Introduction to Keypairs

Affected Version(s):  [All]

Eucalyptus uses cryptographic keypairs to verify access to virtual machine instances.  Before you can run your own instance, you must create a keypair using the euca-add-keypair command, which is part of the euca2ools package. 


Creating a keypair generates two keys: a public key (saved within Eucalyptus) and a corresponding private key (output to the user as a character string).  To enable this private key, you must save it to a file and set appropriate access permissions.


  • Eucalyptus configured with an available Linux image
  • Linux command line tools and the euca2ools package are installed
  • You are performing these actions as a user created on the cloud and that you have already downloaded and source your access credentials

Generating keys

Run the following command to generate a keypair:

# euca-add-keypair mykey | tee mykey.private

Next, set the appropriate permissions on your private key so that only yourself as the user can access it:

# chmod 0600 mykey.private

Then you can view the public key that Eucalyptus has stored for your user:

# euca-describe-keypairs

Using your keys

When you create a virtual machine instance, the public key is injected into the VM using the metadata service on boot.  When you attempt to login to the instance via SSH, the public key is checked against your private key to verify access.

When you run an instance with the euca-run-instance you can add the "-k" switch to tell Eucalyptus to inject your keypair:

# euca-run-instance -k mykey -i <image_ID>

View your instance with the following command, noting the IP address which you'll want  to SSH to.

# euca-describe-instances

Ensure you have allowed port 22 (SSH) traffic to your instance by editing the default security group.  The example below permits SSH access from any network.:

# euca-authorize -P tcp -p 22 -s default

Next, you can log into your instance using SSH and your private key:

# ssh -i mykey.private root@<IP_address>

Maintaining your keys

Note that if you delete your public key in Eucalyptus, your private key becomes obsolete.  You can delete your keypair using the following command:

# euca-delete-keypair <keypair_name>

Recommended Reading

If you want to know more about public and private key crypography, see here.

Have more questions? Submit a request


Powered by Zendesk