SSH Keypair

This guide shows how to create a new SSH Key Pair required to access Compute instances remotely.

Remote access to Oracle Cloud Infrastructure Compute instances that use Linux-based images is possible with the public key authentication through SSH v2 Protocol also known as Secure Shell. SSH Protocol employs assymetric cryptography to negotiate the parameters of a secure tunnel (symmetric encryption session key, cipher algorithm) for the communication between client and server.

How does it work

Asymmetric cryptography requires the presence of a key pair that consists of a private key and a public key. The public key gets uploaded into the newly created instance during provisioning and appended to .ssh/authorized_keys file on that instance. You will be able to connect to that instance from any client that has the corresponding private key. As soon as you log into the instance, you can add further public keys to allow multiple users to access the cloud-based host.

Generating the key on Linux and Mac

We will use ssh-keygen program that belongs to the open source OpenSSH suite to generate the authentication keys for use with SSH v2 protocol. We are going to employ RSA algorithm (-t rsa) and use the recommended 2048 bits (-b 2048). You will be prompted to enter a new passphrase for the newly generated private key twice.

$ ssh-keygen -t rsa -b 2048 -C "michal@cloudcomputingrecipes.com" -f ~/.ssh/oci_id_rsa
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /Users/michal/.ssh/oci_id_rsa.
Your public key has been saved in /Users/michal/.ssh/oci_id_rsa.pub.
The key fingerprint is:
SHA256:jib1OoFAkf6pYqBUXQhZN+Tody74P8NFQQJsmOwSrnA michal@cloudcomputingrecipes.com
The key's randomart image is:
+---[RSA 2048]----+
|  .+=.*=....     |
|  oo =++. ..     |
| o. +.o.    .    |
|. E+.o     .     |
|..oo.+..S..      |
|.o  +.++o  .     |
|+  ...oo+..      |
|o..  oo..+       |
|..    .o..o      |
+----[SHA256]-----+

This will create two corresponding keys in ~/.ssh folder:

  • oci_id_rsa – the private key
  • oci_id_rsa.pub – the public key
$ ls -l .ssh/ | grep oci_id_rsa
-rw-------  1 michal  staff  1766 Oct  3 18:09 oci_id_rsa
-rw-r--r--  1 michal  staff   414 Oct  3 18:09 oci_id_rsa.pub
$ cat .ssh/oci_id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5AK7YSLMZSphuJVaZRzZJpE99ayKGeGM7C6Vz4RBIhtyQ13ArngMJwBaHCvr8O5lWdxssoJHB7TfRiaXjgorbB398SfbKRiDvZZAzuocOxLmkD564i6d5bBwFFc3yTsd20pn7npqgN9727pX0qnFY5N4NPBXClOfWxyf1R3ecTSOq8T+GU9P/jbDwJOrTGFwQEYM+mKJgSFMgMLi5MBQ8brc14Xr5NclKIBnFl7taxRAkFFD1YfBgG+hl7i7gc3NaItxQs/UDJwaqq+il7nb+ezny/9Ptf1lMHy8EFh5ER6PD5xsRfNlJ1LdkPLYLhiVHP4aiUkFrzsvddj8QFX4Z michal@cloudcomputingrecipes.com

Now, you can use the public key when provisioning a new Compute instance.

More information in “UNIX and Linux System Administration Handbook, 5th Edition” – Section 27.7 “SSH, the Secure Shell” or on https://www.ssh.com/ssh/protocol