SSH keys provide a secure and efficient way to access the console of your node using SSH, eliminating the need for password-based authentication.
When you add an Edge Node (formerly Edge iNode) or a Virtual Edge Node (formerly Virtual Edge iNode), you must provision it for SSH key authentication. If the node has already been provisioned, you can edit the configuration to add SSH key authentication. For nodes not yet connected to the Secure Edge Portal, or if you are unable to access them, you can use the default SSK key, as explained in Accessing an Edge Node console.
This article describes the steps involved to set up and use SSH key authentication:
- Create an SSH public-private key pair
- Associate the public key with the node
- Access the node console via SSH using the private key
Create an SSH public-private key pair
To create an SSH key pair on a Linux or Mac computer, use the ssh-keygen tool. On a Windows computer, use the PuTTYgen tool. In this example, we use ssh-keygen.
- Enter the ssh-key-gen command and specify a secure directory location and filename for the key.Shell
>ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key: /home/mycompanykeys/inode1keyfile - A prompt appears to enter a passphrase (optional). Enter a passphrase or press Return to continue without a passphrase. If you set a passphrase, you will need to enter it when using the key to connect.
- A second prompt asks you to re-enter the passphrase. Again, enter a passphrase or leave blank, and press Return to continue.
Enter passphrase (empty for no passphrase): Enter same passphrase again: - Once generated, ssh-keygen confirms the file locations of your public/private key pair. The public key (with the extension .pub) is what you'll associate with the node. Keep the private key (identification) secure and don’t share it with anyone.
Your identication has been saved in /home/mycompanykeys/inode1keyfile. Your public key has been saved in /home/mycompanykeys/inode1keyfile.pub. - To view the public key, use the cat command and then copy its contents for later use in the Secure Edge Portal.Shell
>cat /home/mycompanykeys/inode1keyfile.pub ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDknV6A+5cMPi5KMB/sKNTOlgbfhU6UiUyftE0sXQV6kKnqPgeMMuAsD7NIcLIEXix8s1ZFRw0f82JW8a0YkLzvbfyWDGpTFvL2g7JWLA6rej2VbdjwbAj3ZW8yUOYXNDQZSCHw0DOkPKEsyDIYZAs7Qi2ivrGlKUg0MkgDrJuxJgCwMLP3Dtb8ANdomAyVaX36sVqOoSmsyIwSCFxJpWrsKUTzjv1Ab4/qyeeOFgxwYe7Pr4AzNDMLyd4Qw7LQxreptFfSSkT/TVVar6vwaBWcHxtZaQX7O+VIni6DUlIAqFvzYxYSGvslgBiTI45q+rMA7/+2kcm/eEZOpjzN9+t/
Associating a public key with a node
To associate a public key with a node, you must have Admin access in the Secure Edge Portal. Follow the steps in this section to:
- Add the public key to the portal
- Associate the public key with a node
If you’ve already provisioned a node but no longer have access to the private key, you can edit the node configuration to associate a new SSH key.
Add a public key to the Secure Edge Portal
To add a public key to the portal:
- Log in to the Secure Edge Portal as an Admin.
- From the left menu, select Nodes > SSH Keys to view the list of SSH keys.
- Select the plus icon (b) to open the Add SSH Key dialog.
- Enter a name for the SSH key, and then paste the contents of the public key file you generated in Creating an SSH public-private key pair.
- Select Add SSH Key.
Associate the public key with a node
You can associate a public key with a node during the provisioning process:
- For Edge Node instructions, see Provision and Launch Edge Nodes.
- For Virtual Edge Node instructions, see the applicable provisioning article (depending on the provider).
To edit the SSH key for an existing node:
- From the Secure Edge Portal left menu, select Nodes > All Nodes, and then select the node to open its details page.
- On the top-right of the details page, select Manage Node > Edit.
- In the SSH Key section, select the name of the SSH public key.
- Select Update to save the changes.