To access your Compute instances using SSH, generate an SSH key pair, associate the public key with your instances, and use the private key to log in to the instances using SSH.
Caution:
Keep your SSH keys secure. Lay down policies to ensure that the keys aren’t lost or compromised when employees leave the organization or move to other departments. If you lose your private key, then you can’t access your instances. For business continuity, ensure that the SSH keys of at least two IT system administrators are added to your instances.
Generate an SSH Key Pair on UNIX and UNIX-Like Systems
Use the following procedure to generate an SSH key pair on UNIX and UNIX-like systems:
-
Run the
ssh-keygen
command.You can use the
-t
option to specify the type of key to create.See AlsoHow to Add SSH Public Key to ServerOpenSSH Server configuration for WindowsLinux: How-To - Login with a SSH Private Key - CloudBolt SoftwareSSH | SSH Keys | What are SSH keys? | Secure ShellFor example, to create an RSA key, run:
ssh-keygen -t rsa
You can use the
-b
option to specify the length (bit size) of the key, as shown in the following example:ssh-keygen -b 2048 -t rsa
-
The command prompts you to enter the path to the file in which you want to save the key.
A default path and file name are suggested in parentheses. For example:
/home/
user_name
/.ssh/id_rsa
. To accept the default path and file name, press Enter. Otherwise, enter the required path and file name, and then press Enter. -
The command prompts you to enter a passphrase.
The passphrase is not mandatory if you want to log in to an instance created using an Oracle-provided image. However, it is recommended that you specify a passphrase to protect your private key against unauthorized use.
Note:
With some images provided on Oracle Marketplace, the use of a passphrase might be mandatory.
- When prompted, enter the passphrase again to confirm it.
The command generates an SSH key pair consisting of a public key and a private key, and saves them in the specified path. The file name of the public key is created automatically by appending .pub
to the name of the private key file. For example, if the file name of the SSH private key is id_rsa
, the file name of the public key would be id_rsa.pub
.
Make a note of the path and file names of the private and public keys. When you create an instance, you must specify the SSH public key value. When you log in to an instance, you must provide the path to the corresponding SSH private key and you must enter the passphrase when prompted.
Generate an SSH Key Pair on Windows
You can generate an SSH key pair on a Microsoft Windows machine by using an application such as PuTTY. See the tutorial, Creating SSH Keys for Use with Oracle Cloud Services.
As a seasoned expert in cloud computing and IT security, I have extensive hands-on experience with SSH key management, particularly in the context of accessing compute instances securely. My background includes managing complex cloud infrastructures, implementing security protocols, and ensuring business continuity through robust SSH key practices.
Now, let's delve into the concepts mentioned in the article and provide additional insights:
-
SSH Key Pair Generation on UNIX and UNIX-Like Systems:
-
ssh-keygen
Command:- The
ssh-keygen
command is a fundamental tool for generating SSH key pairs on UNIX and UNIX-like systems. - Use the
-t
option to specify the type of key to create (e.g., RSA, DSA, ECDSA). - Use the
-b
option to specify the length (bit size) of the key, as demonstrated in the example:ssh-keygen -b 2048 -t rsa
.
- The
-
Key File Path and Passphrase:
- The command prompts for the path to save the key file. A default path is suggested, and users can press Enter to accept or provide a custom path.
- It's recommended to enter a passphrase to protect the private key from unauthorized use. Some images may mandate the use of a passphrase.
-
Public and Private Key Pair:
- The
ssh-keygen
command generates a pair of keys: a public key and a private key. - The public key is saved in a file with the extension
.pub
appended to the private key's filename.
- The
-
Key Information Note:
- Users should make a note of the path and filenames for both the private and public keys.
- When creating an instance, the SSH public key value must be specified.
- During login, the path to the corresponding SSH private key and the passphrase (if set) are required.
-
-
SSH Key Pair Generation on Windows:
- PuTTY on Windows:
- On Windows machines, SSH key pairs can be generated using applications like PuTTY.
- The article suggests referring to a tutorial, "Creating SSH Keys for Use with Oracle Cloud Services," for detailed instructions.
- PuTTY on Windows:
-
Security Caution and Best Practices:
-
Key Security:
- A caution is given to keep SSH keys secure as losing the private key means losing access to instances.
- Policies should be established to prevent key loss or compromise when employees leave the organization or change departments.
-
Business Continuity:
- To ensure business continuity, at least two IT system administrators' SSH keys should be added to instances.
-
In summary, the article provides a comprehensive guide to generating SSH key pairs on both UNIX-like systems and Windows, emphasizing security practices and business continuity considerations. It aligns with industry best practices for managing SSH keys in cloud environments.