Public and Private Keys
A keypair is composed of a public key and a private key.
- Generate a 2048-bit RSA format keypair using TINA or Cockpit. For more information, see Creating a Keypair.
- Import the public key of an existing keypair created by a third-party tool, in the following format: 1024-bits RSA, 2048-bits RSA or 4096-bits RSA. For more information, see Importing a Keypair.
Give your keypairs explicit names so that their purpose is understood more easily. You can for example use names in the application-environment-role format:
In either case, the public key of the keypair is stored by 3DS OUTSCALE, and is only available in the of the instance. However, the private key is never provided to 3DS OUTSCALE. For more information about instances metadata, see Accessing the Metadata and User Data of an Instance.
For Linux instances launched from an official OMI, you can replace the public key of the keypair in the authorized_keys file with the public key of a new keypair. For more information, see Modifying the Keypair Used by an Instance.
Keypairs and OMIs
All official OMIs use keypairs as their authentication system. When launching an instance from an official OMI, you need to assign a keypair to it:
- For Linux instances, the instance gets the public key of the keypair thanks to its metadata and associates it to the
rootuser by inserting it in its home directory, in the authorized_keys file. For more information, see Accessing a Linux Instance from a Linux or macOS or Accessing a Linux Instance from a Windows OS.
- For Windows instances, the keypair enables you to get and decrypt the Administrator password at first launch. For more information, see Accessing a Windows Instance.
However, non-official OMIs can use any authentication system. When launching an instance, you need to check whether a keypair is required for the specified OMI.
- We strongly recommend to use official OMIs only. 3DS OUTSCALE cannot guarantee the security of your instances launched using other public OMIs or personal ones.
- To launch instances using Cockpit, you must always specify a keypair, even when the OMI used does not require one.
After connecting to an instance for the first time, you can:
- Modify the assigned keypair. For more information, see Modifying the Keypair Used by an Instance.
- Replace the keypair with another authentication system of your choice, for example the Kerberos or Radius protocols.
- Add one or several other authentication systems apart from the keypair.