key' 1⃣1⃣ button to confirm the upload.

Upload an existing key

That's it! You now have two keys in your key pair list. One generated within cPouta and one uploaded to the service.

To delete unwanted / obsolete (public) keys, you can click on the ' Delete Key Pair' 1⃣2⃣ button(s).

List of keys

OpenStack CLI

🌵 Here is an optional way to create an SSH key pair from the command line using the openstack command. Note that the CLI tools must be installed.

In the same way that you can ask the openstack environment to generate a key pair from the web interface, you can do the same from the CLI.

openstack keypair create gentoo-access-key > gentoo-access-key.pem

This command creates a file called gentoo-access-key.pem, which is your private key.

Keep it safe.

An existing key pair can be uploaded with a command:

openstack keypair create --public-key ~/pouta_ssh_key/gold-key-cli.pub gold-key-cli-from-cmd

where the ~/pouta_ssh_key/gold-key-cli.pub is the public SSH key file with full path and gold-key-cli-from-cmd is a keypair name parameter that will appear in the list of keys in the OpenStack environment.

Existing keys can be listed:

openstack keypair list

and details of a key pair are available with a command:

openstack keypair show <keypair-name>

Further Learning

Here are some suggestions for what to read next: