forked from docs/doc-exports
Zaoxu, Li
1655d41c64
Reviewed-by: Pristromskaia, Margarita <margarita.pristromskaia@t-systems.com> Co-authored-by: Zaoxu, Li <lizaoxu@huawei.com> Co-committed-by: Zaoxu, Li <lizaoxu@huawei.com>
64 lines
17 KiB
HTML
64 lines
17 KiB
HTML
<a name="EN-US_TOPIC_0083737006"></a><a name="EN-US_TOPIC_0083737006"></a>
|
|
|
|
<h1 class="topictitle1">Using an SSH Key Pair</h1>
|
|
<div id="body1510648639475"><div class="section" id="EN-US_TOPIC_0083737006__section41767297451"><h4 class="sectiontitle">Scenarios</h4><p id="EN-US_TOPIC_0083737006__p3849185611189">To ensure system security, you are advised to use the key authentication mode to authorize the user who attempts to log in to a BMS. Therefore, you must use an existing key pair or create a new one for remote login authentication.</p>
|
|
<ul id="EN-US_TOPIC_0083737006__ul169231122112117"><li id="EN-US_TOPIC_0083737006__li19922152282117">Creating a Key Pair<p id="EN-US_TOPIC_0083737006__p781123514216"><a name="EN-US_TOPIC_0083737006__li19922152282117"></a><a name="li19922152282117"></a>If no key pair is available, create one that contains a public and a private key used for login authentication. You can use either of the following methods:</p>
|
|
<ul id="EN-US_TOPIC_0083737006__ul16874116162511"><li id="EN-US_TOPIC_0083737006__li1887411642513">Create a key pair using the management console. After the creation, the public key is automatically stored in the system, and the private key is manually stored in a local directory. For details, see <a href="#EN-US_TOPIC_0083737006__section177941342144514">Create a Key Pair on the Management Console</a>.</li><li id="EN-US_TOPIC_0083737006__li187507528255">Use PuTTYgen to create a key pair, and save both the public and private keys to the local host. For details, see <a href="#EN-US_TOPIC_0083737006__section1553115399576">Create a Key Pair Using PuTTYgen</a>. After the creation, import the key pair by following the instructions provided in <a href="#EN-US_TOPIC_0083737006__section139515511165">Import a Key Pair</a>. Then, the key pair can be used.<div class="note" id="EN-US_TOPIC_0083737006__note3911052111615"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="EN-US_TOPIC_0083737006__p49125241612">PuTTYgen is a tool for generating public and private keys. You can obtain the tool from <a href="https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html" target="_blank" rel="noopener noreferrer">https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html</a>.</p>
|
|
</div></div>
|
|
</li></ul>
|
|
</li><li id="EN-US_TOPIC_0083737006__li1859142616216">Using an existing key pair<p id="EN-US_TOPIC_0083737006__p9786183512385"><a name="EN-US_TOPIC_0083737006__li1859142616216"></a><a name="li1859142616216"></a>If a key pair is available locally, for example, generated using PuTTYgen, you can import the public key on the management console so that the system maintains the public key file. For details, see <a href="#EN-US_TOPIC_0083737006__section139515511165">Import a Key Pair</a>.</p>
|
|
</li></ul>
|
|
</div>
|
|
<div class="section" id="EN-US_TOPIC_0083737006__section177941342144514"><a name="EN-US_TOPIC_0083737006__section177941342144514"></a><a name="section177941342144514"></a><h4 class="sectiontitle">Create a Key Pair on the Management Console</h4><ol id="EN-US_TOPIC_0083737006__ol6977155564520"><li id="EN-US_TOPIC_0083737006__li10711121911548">Log in to the management console.</li><li id="EN-US_TOPIC_0083737006__li969810464567">Under <strong id="EN-US_TOPIC_0083737006__en-us_topic_0053536924_b1134469344202623">Computing</strong>, click <strong id="EN-US_TOPIC_0083737006__en-us_topic_0053536924_b856921432202623">Bare Metal Server</strong>.<p id="EN-US_TOPIC_0083737006__en-us_topic_0053536924_p127731959141113">The BMS console is displayed.</p>
|
|
</li><li id="EN-US_TOPIC_0083737006__li74041425204716">In the navigation tree, choose <strong id="EN-US_TOPIC_0083737006__b529216685349">Key Pair</strong>.</li><li id="EN-US_TOPIC_0083737006__li0839137134712">On the right side of the page, click <strong id="EN-US_TOPIC_0083737006__b6965111513">Create Key Pair</strong>.</li><li id="EN-US_TOPIC_0083737006__li985101865813">Enter the key name and click <strong id="EN-US_TOPIC_0083737006__b842352706111745">OK</strong>.<p id="EN-US_TOPIC_0083737006__p16841218175815">An automatically populated key name consists of <strong id="EN-US_TOPIC_0083737006__b842352706111821">KeyPair-</strong> and a 4-digit random number. Change it to an easy-to-remember one, for example, <strong id="EN-US_TOPIC_0083737006__b1467833515462">KeyPair-</strong><em id="EN-US_TOPIC_0083737006__i143102111547">xxxx</em><strong id="EN-US_TOPIC_0083737006__b1722883819460">_bms</strong>.</p>
|
|
</li><li id="EN-US_TOPIC_0083737006__li10952125744816">Download the private key file. The file name is the specified key pair name with a suffix of .pem. Store the private key file securely. In the displayed dialog box, click <strong id="EN-US_TOPIC_0083737006__b1734242054153732">OK</strong>.<div class="caution" id="EN-US_TOPIC_0083737006__note678115413310"><span class="cautiontitle"><img src="public_sys-resources/caution_3.0-en-us.png"> </span><div class="cautionbody"><p id="EN-US_TOPIC_0083737006__p147811847311">You can save the private key file only once. When you create a BMS, provide the key pair name. Each time you log in to the BMS using SSH, you need to provide the private key.</p>
|
|
</div></div>
|
|
</li></ol>
|
|
</div>
|
|
<div class="section" id="EN-US_TOPIC_0083737006__section1553115399576"><a name="EN-US_TOPIC_0083737006__section1553115399576"></a><a name="section1553115399576"></a><h4 class="sectiontitle">Create a Key Pair Using PuTTYgen</h4><ol id="EN-US_TOPIC_0083737006__ol1545318101588"><li id="EN-US_TOPIC_0083737006__li7453410125819"><span>Obtain the public and private keys.</span><p><ol type="a" id="EN-US_TOPIC_0083737006__ol104781733105812"><li id="EN-US_TOPIC_0083737006__li17478103316582">Double-click <strong id="EN-US_TOPIC_0083737006__b842352706202157">puttygen.exe</strong>. The <strong id="EN-US_TOPIC_0083737006__b842352706202217">PuTTY Key Generator</strong> window is displayed.<div class="fignone" id="EN-US_TOPIC_0083737006__fig512465412578"><span class="figcap"><b>Figure 1 </b>PuTTY Key Generator</span><br><span><img id="EN-US_TOPIC_0083737006__image81251254175712" src="en-us_image_0157339711.png" title="Click to enlarge" class="imgResize"></span></div>
|
|
</li><li id="EN-US_TOPIC_0083737006__li1749717945918">Click <strong id="EN-US_TOPIC_0083737006__b842352706202244">Generate</strong>.<p id="EN-US_TOPIC_0083737006__p1331428012">The key generator automatically generates a key pair that consists of a public key and a private key. The public key is that shown in the red box in <a href="#EN-US_TOPIC_0083737006__fig1743640142214">Figure 2</a>.</p>
|
|
<div class="fignone" id="EN-US_TOPIC_0083737006__fig1743640142214"><a name="EN-US_TOPIC_0083737006__fig1743640142214"></a><a name="fig1743640142214"></a><span class="figcap"><b>Figure 2 </b>Obtaining the public and private keys</span><br><span><img id="EN-US_TOPIC_0083737006__image043710122215" src="en-us_image_0157349141.png" title="Click to enlarge" class="imgResize"></span></div>
|
|
</li></ol>
|
|
</p></li><li id="EN-US_TOPIC_0083737006__li1156822695811"><a name="EN-US_TOPIC_0083737006__li1156822695811"></a><a name="li1156822695811"></a><span>Copy the public key content to a .txt file and save the file in a local directory.</span><p><div class="note" id="EN-US_TOPIC_0083737006__note85384529314"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="EN-US_TOPIC_0083737006__p1353917524316">Do not save the public key by clicking <strong id="EN-US_TOPIC_0083737006__b842352706202716">Save public key</strong>. Storing a public key by clicking <strong id="EN-US_TOPIC_0083737006__b84235270616210">Save public key</strong> of PuTTYgen will change the format of the public key content. Such a key cannot be imported to the management console.</p>
|
|
</div></div>
|
|
</p></li><li id="EN-US_TOPIC_0083737006__li229892314589"><span>Save the private key file.</span><p><p id="EN-US_TOPIC_0083737006__p09977111978">The format in which to save your private key varies depending on application scenarios: To ensure BMS security, you are limited to downloading the private key only once.</p>
|
|
<ul id="EN-US_TOPIC_0083737006__ul171771993818"><li id="EN-US_TOPIC_0083737006__li11771397815">Saving the private key in .ppk format<p id="EN-US_TOPIC_0083737006__p124073421286"><a name="EN-US_TOPIC_0083737006__li11771397815"></a><a name="li11771397815"></a>When you are required to log in to a Linux BMS using PuTTY, you must use the .ppk private key. To save the private key in .ppk format, perform the following operations:</p>
|
|
<ol type="a" id="EN-US_TOPIC_0083737006__ol4663451295"><li id="EN-US_TOPIC_0083737006__li166610459910">On the <strong id="EN-US_TOPIC_0083737006__b842352706204219">PuTTY Key Generator</strong> page, choose <strong id="EN-US_TOPIC_0083737006__b842352706163532">File</strong> > <strong id="EN-US_TOPIC_0083737006__b842352706204231">Save private key</strong>.</li><li id="EN-US_TOPIC_0083737006__li20844644181016">Save the private key, for example, <strong id="EN-US_TOPIC_0083737006__b738125118518">kp-123.ppk</strong>, to the local PC.</li></ol>
|
|
</li><li id="EN-US_TOPIC_0083737006__li35776281783">Saving the private key in .pem format<p id="EN-US_TOPIC_0083737006__p5478191871112"><a name="EN-US_TOPIC_0083737006__li35776281783"></a><a name="li35776281783"></a>When you are required to log in to a Linux BMS using Xshell or attempt to obtain the password for logging in to a Windows BMS, you must use the .pem private key for authentication. To save the private key in .ppk format, perform the following operations:</p>
|
|
<ol type="a" id="EN-US_TOPIC_0083737006__ol2092672301213"><li id="EN-US_TOPIC_0083737006__li6926182341210">On the <strong id="EN-US_TOPIC_0083737006__b35654836">PuTTY Key Generator</strong> page, choose <strong id="EN-US_TOPIC_0083737006__b1059204534">Conversions</strong> > <strong id="EN-US_TOPIC_0083737006__b560154627">Export OpenSSH key</strong>.<div class="caution" id="EN-US_TOPIC_0083737006__note9445321433"><span class="cautiontitle"><img src="public_sys-resources/caution_3.0-en-us.png"> </span><div class="cautionbody"><p id="EN-US_TOPIC_0083737006__p1344512213317">If you use this private file to obtain the password for logging in to a Windows BMS, when you choose <strong id="EN-US_TOPIC_0083737006__b791402091204621">Export OpenSSH key</strong>, do not configure <strong id="EN-US_TOPIC_0083737006__b842352706204642">Key passphrase</strong>. Otherwise, obtaining the password will fail.</p>
|
|
</div></div>
|
|
</li><li id="EN-US_TOPIC_0083737006__li133503111310">Save the private key, for example, <strong id="EN-US_TOPIC_0083737006__b12431051145116">kp-123.pem</strong>, in a local directory.</li></ol>
|
|
</li></ul>
|
|
</p></li><li id="EN-US_TOPIC_0083737006__li12165257364"><span>After the public key file and private key file are saved, import the public key to the system by referring to <a href="#EN-US_TOPIC_0083737006__section139515511165">Import a Key Pair</a>.</span></li></ol>
|
|
</div>
|
|
<div class="section" id="EN-US_TOPIC_0083737006__section139515511165"><a name="EN-US_TOPIC_0083737006__section139515511165"></a><a name="section139515511165"></a><h4 class="sectiontitle">Import a Key Pair</h4><p id="EN-US_TOPIC_0083737006__p124011006176">If you store a public key by clicking <strong id="EN-US_TOPIC_0083737006__b26562066164826">Save public key</strong> of PuTTYgen, the format of the public key content will change. Such a key cannot be imported to the management console. To resolve this issue, obtain the public key content in correct format and import the content to the management console. For details, see <a href="en-us_topic_0084166750.html">What Do I Do If a Key Pair Created Using PuTTYgen Cannot Be Imported to the Management Console?</a></p>
|
|
<ol id="EN-US_TOPIC_0083737006__ol49887931143442"><li id="EN-US_TOPIC_0083737006__li1131101310228">Log in to the management console.</li><li id="EN-US_TOPIC_0083737006__li19131131310220">Under <strong id="EN-US_TOPIC_0083737006__en-us_topic_0053536924_b1134469344202623_1">Computing</strong>, click <strong id="EN-US_TOPIC_0083737006__en-us_topic_0053536924_b856921432202623_1">Bare Metal Server</strong>.<p id="EN-US_TOPIC_0083737006__en-us_topic_0053536924_p127731959141113_1">The BMS console is displayed.</p>
|
|
</li><li id="EN-US_TOPIC_0083737006__li2158728143442">In the navigation tree, choose <strong id="EN-US_TOPIC_0083737006__b1164404875">Key Pair</strong>.</li><li id="EN-US_TOPIC_0083737006__li32291957143442">On the right side of the page, click <strong id="EN-US_TOPIC_0083737006__b24805120512">Import Key Pair</strong>.<div class="fignone" id="EN-US_TOPIC_0083737006__fig7947849201910"><span class="figcap"><b>Figure 3 </b>Import Public Key</span><br><span><img id="EN-US_TOPIC_0083737006__image594784912199" src="en-us_image_0131808494.png" title="Click to enlarge" class="imgResize"></span></div>
|
|
</li><li id="EN-US_TOPIC_0083737006__li37898602143442">Use either of the following methods to import the key pair:<ul id="EN-US_TOPIC_0083737006__ul4210955143442"><li id="EN-US_TOPIC_0083737006__li57034482143442">Selecting a file<ol type="a" id="EN-US_TOPIC_0083737006__ol1214990115226"><li id="EN-US_TOPIC_0083737006__li2371687115226">On the <strong id="EN-US_TOPIC_0083737006__b842352706112651">Import Key Pair</strong> page of the management console, click <strong id="EN-US_TOPIC_0083737006__b842352706112725">Select File</strong> and select the local public key file, for example, the .txt file saved in <a href="#EN-US_TOPIC_0083737006__li1156822695811">2</a>.<div class="note" id="EN-US_TOPIC_0083737006__note2825014412158"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="EN-US_TOPIC_0083737006__p5292471112158">When importing a key pair, ensure that the public key is imported. Otherwise, importing the key pair will fail.</p>
|
|
</div></div>
|
|
</li><li id="EN-US_TOPIC_0083737006__li36968064152326">Click <strong id="EN-US_TOPIC_0083737006__b842352706162957">OK</strong>.<p id="EN-US_TOPIC_0083737006__p53154419152328">After the public key is imported, you can change its name.</p>
|
|
</li></ol>
|
|
</li><li id="EN-US_TOPIC_0083737006__li37750586143442">Copying the public key content<ol type="a" id="EN-US_TOPIC_0083737006__ol13914245152430"><li id="EN-US_TOPIC_0083737006__li64384119152430">Copy the content of the public key in .txt file into the <strong id="EN-US_TOPIC_0083737006__b1789216345163526">Public Key Content</strong> text box.</li><li id="EN-US_TOPIC_0083737006__li41017523152430">Click <strong id="EN-US_TOPIC_0083737006__b1098051902">OK</strong>.</li></ol>
|
|
</li></ul>
|
|
</li></ol>
|
|
</div>
|
|
<div class="section" id="EN-US_TOPIC_0083737006__section1384764752914"><h4 class="sectiontitle">Delete a Key Pair</h4><p id="EN-US_TOPIC_0083737006__p18505212916">If you no longer need a key pair, you can delete it. After a key pair is deleted, it cannot be restored. However, you can still use the private key saved locally to log in to the BMS, and the deleted key pair is still displayed in the BMS details.</p>
|
|
<div class="note" id="EN-US_TOPIC_0083737006__note19504636118"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="EN-US_TOPIC_0083737006__ul18361129142918"><li id="EN-US_TOPIC_0083737006__li178361829122913">If your key pair has been bound to a BMS and you do not unbind the key pair from the BMS before deleting the key pair, you cannot create a key pair of the same name. When you enter this name when creating or importing a key pair, the console displays an error message indicating that the key pair already exists.</li><li id="EN-US_TOPIC_0083737006__li4387113517301">If your key pair is not bound to any BMS or has been unbound from the BMS before it is deleted, you can create a key pair of the same name.</li></ul>
|
|
</div></div>
|
|
<ol id="EN-US_TOPIC_0083737006__ol13131175841117"><li id="EN-US_TOPIC_0083737006__li0219132214229">Log in to the management console.</li><li id="EN-US_TOPIC_0083737006__li16219112262216">Under <strong id="EN-US_TOPIC_0083737006__en-us_topic_0053536924_b1134469344202623_2">Computing</strong>, click <strong id="EN-US_TOPIC_0083737006__en-us_topic_0053536924_b856921432202623_2">Bare Metal Server</strong>.<p id="EN-US_TOPIC_0083737006__en-us_topic_0053536924_p127731959141113_2">The BMS console is displayed.</p>
|
|
</li><li id="EN-US_TOPIC_0083737006__li157605127126">In the navigation tree, choose <strong id="EN-US_TOPIC_0083737006__b583462443">Key Pair</strong>.</li><li id="EN-US_TOPIC_0083737006__li564162831219">Locate the row that contains the target key pair and click <strong id="EN-US_TOPIC_0083737006__b52703401435">Delete</strong> in the <strong id="EN-US_TOPIC_0083737006__b18447145539">Operation</strong> column.</li></ol>
|
|
</div>
|
|
</div>
|
|
<div>
|
|
<div class="familylinks">
|
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="en-us_topic_0131781855.html">Key Pair and Password</a></div>
|
|
</div>
|
|
</div>
|
|
|
|
|
|
<script language="JavaScript">
|
|
<!--
|
|
image_size('.imgResize');
|
|
var msg_imageMax = "view original image";
|
|
var msg_imageClose = "close";
|
|
//--></script> |