Tuesday, June 17, 2014

My attempt at setting up ssh key pairs for an Openstack VM

In my quest to learn more about Openstack I've decided to test out the ssh key-pair authentication method. I'm not much of a Unix guy so this attempt may be the wrong approach. But hey, learning is all about experimenting, so my failures may one day lead to success.

 I've read the RDO quick install on setting up the key-pair, but I could not get it to work using the Horizon webui. The documentation is a little sparse with no examples. It says I should be able to access the VM from my host. But after a few attempts I couldn't get it to work. So I've decided to try it a different way.

First I had to figure out how to ssh from my host to the VM.

pinging the VM didn't work.

[root@centos-6-5-openstack .ssh]$ ping
PING ( 56(84) bytes of data.
--- ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 4659ms

Then I remembered that I had to use network namespaces.

[root@centos-6-5-openstack .ssh(keystone_admin)]# ip netns list

[root@centos-6-5-openstack .ssh(keystone_admin)]# ip netns exec qdhcp-a5958652-7348-436f-8aff-2c9ebd7dd9f7 ip a
31: tapcb867d96-a4: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
    link/ether fa:16:3e:ce:a5:7e brd ff:ff:ff:ff:ff:ff
    inet brd scope global tapcb867d96-a4
    inet6 fe80::f816:3eff:fece:a57e/64 scope link
       valid_lft forever preferred_lft forever
35: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever

[root@centos-6-5-openstack .ssh(keystone_admin)]# ip netns exec qdhcp-a5958652-7348-436f-8aff-2c9ebd7dd9f7 ping
PING ( 56(84) bytes of data.
64 bytes from icmp_seq=1 ttl=64 time=3.33 ms
64 bytes from icmp_seq=2 ttl=64 time=0.436 ms
--- ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1065ms
rtt min/avg/max/mdev = 0.436/1.885/3.334/1.449 ms

Awesome. That worked. So next I tried sshing to the VM.

[root@centos-6-5-openstack .ssh(keystone_admin)]# ip netns exec qdhcp-a5958652-7348-436f-8aff-2c9ebd7dd9f7 ssh -l cirros
The authenticity of host ' (' can't be established.
RSA key fingerprint is 80:bc:58:4c:04:a6:a7:a4:0e:58:e1:0b:8d:55:e0:45.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '' (RSA) to the list of known hosts.
cirros@'s password:

Good I'm in.

$ exit

Next I looked for a public key I already generated from my host machine

[root@centos-6-5-openstack .ssh(keystone_admin)]# ls
authorized_keys  id_rsa  id_rsa.pub  known_hosts

So now all I did was scp the file to the authorized_keys directory of the VM

[root@centos-6-5-openstack .ssh(keystone_admin)]# ip netns exec qdhcp-a5958652-7348-436f-8aff-2c9ebd7dd9f7 scp id_rsa.pub cirros@
cirros@'s password:
id_rsa.pub                                                                              100%  407     0.4KB/s   00:00   

Now I can ssh with the key-pair without having to type in my password.

[root@centos-6-5-openstack .ssh(keystone_admin)]# ip netns exec qdhcp-a5958652-7348-436f-8aff-2c9ebd7dd9f7 ssh -l cirros

$ whoami

I'm still going to try to figure this out. Hopefully I'll be able to work this out the regular way.

No comments:

Post a Comment