Creating a Keypair

You can create a keypair with the API, with Cockpit, or with a third-party tool, and use this keypair to access a virtual machine (VM).

You can also directly create a keypair when you create a VM using Cockpit. For more information, see Creating VMs.

With the API or with Cockpit, you can create a keypair in 2048-bit RSA format. The public key is stored by 3DS OUTSCALE. The private key needs to be downloaded and saved, and is never provided to 3DS OUTSCALE. A new keypair is available only in the Region in which you create it.

With a third-party tool, like ssh-keygen for example, you can create a keypair in one of the following types: RSA (2048 bits or preferably 4096 bits), Ed25519, and ECDSA (256 bits, 384 bits, or 521 bits). The following formats can be used: PEM, PKCS8, RFC4716, and OpenSSH. Then, you need to import its public key to your OUTSCALE account. For more information, see Importing a Keypair.

Only RSA keypairs can decrypt the password of a Windows VM.

Creating a Keypair Using Cockpit v2

In the Keypairs dashboard, click Create Keypair.
The CREATE KEYPAIR dialog box appears.
In the Name field, type a name for the keypair.

This name must be unique in your account, and contain between 1 and 255 ASCII printable characters. Accented letters are not allowed.
Click Create Keypair.
The keypair is created.
A file containing the private key of the keypair is automatically downloaded on your computer.

Save this file carefully, as you will need to use its content to connect to your resources. 3DS OUTSCALE cannot provide it in case of loss.

Creating a Keypair Using OSC CLI

The CreateKeypair command creates a keypair to use with your virtual machines (VMs).
You can use this method in two different ways:

Creating a keypair: In that case, 3DS OUTSCALE creates a 2048-bit RSA keypair, stores its public key in your account, and returns its private key in the response of the call so that you can save it in a file.
When you save the returned private key, make sure you replace the \n escape sequences with real line breaks.
Importing a keypair created locally: If you already have a keypair that you have created locally with a third-party tool, you can import its public key in your account. The following types of key can be imported: RSA (2048 bits or preferably 4096 bits), Ed25519, and ECDSA (256 bits, 384 bits, or 521 bits). The following formats can be used: PEM, PKCS8, RFC4716, and OpenSSH.

For more information, see About Keypairs.

Request sample: Creating a keypair

$ osc-cli api CreateKeypair --profile "default" \
    --KeypairName "create-keypair-example"

This command contains the following attributes that you need to specify:

DryRun: (optional) If true, checks whether you have the required permissions to perform the action.
KeypairName: A unique name for the keypair, with a maximum length of 255 ASCII printable characters.

The CreateKeypair command returns the following elements:

Keypair: Information about the created keypair.
ResponseContext: Information about the context of the response.

Result sample: Creating a keypair

{
  "ResponseContext": {
    "RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
  },
  "Keypair": {
    "PrivateKey": "-----BEGIN RSA PRIVATE KEY-----\n...\n-----END RSA PRIVATE KEY-----",
    "KeypairType": "ssh-rsa",
    "KeypairName": "create-keypair-example",
    "KeypairFingerprint": "11:22:33:44:55:66:77:88:99:00:aa:bb:cc:dd:ee:ff"
  }
}

Creating a Keypair Using AWS CLI

To create a keypair, use the create-key-pair command following this syntax:

Request sample

$ aws ec2 create-key-pair \
    --profile YOUR_PROFILE \
    --key-name MyKeyPair \
    --endpoint https://fcu.eu-west-2.outscale.com

This command contains the following attributes that you need to specify:

(optional) profile: The named profile you want to use, created when configuring AWS CLI. For more information, see Installing and Configuring AWS CLI.
key-name: A unique name for the new keypair, with a maximum length of 255 ASCII characters.
endpoint: The endpoint corresponding to the Region you want to send the request to.

The create-key-pair command returns the following elements:

KeyName: The unique name of the newly created keypair.
KeyFingerprint: The MD5 public key fingerprint as specified in section 4 of RFC 4716.
KeyMaterial: The private key you need to save, in RSA format.

Save this file carefully, as you will need to use its content to connect to your resources. 3DS OUTSCALE cannot provide it in case of loss.

When saving the private key in a .rsa file, replace the \n escape sequences with line breaks.
Result sample
```
{
  "KeyName": "MyKeyPair",
  "KeyFingerprint": "1a:11:aa:11:aa:11:a1:a1:1a:11:1a:11:1a:1a:a1:aa",
  "KeyMaterial": "----BEGIN RSA PRIVATE KEY-----\nMIIEogIBAAKCAQEAqnBFu/1aGJ+XThzRiWWIx5ABzY0a\n----END RSA PRIVATE KEY-----"
}
```

The new keypair is created.

Creating a Keypair Using ssh-keygen

To create a keypair on your local machine, you can use for example one of the following commands:
- On Linux:
  Request sample
  $ ssh-keygen -t rsa -b 4096 -f <key_name>
- On macOS if you use the above command, the provided keypair is not compatible with OUTSCALE instances. This is because, by default, Linux uses the OpenSSL library, while macOS uses the LibreSSL library, which leads to different default settings in ssh-keygen. Therefore, on macOS, the correct equivalent of the above command is:
  Request sample
  $ ssh-keygen -t rsa -b 4096 -f <key_name> -m PEM
  The <key_name> private key and <key_name>.pub public key are created on your local machine.
To import the created public key to your OUTSCALE account, see Importing a Keypair.

For more information about the ssh-keygen tool, see the ssh website.

Related Pages

Corresponding API Methods

AWS™ and Amazon Web Services™ are trademarks of Amazon Technologies, Inc or its affiliates in the United States and/or other countries.