Ssh_keys

New

When creating a new SSH Key pair, you are simply prompted for a Name. As long as the Name is unique, the SSH Key is created and you are placed at the SSH Key show page.

Index

SSH Keys are used to establish secure client-server connections via SSH (secure shell) to running instances in the cloud. An SSH Key pair consists of both public and private key material.

v4 and v5 RightImages behave differently with respect to SSH Keys. v5 RightImages are said to be "RightLink enabled". v4 RightImages (pre-RightLink) rely heavier on SSH Keys. If you are launching instances using v4 RightImages, RightScale will use the SSH Key in order to run RightScripts on the instance. Therefore, it's important that you only use SSH Keys where the private key material is available and not missing. Otherwise RightScale will not be able to run any RightScripts on the instance to complete the boot process thereby resulting in a Server that "strands" in booting. If you are using v5 (or later) RightImages, RightScale's Managed SSH feature will be used to establish SSH access and RightLink will be used to run RightScripts on the instance. You can either use the unique SSH Key that RightScale generates for each user or upload your own SSH Key.

Fields

• Name - Name of the SSH Key. Clicking the Name hyperlink takes you to that SSH Key's show page. Note: Some entities don't have unique names in their respective clouds. In particular, SSH Keys are like this in some clouds (for example, in some private clouds). This is why RightScale created an RSID. The RSID is held unique within an account (within a timeframe). From a practical perspective, this means an SSH Key can be created and named "Test". You won't be able to create another one in the same account called "Test". You can, however, delete the SSH Key and create a new one called "Test". It will have different key material and will not SSH into already launched Servers that used the prior "Test" SSH Key.
• Key Material - Refers to the public/private key pair used for SSH Keys. Set to either "yes" or "no". "Yes" means that RightScale possesses the private key material for that SSH key, and can SSH into any running instance that trusts that key. This is normally the case if the SSH Key was either created from the Dashboard, or manually added to it. "No" means that the RightScale database does not contain the private key; although you can launch instances that trust that key, you cannot SSH into those instances directly from the Dashboard. Important! Even if RightScale knows the private key material, it is only displayed in the Dashboard's Private Key field for the user who created it, or accounts with 'admin' privileges.
• Resource UID - Resource Unique IDentifier for the SSH Key. To tie this back into the "Name" discussion above, some clouds use the Name of SSH Key as the Resource UID. This is why the Name and Resource UID match. The RS_ID for non-sharable entities (such as SSH Keys) is unique and random. Note: This is a RightScale only concept that guarantees uniqueness while leaving no security loopholes with respect to implementation.

Actions

• New - Create a new SSH Key pair whereby the cloud generates the key pair for you.
• Delete - Delete an existing SSH KEY pair.

- -

Show

The SSH Keys show page groups together the following information:

• Info - Both generic and cloud specific data is displayed in the Info section. The data displayed here is fetched from the database, but could have originated and been set by RightScale directly (e.g. a Name or Tag) or from the cloud (e.g. a Resource UID or CPU Speed). Note that many are actionable links.
  • RS ID - A unique and randomly generated RightScale ID. In most instances the RS ID is not customer facing, and is used strictly as an internal tracking mechanism by RightScale. In some instances (such as SSH Keys) it is required to allow users to correctly identify the resource from the Dashboard.
  • Resource UID - Resource Unique IDentifier. Each entity (such as an SSH Key) in the Dashboard has a Resource UID tied to it. Whether the ID is numeric or alphanumeric varies depending on the cloud infrastructure. The Resource UID is generated and persistent in the Cloud. The value is initially retrieved from the Cloud, set in the database, and retrieved/displayed in many areas of the Dashboard (tied to the specific cloud resource).
  • Created by - RightScale user that created the entity. For example, john.doe@example.com or "-- unknown --" if the user could not be determined.
  • Private Key - The actual RSA private key data. Important! Private key data is only seen by the user who created the key and by account administrators.
• Cloud Info - This section is specific to the cloud infrastructure the instance is running on. RightScale reports this on behalf of the cloud, but you cannot manipulate this data from the Dashboard (Please see your cloud provider documentation for more information. Note: The exact name of this info grouping differs, in that "Cloud" in the Cloud Info reflects the actual name of the cloud). Example field information includes:
  • Fingerprint - The a SHA 1 digest of the public key. (Note: Even though RightScale does not store the public key itself, we do store the fingerprint of it if the cloud passes this information to us. SHA 1 public keys can be used to visually compare two public keys. Comparing 1000-byte binary strings is of course impossible visually.)
  • Timestamps - Critical instance timestamps (in the local TZ) are shown.
  • Created at - Time and date stamp when the SSH Key was created (e.g. 2010-12-08 20:35:53 PST).
  • Updated at - Time and date stamp when the SSH Key was last updated.

Actions

• Edit - Edit the SSH Key. This allows you to update the actual key data.
• Delete - Delete the SSH Key. Confirmation is required prior to removal.