Overview
An SSH key is required to deploy a virtual machine.
You can use this document to generate an SSH key from your local computer and then later add the key to your deployed services.
SSH access allows you to connect to your instances securely without having to manage credentials for multiple instances. Multiple SSH keys can be added to workloads to allow more than one user to connect and manage the virtual machine.
Create keys on Linux / MacOS
Before you create a new key, StackPath recommends that you check to see if you have an existing key.
To check for existing keys:
- In a terminal, execute the following command to list all files in your .ssh directory that start with id_:
ls ~/.ssh/id_*
- If you do not see an output or if you see No such file or directory, then you do not have any keys present.
If you see an output similar to the following, then you already have SSH keys:
$ ls ~/.ssh/id_*
/Users/user/.ssh/id_rsa /Users/user/.ssh/id_rsa.pub
If you already have an existing key, you can still create a new key. In this case, StackPath recommends that you backup your current keys.
To create a new key:
- In a terminal, run the following command. Update the comment to make the easier to identify.
ssh-keygen -t rsa -C "user@stackpath.com"
- The output will display the default location to save your key (~/.ssh/id_rsa). Press Enter to accept.
- Enter a passphrase, and then press Enter to confirm.
- You will need to follow this step twice to confirm that passphrase is correct.
- The output will display your new key.
After you create key, you must then add the key to the virtual workload. To learn more, see Add a key to a virtual machine workload.
Create keys on Windows
Before you create a new key, StackPath recommends that you check to see if you have an existing key.
To check for existing keys:
- In a terminal, execute the following command to list all files in your .ssh directory that start with id_:
dir "%userprofile%\.ssh\id_*"
- If you do not see an output or if you see No such file or directory, then you do not have any keys present.
If you see an output similar to the following, then you already have SSH keys:
C:\Users\User>dir "%userprofile%\.ssh\id_*"
Directory of C:\Users\User\.ssh
03/21/2019 01:03 PM 1,766 id_rsa
03/21/2019 01:03 PM 401 id_rsa.pub
2 File(s) 2,167 bytes 0 Dir(s) 16,978,898,944 bytes free
If you already have an existing key, you can still create a new key. In this case, StackPath recommends that you backup your current keys.
To create a new key:
- In a terminal, run the following command. Update the comment to make the easier to identify.
ssh-keygen -t rsa -C "user@stackpath.com"
- The output will display the default location to save your key (%userprofile%\.ssh\id_rsa). Press Enter to accept.
- Enter a passphrase, and then press Enter to confirm.
- You will need to follow this step twice to confirm that passphrase is correct.
- The output will display your new key.
After you create key, you must then add the key to the virtual workload. To learn more, see Add a key to a virtual machine workload.
Add a key to a virtual machine
After you create an SSH key pair, you must add the public key to a remote location where you can SSH into. The SSH host machine (your local computer) will use its private key to encrypt the connection, while the remote machine will use the public key to decrypt the connection.
To SSH into a virtual machine workload, the remote VM must have the following configurations:
- SSH configured port open to incoming connections (Default 22)
- Your SSH public key in the remote machine's ~/.ssh/authorized_keys file
- In the StackPath Control Portal, in the left-side navigation, click Edge Compute.
- In the Workloads section, locate the desired workload, and then click the corresponding ellipses under Action.
- Click Edit.
- Next to Workload Settings, click Edit.
- For Public Ports, enter 22 and select TCP.
- In the field, enter your id_rsa.pub.
- To enter multiple keys, separate each key with a line break.
- Save your changes.
- Your virtual machine will deploy with the firewall open to connections on port 22. The public SSH key will be uploaded to the virtual machine's authorized keys file.