SSH (Secure Shell) offers an encrypted, secure connection over an unsecured network (internet) for client-server communication. In other words, log in to your instance remotely.
Before you launch an instance, you have to configure a security group. A security group acts as a virtual firewall and is a container with a set of IP filter rules which specifies what traffic has access to which port. For example, you can make SSH access and ping traffic available on your instance.
In this example, we are going to add some IP filter rules to the already existing default security group. Of course, you can create a new security group for this. It is possible to add several security groups to your instance.
Before you can access an instance by SSH and ICMP (ping) you need to apply some rules to all instances within a project. You always need to set up the following unless there is a particular reason to prohibit SSH or ICMP access to an instance.
To enable SSH access fill out the following: Rule: SSH Remote: CIDR CIDR: 0.0.0.0/0
To add ICMP (ping) access fill out the following: Rule: ALL ICMP Direction: Ingress Remote: CIDR CIDR: 0.0.0.0/0
A key pair, also known as an SSH key, consists of two keys; a ‘public key’ and a ‘private key’. The private key is only for you and should not be shared with anyone. Your public key is inserted into your instance(s) when first deployed.
The public key ensures that all traffic, from and to your instance, is encrypted via SSH. This encryption can only be deciphered with your private key. If you want to log in to your instance remotely via SSH, your private key will decrypt the traffic so that you can talk to your instance. Because the traffic is encrypted, it is not possible to eavesdrop (man-in-the-middle attack) or to guess your password through brute force. This makes SSH the most used and safest way to log in remotely.
Each project should have at least one key pair. You can use a key pair for multiple instances at the same time. If you already have a key pair or created one with another tool, you can import that key pair. After this section, you should be able to import or create a key pair and add or create security groups.
If you wish to use a new key pair for your OpenStack platform, follow the steps below:
If you wish to use an existing key pair, follow the steps below:
You have now added an IP filter rule so that you granted access to SSH (port 22) with your security group. You also created or imported a key pair. This will be used later on for your instance. Now it’s time to launch your first instance. In the next tutorial, we show you step by step how we can do that.