Net Generate Public Private Key Pair

RightScale Docs / RightScale General FAQs

Background Information

Dec 30, 2016  Asymmetric encryption utilizes a pair of keys like public and private key for better security where a message sender encrypts the message with the public key and the receiver decrypts it with his/her private key. Public and Private key pair helps to encrypt information that ensures data is protected during transmission.

Servers that support Server Login Control populate their SSH authorized-keys file with multiple trusted keys based on policy received from the RightScale Dashboard, typically inserting one public key per user with server_login permission. When compared to the traditional technique of binding a single, shared SSH key to the server at launch time, Server Login Control has the following advantages:

1. The server grants and revokes trust in real time as a user's server_login privileges are granted and revoked.
2. Public-key authorization can be used even in clouds that do not natively support SSH public-key authentication.
3. Private keys are never shared between users.
4. Rather than creating a cloud-specific or RightScale-specific key pair, users can continue to use their preexisting, personal key pair.
5. If using a personal key pair, users can easily SSH to cloud instances without going through the RightScale Dashboard.

This document will show you how to generate a personal SSH key pair and upload the public key to RightScale for use with Server Login Control.

• Click Generate to generate a public/private key pair. As the key is being generated, move the mouse around the blank area as directed. (Optional) Enter a passphrase for the private key in the Key passphrase box and reenter it in the Confirm passphrase box.
• Loading and saving SSH keys. When an SFTP/SSH connection is established, the server identity is verified by checking the server's public key.Optionally, the client can even use a public/private key pair to log into the server (public/private key authentication).In Rebex SFTP, public keys are represented by SshPublicKey object and private keys by SshPrivateKey object.

Important Note: When using Server Login Control (a.k.a Managed SSH) to manage your user's keys, the user's public key may not disappear from the ~/.ssh/authorized_keys file immediately after revoking the 'server_login' permission from that user. This is normal - the key should eventually be removed from the authorized_keys file by a daemon that runs - but it only runs periodically at specific intervals so it may not be removed immediately.

If you find that your user's keys are still in the authorized_keys file after some time has passed and they should not be because they have no server_login permission, please contact our support team for assistance.

Answer

The procedure for creating a key pair varies depending on your operating system and preferred SSH client. In all cases, however, the procedure has three steps: create a key pair, change your RightScale SSH preferences, and test to ensure everything works as expected.

1. Create a Key Pair on Your Computer

Linux and MacOS X

1. Open a terminal window. At the shell prompt, type the following command:

2. The ssh-keygen program will prompt you for the location of the key file. Press Return to accept the defaults. You can optionally specify a passphrase to protect your key material. Press Return to omit the passphrase. The output of the program will look similar to this:

3. Note the location to which your public and private key were saved; they will be required in a subsequent step.

Windows (PuTTY SSH Client)

1. On your Windows workstation, go to Start > All Programs > PuTTY > PuTTYgen. The PuTTY Key Generator displays.

2. Click the Generate button and follow the instructions. Once key generation has finished, you will be presented with the results:

3. Click Save Private Key to save the private key to a file. Take note of the full path of the private key file, which is especially important if you save it under your Documents directory. Repeat the process for the public key, or simply copy the public key from PuTTY's text area into your clipboard and save it as a text file.

4. Close the PuTTY Key Generator.

2. Change RightScale SSH Preferences

Windows Generate Private Public Key

1. Log into the RightScale Dashboard and navigate to Settings > User Settings > SSH.
2. Click Edit. Under the Authentication section, choose the radio button labeled, Use the credentials stored on my computer.
3. Open your public key file in a text editor and copy its contents to your clipboard. Paste them into the text area labeled Public Key.

4. If you are using the Java Web Start application or the Java applet as your session launcher, type the location of your private key file into the text field labeled Private Key. Make sure to use an absolute filesystem path without any special characters such as ~ or $HOME or %HOMEPATH%. If you are using ssh:// protocol links as your session launch preference, configure your SSH client to automatically use your private key for authentication. When you are done, the page will look similar to this:

5. Click Save to store your SSH preferences.

3. Test Server Login Control

Launch a server that uses RightImage 5.1.1 or greater. Once the server becomes operational, navigate to the server's page and press the SSH Console button.

If you connect successfully, then everything is working fine. Congratulations!

Several tools exist to generate SSH public/private key pairs. The following sections show how to generate an SSH key pair on UNIX, UNIX-like and Windows platforms.

Generating an SSH Key Pair on UNIX and UNIX-Like Platforms Using the ssh-keygen Utility

UNIX and UNIX-like platforms (including Solaris and Linux) include the ssh-keygen utility to generate SSH key pairs.

1. Navigate to your home directory:
2. Run the ssh-keygen utility, providing as filename your choice of file name for the private key:

   The ssh-keygen utility prompts you for a passphrase for the private key.

3. Enter a passphrase for the private key, or press Enter to create a private key without a passphrase:

   Note:

   While a passphrase is not required, you should specify one as a security measure to protect the private key from unauthorized use. When you specify a passphrase, a user must enter the passphrase every time the private key is used.

   The ssh-keygen utility prompts you to enter the passphrase again.

4. Enter the passphrase again, or press Enter again to continue creating a private key without a passphrase:
5. The ssh-keygen utility displays a message indicating that the private key has been saved as filename and the public key has been saved as filename.pub. It also displays information about the key fingerprint and randomart image.

Generating an SSH Key Pair on Windows Using the PuTTYgen Program

The PuTTYgen program is part of PuTTY, an open source networking client for the Windows platform.

C# Create Public Private Key Pair

1. Download and install PuTTY or PuTTYgen.

   To download PuTTY or PuTTYgen, go to http://www.putty.org/ and click the You can download PuTTY here link.

2. Run the PuTTYgen program.
3. Set the Type of key to generate option to SSH-2 RSA.
4. In the Number of bits in a generated key box, enter 2048.
5. Click Generate to generate a public/private key pair.

   As the key is being generated, move the mouse around the blank area as directed.

6. (Optional) Enter a passphrase for the private key in the Key passphrase box and reenter it in the Confirm passphrase box.

   Note:

   While a passphrase is not required, you should specify one as a security measure to protect the private key from unauthorized use. When you specify a passphrase, a user must enter the passphrase every time the private key is used.

7. Click Save private key to save the private key to a file. To adhere to file-naming conventions, you should give the private key file an extension of .ppk (PuTTY private key).

   Note:

   The .ppk file extension indicates that the private key is in PuTTY's proprietary format. You must use a key of this format when using PuTTY as your SSH client. It cannot be used with other SSH client tools. Refer to the PuTTY documentation to convert a private key in this format to a different format.
8. Select all of the characters in the Public key for pasting into OpenSSH authorized_keys file box.

   Make sure you select all the characters, not just the ones you can see in the narrow window. If a scroll bar is next to the characters, you aren't seeing all the characters.

9. Right-click somewhere in the selected text and select Copy from the menu.
10. Open a text editor and paste the characters, just as you copied them. Start at the first character in the text editor, and do not insert any line breaks.
11. Save the text file in the same folder where you saved the private key, using the .pub extension to indicate that the file contains a public key.
12. If you or others are going to use an SSH client that requires the OpenSSH format for private keys (such as the ssh utility on Linux), export the private key:
    1. On the Conversions menu, choose Export OpenSSH key.
    2. Save the private key in OpenSSH format in the same folder where you saved the private key in .ppk format, using an extension such as .openssh to indicate the file's content.