How to use pre-created ssh key for overcloud or replace a security key in OpenStack Platform?
Issue
- I would like to use pre-created ssh key to overcloud.
- Can not ssh to overcloud nodes
- overcloud ssh
- ssh overcloud fails
If the stack user ssh pub key does not match the default key imported in nova, ssh auth will fail. In that casessh heat-admin@overcloud_node_ipwill ask for a password (since there is no valid ssh key configured).
In order to check, please execute either openstack keypair show default --public-key or nova keypair-show default and compare the key with the stack user public key (cat /home/stack/.ssh/id_rsa.pub). If they mismatch, the nova key in the undercloud should be replaced with the stack user's id_rsa.pub.
In the following output all keys match, i.e. are configured correctly:
[stack@undercloud ~]$ openstack keypair show default --public-key
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCeWqcePhDoTOjin/gzUqhQYM+xwROF8qsyTiIzF9egw3A+W6+7dwr2L2Ob89jA3v+KU2vaAkdzMxNw8E/Ra7AJWCEWG0eYqZdP34EOn7aMtG+I7ZV7cG2uC4u+z7c+jNS7idUZ3PRMRE/dVAEShxJTnLUOvVSq0SqYQZAgo7BK3LH/A81Vcxbjm8OTbdBMRqqnrdzmGppcowosE6DnwDqzCTk0y+Bf4rZ3P0JHT1lK+jZcVbQq9A12oxSwlUolXsjQUWfpBCITakuGPCli6yx/gqBRd/kk3TZrZGSHTrD5VmXhBhSl2Exu0fhrmSsz8G8Y6TYJst+syjLty9qJ0zuj stack@undercloud.default.redhat.local
[stack@undercloud ~]$ nova keypair-show default
+-------------+-------------------------------------------------+
| Property | Value |
+-------------+-------------------------------------------------+
| created_at | 2016-10-10T07:51:01.000000 |
| deleted | False |
| deleted_at | - |
| fingerprint | d9:d8:31:1a:e8:85:43:a7:bd:f2:c1:69:51:4d:ad:a9 |
| id | 3 |
| name | default |
| updated_at | - |
| user_id | 88951ae9bafe4aedbe248fd623caae8c |
+-------------+-------------------------------------------------+
Public key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCeWqcePhDoTOjin/gzUqhQYM+xwROF8qsyTiIzF9egw3A+W6+7dwr2L2Ob89jA3v+KU2vaAkdzMxNw8E/Ra7AJWCEWG0eYqZdP34EOn7aMtG+I7ZV7cG2uC4u+z7c+jNS7idUZ3PRMRE/dVAEShxJTnLUOvVSq0SqYQZAgo7BK3LH/A81Vcxbjm8OTbdBMRqqnrdzmGppcowosE6DnwDqzCTk0y+Bf4rZ3P0JHT1lK+jZcVbQq9A12oxSwlUolXsjQUWfpBCITakuGPCli6yx/gqBRd/kk3TZrZGSHTrD5VmXhBhSl2Exu0fhrmSsz8G8Y6TYJst+syjLty9qJ0zuj stack@undercloud.default.redhat.local
[stack@undercloud ~]$ cat /home/stack/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCeWqcePhDoTOjin/gzUqhQYM+xwROF8qsyTiIzF9egw3A+W6+7dwr2L2Ob89jA3v+KU2vaAkdzMxNw8E/Ra7AJWCEWG0eYqZdP34EOn7aMtG+I7ZV7cG2uC4u+z7c+jNS7idUZ3PRMRE/dVAEShxJTnLUOvVSq0SqYQZAgo7BK3LH/A81Vcxbjm8OTbdBMRqqnrdzmGppcowosE6DnwDqzCTk0y+Bf4rZ3P0JHT1lK+jZcVbQq9A12oxSwlUolXsjQUWfpBCITakuGPCli6yx/gqBRd/kk3TZrZGSHTrD5VmXhBhSl2Exu0fhrmSsz8G8Y6TYJst+syjLty9qJ0zuj stack@undercloud.default.redhat.local
[stack@undercloud ~]$
Environment
All versions of Red Hat OpenStack Platform.
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
