====== SSH keyring management ======
In order to simplify access during the creation of servers or instances, we provide you with a way to manage your SSH keyring via your Gandi interface.
To use this feature, start by logging into our website and going to the "Account Management" tab, and then "SSH keys" which you will see on the right. You will then be provided with an interface that you can use to add or delete your public SSH keys.
You must have a public/private SSH pair for this to work. Please note that the private key remains on your computer, it is the public key is what you will provide to Gandi and put in your keyring.
===== Key generation =====
* **Linux :** To generate a pair of keys (public/private), you can use the tool provided with OpenSSH ("ssh-keygen'" available by default under Linux) with the following command: ''ssh-keygen''.\\
$ ssh-keygen -t rsa -b 2048
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/example_rsa.
Your public key has been saved in /home/user/.ssh/example_rsa.pub.
The key fingerprint is:
eb:79:fb:3f:15:ff:3a:04:dd:46:74:3b:da:a2:2b:9b alex@jbim
The key's randomart image is:
+--[ RSA 2048]----+
| .o|
| +|
| . = |
| . +.+|
| S + oo|
| . . o o|
| . . . ..|
| . oo . o .|
| oE++..o+ |
+-----------------+
By default, the keys are placed in the .ssh subdirectory in your home directory.
$ ls ~/.ssh/
authorized_keys id_rsa
id_rsa.pub known_hosts
* **Windows :** You can use the 'PuttyGen' generator that can be downloaded on [[http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html|this page]]
The .pub file is your public key, it is the one that must be added to your keychain. **The ''id_rsa'' file contains your private key, which muse NEVER be communicated. Only the public key must be sent to a server or an instance!**
===== Adding a key to your keychain=====
We are now going to add the key to our keychain. We must first, however, recover the key's content:
$ cat .ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7ReoJ3g7inzFkE3EazHf8R9ypx6WOonQbbT43/n0PCUU6/7MZgv3GK7lNkwV4L+oaTLm5cjVDLwpiWrkFZtOpekv+gkxqwIFT8R+AeHbNbIov3An/WZXOxJmgIm/p8cdiHtgA0wsJydol9OOHDdd/g+oRy0OG8U6zk/3Wtme7EZBLqGfBMjrnJBacHM65RyIzDnuwN0ejSX3GvtMoqIkWLpbaCFotR23fhs1hz4q6fZZctNGNG/6pzap9QOn8WHV6B+F4/N1I4Pk4QAeUOoC5UXkwNAinhSYPitwFlqmM3IU/spkzUedJc6uZp4lZ+Fl1VE9YKYjuAvu904PhSp2r alex@jbim
Next, to add it, go to the following address and click on "Add an SSH key" and copy and paste the contents of your SSH key where prompted:
{{ :en:gandi:sshkeyring-1-en.png?nolink |}}
You can add as many keys as you want to your keyring:
===== Deployment of the SSH key on an instance =====
==== During the creation of the instance ====
During the creation of the instance, you have the possibility of deploying an SSH key:
* By choosing a key that is already present in your keyring,
* By indicating the SSH key directly in the corresponding field (with the possibility of adding it to the keyring)
{{ :en:gandi:sshkeyring-2-en.png?nolink |}}
==== On an existing instance ====
To easily deploy a key on a pre-existing instance, go to the instance's control panel, and then in the "Access" table, click on "Add" that you see to the right of "SSH keys":
{{ :en:gandi:sshkeyring-3-en.png?nolink |}}
A popup will then appear, where you can either add a key that is already present in your keyring or add a new one:
{{ :en:gandi:sshkeyring-4-en.png?nolink |}}
===== Deployment of an SSH key on a server =====
To deploy an SSH key from your keyring to a new server, proceed with the creation of the server as usual, and then in the "Connection parameters" section, you will be able to:
* Select an existing SSH key from your keyring,
* Add a key that is not present in the keyring, and then add it automatically to the keyring afterwards.
{{ :en:gandi:sshkeyring-5-en.png?nolink |}}
By only indicating one SSH key, your server's console will not be available. If you want to use the console, you will need to activate it and define a password beforehand. For this, see our page on [[http://wiki.gandi.net/en/iaas/references/server/emergency_console|activating the emergency console]]