Adding ssh key pair to Openstack using cli

(: August 13, 2017)

Adding ssh key pair to Openstack using cli: In this series of Openstack configuration and management, let’s look at how to add ssh keypairs to Openstack. This guide is based on Openstack Ocata release.

Public/private key pairs work by keeping the public key on the server, and the private key on your local workstation. Once the server has verified that the two keys match, a secure connection can be made.

So let us generate new ssh key pair, you can skip this if you already have one:{text-align:left} img{margin:0 auto 0 0}
$ ssh-keygen -t rsa -b 4096
Generating public/private rsa key pair.
Enter file in which to save the key (/home/josphat/.ssh/id_rsa): 
Created directory '/home/josphat/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/josphat/.ssh/id_rsa.
Your public key has been saved in /home/josphat/.ssh/
The key fingerprint is:
28:14:e0:14:11:0d:77:23:2d:6c:65:12:4e:26:a1:de [email protected]
The key's randomart image is:
+--[ RSA 4096]----+
| XXO+= |
| + *=*.. |
|. ..o. |
|. .. . |
| . E. . S |
| . |
| |
| |
| |

Copy the key to the clipboard:

xclip -sel clip < ~/.ssh/

Then login to your Openstack controller node and save the key to a file:


Paste key contents inside the file, then save it.

Next step is importing the key using openstack keypair command:

# openstack keypair create --public-key josphat
| Field       | Value                                           |
| fingerprint | 19:7b:5c:14:a2:21:7a:a3:dd:56:c6:e4:3a:22:e8:3f |
| name        | josphat                                         |
| user_id     | 93f0f5c4197f4f73b01bfe8086ecbec0                |

The last “josphat” is the name of the keypair as seen on Openstack command CLI and Horizon dashboard.


# openstack keypair list
| Name          | Fingerprint                                     |
| jmutai_pubkey | 19:7b:5c:14:a2:21:7a:a3:dd:56:c6:e4:3a:22:e8:3f |
| josphat       | 19:7b:5c:14:a2:21:7a:a3:dd:56:c6:e4:3a:22:e8:3f |

The same can be confirmed on Horizon dashboard by going to Project > Key Pairs:

OpenStack can inject a public ssh key into an instance on launch, so that it’s ready for you to access using the private key once it is ready. Go ahead and create a new VM with the key pair uploaded:

openstack server create --flavor m1.tiny --image CoreOS-x86_64 
 --nic net-id=a54af9d4-d297-45b6-a98c-79d84add5f2e --security-group default 
 --key-name josphat coreos-test-vm

If you don’t have any image uploaded, i made a comprehensive guide on how to add images to Openstack, check it on the link below:

Adding images to Openstack Glance

Network id, Image name(ID) and security groups can be obtained using:

# openstack image list
# openstack network list
# openstack security group list

Check if instance created is running, and obtain its ip address:

openstack server list

Verify access:

$ ping -c 4 ip_address

You can now login to the vm using:

ssh [email protected]_address

Since I’m using CoreOS image, default username is core

[email protected] ~ $ cat /etc/os-release 
NAME="Container Linux by CoreOS"
PRETTY_NAME="Container Linux by CoreOS 1409.8.0 (Ladybug)"

That’s all. More Openstack related tutorials to come.  Follow us on twitter to get updated.

More Articles:

How to add flavors to openstack using cli{text-align:left} img{margin:0 auto 0 0}
Previous Post

Creating Openstack Network and Subnets

Next Post

Installing netdata on CentOS 7

Related Posts