About Keypairs

Keypairs are pairs of SSH keys that enable you to connect to your virtual machines (VMs). When creating VMs, you need to specify the keypair you want to use, and use its private key to connect to the VM.

Public and Private Keys

A keypair is composed of a public key and a private key.

You can:

  • Generate a 2048-bit RSA keypair using the APIs or Cockpit. For more information, see Creating a Keypair.

  • Import the public key of an existing keypair created by a third-party tool, in one of the following types: RSA (2048 bits or preferably 4096 bits), Ed25519, and ECDSA (256 bits, 384 bits, or 521 bits). The following formats can be used: PEM, PKCS8, RFC4716, and OpenSSH. For more information, see Importing a Keypair.

Give your keypairs explicit names so that their purpose is understood more easily. You can for example use names in the application-environment-role format:

  • website-all-bastion

  • website-front-lb

  • website-middle-app

  • website-back-db

In either case, the public key of the keypair is stored by 3DS OUTSCALE, and is only available in the metadata of the VM. However, the private key is never provided to 3DS OUTSCALE. For more information about VMs metadata, see Accessing the Metadata and User Data of a VM.

For Linux VMs created from an official OMI, you can replace the public key of the keypair in the authorized_keys file with the public key of a new keypair. For more information, see Modifying the Keypair of a VM.

Keypairs and OMIs

All official OMIs use keypairs as their authentication system. When creating a VM from an official OMI, you need to assign a keypair to it:

  • For Linux VMs, the VM gets the public key of the keypair thanks to its metadata and associates it to the root user by inserting it in its home directory, in the authorized_keys file. For more information, see Accessing a Linux VM.

  • For Windows VMs, the keypair enables you to get and decrypt the Administrator password at first creation. For more information, see Accessing a Windows VM.

    Only RSA keypairs can decrypt the password of a Windows VM.

Non-official OMIs can use any authentication system. When creating a VM, you need to check whether a keypair is required for the specified OMI.

We strongly recommend using only official OMIs or OMIs from OUTSCALE Marketplace. We cannot guarantee the security of VMs created using OMIs from other sources.

After connecting to a VM for the first time, you can:

  • Replace the assigned keypair. For more information, see Modifying the Keypair of a VM.

  • Replace the keypair with another authentication system of your choice, for example the Kerberos or Radius protocols.

  • Add one or several other authentication systems apart from the keypair.

Related Pages