SSH key pairs allow users to connect to their Linux instances without requiring passwords, and it is the default access mechanism for almost all Linux images that you will use for OpenStack. Users can manage their own key pairs through the OpenStack Dashboard. Usually, this is the first task a new user has to do when given access to our OpenStack environment.
Load a web browser, point it to our OpenStack Dashboard address at http://192.168.100.117/
, and log in as a user in the default
domain, such as the developer
user, created in the Common OpenStack identity tasks recipe in Chapter 2, The OpenStack Client, with the cookbook4
password. The URL for our dashboard is same as the public load balancer IP as discussed in Chapter 1, Installing OpenStack with Ansible. If you need to find out at what URL your Horizon is, use public IP from the OpenStack catalog list as described in Chapter 3, Keystone – OpenStack Identity Service.
Management of the logged-in user's key pairs is achieved with the steps discussed in the following sections:
Key pairs can be added by performing the following steps:
developer
) ensuring that there are no spaces in the name, and then, click on the Create Key Pair button:Key pairs can be deleted by performing the following steps:
Once we click on the Delete Key Pair button, the key pair will be deleted.
If you have your own key pairs that you use to access other systems, these can be imported into our OpenStack environment so that you can continue to use them for accessing instances within our OpenStack Compute environment. To import key pairs, perform the following steps:
ssh-keygen -t rsa -f cookbook.key
cookbook.key
cookbook.key.pub
cookbook.key
file is our private key and has to be protected as it is the only key that matches the public portion of the cookbook.key.pub
key pair.cookbook.key.pub
. Once entered, click on the Import Key Pair button:Once completed, we see the list of key pairs available for that user, including our imported key pair:
Key pair management is important as it provides a consistent and secure approach for accessing our running instances. Allowing the user to create, delete, and import key pairs to use within their projects enables them to create more secure systems.
The OpenStack Dashboard allows a user to create key pairs easily. The user must ensure, though, that the private key that they download, is kept secure.
While deleting a key pair is simple, the user must remember that deleting a private key that is associated with running instances will remove access to the running system. Deleting a key pair from the dashboard will not delete keys from instances that are already running. Every key pair created is unique regardless of the name. The name is simply a label, but the unique fingerprint of the key is required and cannot be recreated.
Importing key pairs has the advantage that we can use our existing secure key pairs that we have been using outside of OpenStack, within our new private cloud environment. This provides a consistent user experience when moving from one environment to another.
3.144.8.90