apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-12-19 12:03:50 +01:00
Code Issues Packages Projects Releases Wiki Activity
cloudstack/docs/tmp/en-US/html/using-sshkeys.html

75 lines
9.3 KiB
HTML
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>5.2. Using SSH Keys for Authentication</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Apache_CloudStack-Admin_Guide-4.0.0-incubating-en-US-1-" /><link rel="home" href="index.html" title="CloudStack Administrator's Guide" /><link rel="up" href="ui.html" title="Chapter 5. User Interface" /><link rel="prev" href="log-in.html" title="5.1. Log In to the UI" /><link rel="next" href="projects.html" title="Chapter 6. Using Projects to Organize Users and Resources" /></head><body><p id="title"><a class="left" href="http://cloudstack.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.cloudstack.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="log-in.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="projects.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="section" id="using-sshkeys" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="using-sshkeys">5.2. Using SSH Keys for Authentication</h2></div></div></div><div class="para">
In addition to the username and password authentication, CloudStack supports using SSH keys to log in to the cloud infrastructure for additional security. You can use the createSSHKeyPair API to generate the SSH keys.
</div><div class="para">
Because each cloud user has their own SSH key, one cloud user cannot log in to another cloud user's instances unless they share their SSH key files. Using a single SSH key pair, you can manage multiple instances.
</div><div class="section" id="create-ssh-template"><div class="titlepage"><div><div><h3 class="title" id="create-ssh-template">5.2.1.  Creating an Instance Template that Supports SSH Keys</h3></div></div></div><div class="para">
Create a instance template that supports SSH Keys.
</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
Create a new instance by using the template provided by cloudstack.
</div><div class="para">
For more information on creating a new instance, see
</div></li><li class="listitem"><div class="para">
Download the cloudstack script from <a href="http://sourceforge.net/projects/cloudstack/files/SSH%20Key%20Gen%20Script/">The SSH Key Gen Script</a>to the instance you have created.
</div><pre class="programlisting">wget http://downloads.sourceforge.net/project/cloudstack/SSH%20Key%20Gen%20Script/cloud-set-guest-sshkey.in?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fcloudstack%2Ffiles%2FSSH%2520Key%2520Gen%2520Script%2F&amp;ts=1331225219&amp;use_mirror=iweb</pre></li><li class="listitem"><div class="para">
Copy the file to /etc/init.d.
</div><pre class="programlisting">cp cloud-set-guest-sshkey.in /etc/init.d/</pre></li><li class="listitem"><div class="para">
Give the necessary permissions on the script:
</div><pre class="programlisting">chmod +x /etc/init.d/cloud-set-guest-sshkey.in</pre></li><li class="listitem"><div class="para">
Run the script while starting up the operating system:
</div><pre class="programlisting">chkconfig --add cloud-set-guest-sshkey.in</pre></li><li class="listitem"><div class="para">
Stop the instance.
</div></li></ol></div></div><div class="section" id="create-ssh-keypair"><div class="titlepage"><div><div><h3 class="title" id="create-ssh-keypair">5.2.2. Creating the SSH Keypair</h3></div></div></div><div class="para">
You must make a call to the createSSHKeyPair api method. You can either use the CloudStack Python API library or the curl commands to make the call to the cloudstack api.
</div><div class="para">
For example, make a call from the cloudstack server to create a SSH keypair called "keypair-doc" for the admin account in the root domain:
</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
Ensure that you adjust these values to meet your needs. If you are making the API call from a different server, your URL/PORT will be different, and you will need to use the API keys.
</div></div></div><div class="orderedlist"><ol><li class="listitem"><div class="para">
Run the following curl command:
</div><pre class="programlisting">curl --globoff "http://localhost:8096/?command=createSSHKeyPair&amp;name=keypair-doc&amp;account=admin&amp;domainid=5163440e-c44b-42b5-9109-ad75cae8e8a2"</pre><div class="para">
The output is something similar to what is given below:
</div><pre class="programlisting">&lt;?xml version="1.0" encoding="ISO-8859-1"?&gt;&lt;createsshkeypairresponse cloud-stack-version="3.0.0.20120228045507"&gt;&lt;keypair&gt;&lt;name&gt;keypair-doc&lt;/name&gt;&lt;fingerprint&gt;f6:77:39:d5:5e:77:02:22:6a:d8:7f:ce:ab:cd:b3:56&lt;/fingerprint&gt;&lt;privatekey&gt;-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQCSydmnQ67jP6lNoXdX3noZjQdrMAWNQZ7y5SrEu4wDxplvhYci
dXYBeZVwakDVsU2MLGl/K+wefwefwefwefwefJyKJaogMKn7BperPD6n1wIDAQAB
AoGAdXaJ7uyZKeRDoy6wA0UmF0kSPbMZCR+UTIHNkS/E0/4U+6lhMokmFSHtu
mfDZ1kGGDYhMsdytjDBztljawfawfeawefawfawfawQQDCjEsoRdgkduTy
QpbSGDIa11Jsc+XNDx2fgRinDsxXI/zJYXTKRhSl/LIPHBw/brW8vzxhOlSOrwm7
VvemkkgpAkEAwSeEw394LYZiEVv395ar9MLRVTVLwpo54jC4tsOxQCBlloocK
lYaocpk0yBqqOUSBawfIiDCuLXSdvBo1Xz5ICTM19vgvEp/+kMuECQBzm
nVo8b2Gvyagqt/KEQo8wzH2THghZ1qQ1QRhIeJG2aissEacF6bGB2oZ7Igim5L14
4KR7OeEToyCLC2k+02UCQQCrniSnWKtDVoVqeK/zbB32JhW3Wullv5p5zUEcd
KfEEuzcCUIxtJYTahJ1pvlFkQ8anpuxjSEDp8x/18bq3
-----END RSA PRIVATE KEY-----
&lt;/privatekey&gt;&lt;/keypair&gt;&lt;/createsshkeypairresponse&gt;</pre></li><li class="listitem"><div class="para">
Copy the key data into a file. The file looks like this:
</div><pre class="programlisting">-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQCSydmnQ67jP6lNoXdX3noZjQdrMAWNQZ7y5SrEu4wDxplvhYci
dXYBeZVwakDVsU2MLGl/K+wefwefwefwefwefJyKJaogMKn7BperPD6n1wIDAQAB
AoGAdXaJ7uyZKeRDoy6wA0UmF0kSPbMZCR+UTIHNkS/E0/4U+6lhMokmFSHtu
mfDZ1kGGDYhMsdytjDBztljawfawfeawefawfawfawQQDCjEsoRdgkduTy
QpbSGDIa11Jsc+XNDx2fgRinDsxXI/zJYXTKRhSl/LIPHBw/brW8vzxhOlSOrwm7
VvemkkgpAkEAwSeEw394LYZiEVv395ar9MLRVTVLwpo54jC4tsOxQCBlloocK
lYaocpk0yBqqOUSBawfIiDCuLXSdvBo1Xz5ICTM19vgvEp/+kMuECQBzm
nVo8b2Gvyagqt/KEQo8wzH2THghZ1qQ1QRhIeJG2aissEacF6bGB2oZ7Igim5L14
4KR7OeEToyCLC2k+02UCQQCrniSnWKtDVoVqeK/zbB32JhW3Wullv5p5zUEcd
KfEEuzcCUIxtJYTahJ1pvlFkQ8anpuxjSEDp8x/18bq3
-----END RSA PRIVATE KEY-----</pre></li><li class="listitem"><div class="para">
Save the file.
</div></li></ol></div></div><div class="section" id="creating-ssh-instance"><div class="titlepage"><div><div><h3 class="title" id="creating-ssh-instance">5.2.3. Creating an Instance</h3></div></div></div><div class="para">
After you save the SSH keypair file, you must create an instance by using the template that you created at <a class="xref" href="using-sshkeys.html#create-ssh-template">Section 5.2.1, “ Creating an Instance Template that Supports SSH Keys”</a>. Ensure that you use the same SSH key name that you created at <a class="xref" href="using-sshkeys.html#create-ssh-keypair">Section 5.2.2, “Creating the SSH Keypair”</a>.
</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
You cannot create the instance by using the GUI at this time and associate the instance with the newly created SSH keypair.
</div></div></div><div class="para">
A sample curl command to create a new instance is:
</div><pre class="programlisting">curl --globoff http://localhost:&lt;port numbet&gt;/?command=deployVirtualMachine\&amp;zoneId=1\&amp;serviceOfferingId=18727021-7556-4110-9322-d625b52e0813\&amp;templateId=e899c18a-ce13-4bbf-98a9-625c5026e0b5\&amp;securitygroupids=ff03f02f-9e3b-48f8-834d-91b822da40c5\&amp;account=admin\&amp;domainid=1\&amp;keypair=keypair-doc</pre><div class="para">
Substitute the template, service offering and security group IDs (if you are using the security group feature) that are in your cloud environment.
</div></div><div class="section" id="logging-in-ssh"><div class="titlepage"><div><div><h3 class="title" id="logging-in-ssh">5.2.4. Logging In Using the SSH Keypair</h3></div></div></div><div class="para">
To test your SSH key generation is successful, check whether you can log in to the cloud setup.
</div><div class="para">
For exaple, from a Linux OS, run:
</div><pre class="programlisting">ssh -i ~/.ssh/keypair-doc &lt;ip address&gt;</pre><div class="para">
The -i parameter tells the ssh client to use a ssh key found at ~/.ssh/keypair-doc.
</div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="log-in.html"><strong>Prev</strong>5.1. Log In to the UI</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="projects.html"><strong>Next</strong>Chapter 6. Using Projects to Organize Users and R...</a></li></ul></body></html>
Reference in New Issue View Git Blame Copy Permalink