SSH Keys Generation for Usage in Oracle PAAS Cloud Services Provisioning

In this blog post will be discussing on the SSH Keys generation for usage in Oracle PAAS cloud services provisioning. Typically you would require to generate a pair of public and private SSH Key pairs and provide the same as part of the PAAS Cloud provisioning. Detailed steps of generating the SSH Keys will be discussed below. There is another way of generating the SSH Keys through command line which would not be discussed here but the link for the same would be provided in the blog for folks who are interested to generate the SSH Key pairs using command line tool.To generate an SSH key pair manually we would be using the PUTTY Key Generator.Following are the steps detailing out how to generate the SSH Keys manually using PUTTY Key Generator.


1. Find puttygen.exe in the PuTTY folder on your computer, for example, C:\Program Files (x86)\PuTTY. Double-click puttygen.exe to open it.

 2. Accept the default key type, SSH-2 RSA. SSH-2 is the most recent version of the SSH protocol (and is incompatible with SSH-1). RSA and DSA are algorithms for computing digital signatures. Set the Number of bits in a generated key to 2048 bits, if it is not already set with that value.This sets the size of your key and thus the security level. A minimum of 2048 bits is recommended for SSH-2 RSA. Click Generate.

3. Move your mouse around the blank area to generate randomness to the key.
Note: the dotted red line in the image below is for illustration purposes only. It does not appear in the generator pane as you move the mouse.

4. The generated key appears under Public key for pasting into OpenSSH authorized_keys file.

5. The key comment is the name of the key that you will use to identify it. You can keep the generated key comment or create your own.If you want to password-protect your key, enter a Key passphrase and enter it again for Confirm passphrase. When you reload a saved private key, you will be asked for the passphrase, if one is set.While a passphrase is not required, you should specify one as a security measure to protect the private key from unauthorized use.There is no way to recover a passphrase if you forget it.

6.    Save the private key of the key pair. Depending how you work with the private key in the future, you      may need one saved in the PuTTY PPK format and one saved in OpenSSH format. 

   i)   To save the key in the PuTTY PPK format, click Save private key to save the private key of the key        pair.You can name it anything you want, although you may want to use the same name as you              used for the key comment. The private key is saved in PuTTY's Private Key (PPK) format, which is        a proprietary format that works only with the PuTTY toolset.

    

             You can use this key whenever you use Putty to perform SSH actions.

        ii)  To save the key in OpenSSH format, open the Conversions menu and select Export SSH                    key. This will be the same key as above, just saved in a different format.

        You can name it anything you want, but to keep track of your keys, you should give it the same               name as the key you saved in PPK format in the previous step. You can also use any extension            (or no extension), but better to use .ssh, to make it clear what format it is.

         

         

         You can use this key whenever you use OpenSSH to perform SSH actions using ssh utilities that            support OpenSSH, for example when using Linux in a command shell.

7.  Now you need to create the public key to be paired with the private key(s) you just created.                    However, clicking the Save public key button will create a public key that won't work with Oracle          Cloud services in certain cases. So, there is no reason to save a public key using the Save public        key button. Instead we shall follow the process discussed in the next steps.In the PuTTY Key                Generator, select all of the characters under Public key for pasting into OpenSSH                              authorized_keys file.Make sure you select all the characters, not just the ones you can see in the        narrow window. If a scroll bar is next to the characters, you aren't seeing all the characters.

     Save the key as a text file, using the same root name as you used for the private key. Add                    .pub extension. You can give it any extension you want, but .pubis a useful convention to indicate          that this is a public key.

8.   After creating all the public, private and SSH keys you would end up with three key files as shown in       the below screen shot.

      

     

9. Write down the names of your public and private keys, and note where they are saved. You will need the public key when creating service instances on PAAS Cloud, for example, Oracle Java Cloud Service and Oracle Database Cloud - Database as a Service, Oracle SOA Cloud Service and Oracle Compute Cloud Service. You will need the private key when trying to access a service instance's virtual machine via SSH.

Reference: Oracle Blog