Key pairs

Service Description

The Key Pair service is a feature that allows users to manage SSH key pairs for secure access to virtual machine (VM) instances. Key pairs consist of a private key and a public key, which are used for public-key cryptography to securely authenticate users when they log in to their instances.

Features

• SSH Key pair generation, so you can generate new key pairs directly through the cloud console or the OpenStack Client
• Import existing key pairs, so you can also import their existing SSH key pairs into your cloud projects (this is useful for users who already have a set of SSH keys that they use for secure access to other systems)
• Associate key pairs with instances, for when creating a new virtual machine instance, you can specify a key pair to be associated with the instance. The public key from the key pair is then injected into the instance, allowing the user to log in securely using the corresponding private key.
• Secure access, to eliminate the need for password-based authentication, providing a more secure way to access instances
• Management, so you can list, show details of, and delete key pairs through the cloud console or OpenStack Client
• Services integration, for a unified and end-to-end coordination of cloud services

Key concepts

• Virtual machines
• Instances
• Key pairs

How it works

1. Generate key pairs using the cloud console or the command-line interface (CLI). Download the private key and store it securely. The public key is stored in the Compute service.
2. When creating an instance, specify a key pair to associate with the instance. The public key from the key pair is then injected into the instance, typically into the ~/.ssh/authorized_keys file of the default user (e.g., ubuntu for Ubuntu instances).
3. To access the instance via SSH, use the corresponding private key as the authentication method. The SSH client uses the private key to create a secure, encrypted connection to the instance. Since the instance has the public key in its authorized keys, it can verify your identity and grant access.
4. Key pairs provide a more secure alternative to password-based authentication, as the private key is never transmitted over the network. You must keep your private keys secure and not share them.
5. You can create, list, show, and delete key pairs through the cloud console or CLI. It is possible to have multiple key pairs, allowing for different access credentials for different instances or users.

Key pairs console

• Key pairs console

Command line tools

• Key pair CLI reference

API methods

• Key pair API reference

See also

• Add an SSH key pair to your account