Configure secure access for instances (2/4)

In this tutorial, part of the getting started series, we will explain what a security group is and how you can create IP filter rules, this way you can get SSH access to your instance (virtual machine).

SSH (Secure Shell) offers an encrypted, secure connection over an unsecured network (internet) for client-server communication. In other words, log in to your instance remotely.


Security Groups

Before you launch an instance, you have to configure a security group. A security group acts as a virtual firewall and is a container with a set of IP filter rules which specifies what traffic has access to which port. For example, you can make SSH access and ping traffic available on your instance.

Add rules to the default security group

In this example, we are going to add some IP filter rules to the already existing default security group. Of course, you can create a new security group for this. It is possible to add several security groups to your instance.

Before you can access an instance by SSH and ICMP (ping) you need to apply some rules to all instances within a project. You always need to set up the following unless there is a particular reason to prohibit SSH or ICMP access to an instance.

  1. From your project in the dashboard go to the Networking tab and click Security groups.
  2. You can see the available security groups for this project.
  3. Click Manage Rules and then Add Rule.



Enable SSH

To enable SSH access fill out the following: Rule: SSH Remote: CIDR CIDR:

Enable ICMP

To add ICMP (ping) access fill out the following: Rule: ALL ICMP Direction: Ingress Remote: CIDR CIDR:

Key Pairs

A key pair, also known as an SSH key, consists of two keys; a ‘public key’ and a ‘private key’. The private key is only for you and should not be shared with anyone. Your public key is inserted into your instance(s) when first deployed.

The public key ensures that all traffic, from and to your instance, is encrypted via SSH. This encryption can only be deciphered with your private key. If you want to log in to your instance remotely via SSH, your private key will decrypt the traffic so that you can talk to your instance. Because the traffic is encrypted, it is not possible to eavesdrop (man-in-the-middle attack) or to guess your password through brute force. This makes SSH the most used and safest way to log in remotely.

Each project should have at least one key pair. You can use a key pair for multiple instances at the same time. If you already have a key pair or created one with another tool, you can import that key pair. After this section, you should be able to import or create a key pair and add or create security groups.

Create a new key pair

If you wish to use a new key pair for your OpenStack platform, follow the steps below:

  1. Select your Project, now go to Compute tab and click on Key Pairs.
  2. In the key pairs tab, please click on the button Create Key Pair.
  3. Give your key pair a name and click on the button Create Key Pair.
  4. Your browser gives you a link for saving your name.pem file, save this file locally.
  5. Your key will be added automatically.

Import an existing Key Pair

If you wish to use an existing key pair, follow the steps below:

  1. Select your Project, now go to Compute and click Key Pairs.
  2. Click on the button Import Key Pair.
  3. Give your key pair a name.
  4. Paste your public key in the Public Key Field.
  5. Click on the button Import Key Pair.


You have now added an IP filter rule so that you granted access to SSH (port 22) with your security group. You also created or imported a key pair. This will be used later on for your instance. Now it’s time to launch your first instance. In the next tutorial, we show you step by step how we can do that.