Configure access and security for instances

Configure access and security for instances Before you launch a virtual machine, you can add security group rules to enable users to ping and SSH to the instances. To do so, you either add rules to the default security group or add a security group with rules. Keypairs are SSH credentials that are injected into images when they are launched. For this to work, the image must contain the cloud-init package. Create at least one keypair for each project. For information, see . If you have generated a keypair with an external tool, you can import it into OpenStack. The keypair can be used for multiple instances that belong to a project. For information, see .

Add rules to the default security group Log in to the dashboard, choose a project, and click the Access & Security category. The dashboard shows the security groups that are available for this project. Select the default security group and click Edit Rules. To allow ssh access, click Add Rule. In the Add Rule window, enter the following values: Rule SSH Remote CIDR CIDR 0.0.0.0/0 To accept requests from a particular range of IP addresses, specify the IP address block in the CIDR box. Click Add. The ssh port 22 is now open for requests from any IP address. To add an ICMP rule, click Add Rule. In the Add Rule window, enter the following values: Rule All ICMP Direction Ingress Remote CIDR CIDR 0.0.0.0/0 Click Add.

Add a keypair Create at least one keypair for each project. Log in to the dashboard, choose a project, and click the Access & Security category. The Keypairs tab shows the keypairs that are available for this project. Click Create Keypair. In the Create Keypair window, enter a name for your keypair, and click Create Keypair. Respond to the prompt to download the keypair.

Import a keypair Log in to the dashboard, choose a project, and click the Access & Security category. The Keypairs tab shows the keypairs that are available for this project. Click Import Keypair. In the Import Keypair window, enter the name of your keypair. In the Public Key box, copy the public key. Then, click Import Keypair. Save the *.pem file locally. To change its permissions so that only you can read and write to the file, run the following command: $ chmod 0600 MY_PRIV_KEY.pem If you are using the dashboard from a Windows-based computer, use puttygen to load the *.pem and convert and save as *.ppk. Refer to WinSCP information for more details. To make the keypair known to SSH, run the ssh-add command: $ ssh-add MY_PRIV_KEY.pem The Compute database registers the public key of the keypair. The dashboard lists the keypair in the Access & Security category.