Instance SSH Keys#
In addition to the username and password authentication, Zergaw CloudStack supports using SSH keys to log in to the cloud infrastructure for additional security. You can use the createSSHKeyPair API to generate the SSH keys.
Because each cloud user has their own SSH key, one cloud user cannot log in to another cloud user’s Instances unless they share their SSH key files. Using a single SSH key pair, you can manage multiple Instances.
Creating the SSH Keypair#
Log in to the UI.
In the left navigation bar, click Compute –> SSH Key Pairs.
Click Create a SSH Key Pair.
In the dialog, make the following choices:
Name: Any desired name for the SSH Key Pair.
Public key: (Optional) Public key material of the SSH Key Pair.
Note
If this field is filled in, CloudStack will register the public key. If this field is left blank, CloudStack will create a new SSH key pair.
Domain: (Optional) domain for the SSH Key Pair.
Note
If Cloudstack generates a New SSH Key Pair using a public key, it will not save the private key. When shown, be sure to save a copy of it.
You can also use the createSSHKeyPair api method to create an SSH Keypair. You can either
use the CloudStack Python API library or the curl commands to make the
call to the cloudstack api.
Logging In Using the SSH Keypair#
To test your SSH key generation is successful, check whether you can log in to the cloud setup.
For example, from a Linux OS, run:
ssh -i ~/.ssh/keypair-doc <ip address>
The -i parameter tells the ssh client to use a ssh key found at ~/.ssh/keypair-doc.
Resetting SSH Keys#
A lost or compromised SSH keypair can be changed, and the user can access the Instance by using the new keypair.
Log in to the UI.
In the left navigation bar, click Compute –> Instances.
Choose the Instance.
Click on Reset SSH Key Pair button the Instance.
Note
The Instance must be in a Stopped state.
Select the SSH Key Pair(s) to add to instance
Note
This can also be performed via API: resetSSHKeyForVirtualMachine: Resets the assigned SSH keypair for an Instance.