Import Key for SSH Access
To gain secure shell (SSH) access to your virtual machines, begin by creating and importing a key pair: the public key is saved in Infrahub API/Hyperstack to be used with VMs for SSH access, and the private key is downloaded to be used with an SSH client.
Follow the instructions below to:
1. Create a key pair
To create a key pair:
- Linux
- Windows
-
Open Terminal.
-
Use the
ssh-keygencommand to create a new key:
ssh-keygen
-
After you run the command, you will be asked to specify the names of files where the keys will be saved and enter the password for the private key. Press Enter to use the default name. The key pair will be created in the
~/.sshdirectory. -
Your public key will be saved with a
.pubextension. The private key will be in the location you specified.
Public key: /path/to/your/key.pub
Private key: /path/to/your/key
- Copy the public key from the
<key_name>.pubfile using any text editor, such as Notepad. Please note that the key must be written as a single line (no returns or line breaks).
Never share your private SSH key. Only the public key needs to be imported to access your virtual machines.
-
Run
cmd.exeorpowershell.exe. -
Use the
ssh-keygencommand to create a new key. Run this command:
ssh-keygen
- After you run the command, you will be prompted to specify the names of files where the keys will be saved and create a password for the private key. Press Enter to use the default name.
The key pair will be created in C:\Users\<username>\.ssh\ or C:\Users\<username>\ depending on the command line interface.
The public key will be saved in the <key_name>.pub file.
- Copy the public key from the
<key_name>.pubfile using any text editor, such as Notepad. Please note that the key must be written as a single line (no returns or line breaks).
Never share your private SSH key. Only the public key needs to be imported to access your virtual machines.
Next, use the public key you copied to your clipboard in the public_key field when making the API request to import an SSH key pair.
2. Importing an SSH key pair
- Infrahub API
- Hyperstack
POST /core/keypairs
To import a key pair, use the POST /core/keypairs endpoint with the completed request body as shown in the request below.
In the body of the request include the following fields:
-
The
namefield containing the name of your choosing for the SSH key pair you are creating. -
The
environment_namefield with the name of the environment within which the SSH key will be stored. -
The
public_keyfield with the public key that you just saved to clipboard in the previous step.
Save the name of your new key pair, as this will be necessary to create your virtual machine.
curl -X POST "https://infrahub-api.nexgencloud.com/v1/core/keypairs"
-H "api_key: YOUR API KEY"
-H "Content-Type: application/json"
-d '{
"name": "example-key-name",
"environment_name": "example-environment-name",
"public_key": "ssh-ed25519 AAAAAC3NzaC1lZDINTE5AAAAIHna64ksd7dXJKhsf8xKkXf+s9djdkx97Hs6Dfn [email protected]"
}'
{
"status": true,
"message": "Keypair is imported successfully",
"keypair": {
"id": 3,
"name": "example-key-name",
"environment": "example-environment-nam",
"public_key": "ssh-ed25519 AAAAAC3NzaC1lZDINTE5AAAAIHna64ksd7dXJKhsf8xKkXf+s9djdkx97Hs6Dfn [email protected]",
"fingerprint": "23:64:b2:8e:89:4b:be:21:a6:51:22:d8:80:fb:e2:22",
"created_at": "1970-01-01T00:00:00.000Z"
}
}
Use Hyperstack to quickly generate a new key pair and create an SSH key.
- Your public key is saved in Hyperstack to be used with VMs for SSH access.
- Your private key is downloaded to be used with an SSH client.
To create a new SSH key:
-
On the Key Pairs tab within Hyperstack click Create a new Key Pair.
-
To generate a new key pair click the Generate a new keypair tab, and in the provided fields:
- Select the environment.
- Enter the name of the new SSH key.
- Click Create Key Pair.
3. Enable incoming SSH traffic to your virtual machine
To enable incoming traffic to your virtual machine, you must create a firewall rule, this can be done using Hyperstack or the Infrahub API.
- Infrahub API
- Hyperstack
Send a POST request to /core/virtual-machines/{virtual-machine-id}/sg-rules endpoint replacing virtual-machine-id in the path with the ID of the virtual machine for which you want to enable SSH access, and complete the body of the request as specified below.
-
Include the integer ID of the virtual machine that this firewall rule is being attached to in the path of the request as follows:
/core/virtual-machines/{VM ID HERE}/sg-rules
-
Complete the request body with the following fields and values:
Field Name Field Input Description remote_ip_prefix0.0.0.0/0Allows traffic from any source IP address. directioningressDesignates that the firewall rule is for incoming traffic. ethertypeIPv4Indicates the use of Internet Protocol version 4. protocolicmpSpecifies the use of Internet Control Message Protocol. port_range_min22Specifies the minimum port value for SSH. port_range_max22Specifies the maximum port value for SSH.
curl -X POST https://infrahub-api.nexgencloud.com/core/virtual-machines/{virtual-machine-id}/sg-rules \
-H "accept: application/json" \
-H "api_key: YOUR API KEY" \
-d '{
"remote_ip_prefix": "0.0.0.0/0",
"direction": "ingress",
"ethertype": "IPv4",
"protocol": "tcp",
"port_range_min": 22,
"port_range_max": 22
}'
To authenticate Infrahub API requests, add an authorization header to your API request that contains an API Key as follows:
-H "api_key: YOUR API KEY"
To enable SSH access to your virtual machine in Hyperstack:
-
Within Hyperstack, navigate to the Virtual Machines page.
-
Click on the virtual machine for which you intend to enable SSH access.
-
In the Firewall Rules section of the virtual machine, click the Enable SSH access button. This action will automatically generate a firewall rule allowing incoming traffic from any IP (0.0.0.0/0) on port 22 via the TCP protocol.
Incoming SSH traffic to this virtual machine will now be permitted.
Now that you have successfully imported the SSH key, let's move on to launching a virtual machine.