I must thank my fellow DBA Sebastián D’Alessandro and Joel Pérez for his publication in Spanish OTN.
The objective of the article:-
In this article, we will see the steps necessary to generate and replace the set of SSH keys (public / private) associated with an Oracle Public Cloud Service, with a new one.
Background
Most “Oracle Public Cloud Services” provide their services based on virtual machines that users can access using SSH (Secure Shell) protocol. In order to use this communication protocol, when creating a new service in “Oracle Public Cloud”, we must associate a public key to the service instance. Then, when accessing the VM using SSH, we have to provide the corresponding private key. In this way, although others may know the IP address of the instance, there are no usernames or passwords involved. Conversely, anyone who wants to access the VM will have to provide their private key which makes this machine a highly secure communication method.
The Oracle Public Cloud Service wizard can generate the key pair (public / private) for us, which is useful if we do not have a game that we want to use. In case you want to update the pair of keys associated with a VM, we can do it through the console of “Oracle Public Cloud Service”.
Some “Oracle Public Cloud” services, such as “Oracle Storage Cloud Service”, DO NOT provide access to your virtual machines through “Secure Shell”. Instead, they use REST API calls to access the service. This article is oriented to cloud services that allow SSH access to their virtual machines and therefore require them to be provided a set of SSH keys (public / private).
To update the set of SSH keys we must first generate a new one and then replace it. In Part I of this article, we will focus specifically on the process of generating these keys.
Generation of keys
We assume that we already have a service instance with its associated set of keys. To replace them, we need to generate a new key pair first.
Process
1.- We already have a service instance that has a set of associated keys. In order to replace them, we need a new game.
2.- We provide our Identity Domain and press GO.
3.- Enter your username and password and then click “Sign In” to log in.
In the “MyServices” dashboard, click on the menu option for our Oracle Cloud service and then click on “Open Service Console”. In this article, we use as an example a service of Golden Gate Cloud Service (GGCS).
4.- In the “Services” page, click on “Create Service”. (We will not create the service, we just want to get to the key generator wizard).
5. In the service creation wizard, there is a field to enter the public key SSH (SSH Public key) or a field with a similar name. We click on the “Edit” button.
Note : If in the first step of the wizard we did not find a field to enter the public key, we continue to advance in the flow, completing the remaining fields and continuing until we find a field related to the SSH public key.
6.- Select “Create a New Key” and then press “Enter”
7.- We click on “Download”
8.- We click on ” Save ” of the opened window to save the files shkeybundle.zip .
9.- Because the keys are always generated in a folder compressed with the name of sshkeybundle.zip , we change the name so that it is not confused with some other file already generated that also contains keys. We go to the chosen location and save the file, indicating a new name. For example sshkeybundle_Jack.zip .
10.- We click on the ” Done ” button in the pop-up menu “DownloadKeys”
11.- We click on “Cancel” to leave the service creation wizard.
12.- We unzip the folder containing the public / private key pair. In this example, sshkeybundle_Jack.zip.
13.- Renown your public and private keys. For example, from publicKey to publicKey_Jack and privateKe and privateKey_Jackrespectively.
Note: For Oracle Cloud services, it is best to use the keys generated by the Oracle wizard. If for example, we use PuTTy to create the key pair, the ppk format of the generated keys may not be correctly accepted for connection to the virtual machines using a SOCKS5 proxy server.
In part II of this article, we will develop in detail the process of updating the SSH keys.
We hope this article has proved useful and we invite you to continue reading our next publications focused on Oracle Cloud.
This article has been reviewed by the Oracle product team and is in compliance with the rules and practices for the use of Oracle products.
