.. _Key Pairs: ======== SSH keys ======== .. role:: redbutton .. role:: whitebutton .. role:: bluebutton VM images used with OpenStack are typically designed to be configured automatically at first boot using cloud-init. In particular, cloud-init allows to install public SSH keys into the VMs so that access is granted to the adminstrator of the VM. OpenStack can leverage this feature to install public SSH keys created or registered as OpenStack *key pair* resources. The public keys to install can be selected at instance creation time using the web UI or the CLI. .. warning:: Key pairs managed by OpenStack can only be associated with a VM on first boot. Once the VM has been booted, the SSH server configuration can be further managed directly from within the VM operating system. The panel to manage **Key Pairs** can be accessed under the Compute section .. image:: keypairs.png Importing an existing SSH public key ==================================== OpenStack allows you to import the public key of an existing SSH key pair using the :whitebutton:`Import Public Key` button. The following modal dialog is displayed : .. image:: importkeypair.png Here you have to : * Name the key pair * Select **SSH Key** as the **Key Type** From there, you have two options : * Load it from a file by clicking :whitebutton:`Browse...` * Paste it in the **Public Key** Text Area. Then click the :bluebutton:`Import Public Key` button. Please refer to the official `SSH documentation `_ to find out more about SSH Keys generation. Generating the SSH key pair within Open Stack ============================================= Click on the :whitebutton:`+ Create Key Pair` button in order to bring this modal dialog : .. image:: createkeypair.png Select **SSH Key** and name the key pair. The public key will be added to your list of keys while the private key will be downloaded by your browser. Take care of this private key to ensure it won't be stolen or lost. Store it in a dedicated folder with strict permissions, do not leave it to your default `Download` folder. You will not be able to download it again from the interface.