Affected Version(s): [All]
Eucalyptus uses cryptographic keypairs to verify access to virtual machine instances. Before you can run your own instance, you must create a keypair using the euca-add-keypair command, which is part of the euca2ools package.
Creating a keypair generates two keys: a public key (saved within Eucalyptus) and a corresponding private key (output to the user as a character string). To enable this private key, you must save it to a file and set appropriate access permissions.
- Eucalyptus configured with an available Linux image
- Linux command line tools and the euca2ools package are installed
- You are performing these actions as a user created on the cloud and that you have already downloaded and source your access credentials
Run the following command to generate a keypair:
# euca-add-keypair mykey | tee mykey.private
Next, set the appropriate permissions on your private key so that only yourself as the user can access it:
# chmod 0600 mykey.private
Then you can view the public key that Eucalyptus has stored for your user:
Using your keys
When you create a virtual machine instance, the public key is injected into the VM using the metadata service on boot. When you attempt to login to the instance via SSH, the public key is checked against your private key to verify access.
When you run an instance with the euca-run-instance you can add the "-k" switch to tell Eucalyptus to inject your keypair:
# euca-run-instance -k mykey -i <image_ID>
View your instance with the following command, noting the IP address which you'll want to SSH to.
Ensure you have allowed port 22 (SSH) traffic to your instance by editing the default security group. The example below permits SSH access from any network.:
# euca-authorize -P tcp -p 22 -s 0.0.0.0/0 default
Next, you can log into your instance using SSH and your private key:
# ssh -i mykey.private root@<IP_address>
Maintaining your keys
Note that if you delete your public key in Eucalyptus, your private key becomes obsolete. You can delete your keypair using the following command:
# euca-delete-keypair <keypair_name>
If you want to know more about public and private key crypography, see here.