|
| 1 | +--- |
| 2 | +meta: |
| 3 | + title: Using tags to add Instance-specific SSH keys |
| 4 | + description: Find out how to use tags to add Instance-specific SSH keys. |
| 5 | +content: |
| 6 | + h1: Using tags to add Instance-specific SSH keys |
| 7 | + paragraph: Find out how to use tags to add Instance-specific SSH keys |
| 8 | +categories: |
| 9 | + - compute |
| 10 | +dates: |
| 11 | + validation: 2024-10-08 |
| 12 | +tags: Instance ssh-key ssh tag |
| 13 | +--- |
| 14 | + |
| 15 | +In cloud environments, managing SSH keys across multiple Instances is key to keeping your infrastructure secure and easy to access. |
| 16 | +Sometimes, you need to ensure that a specific SSH key grants access to only one Instance and doesn't automatically apply to others. |
| 17 | +This can simplify key management and improve security, especially when you're running many Instances |
| 18 | + |
| 19 | + |
| 20 | +<Macro id="requirements" /> |
| 21 | + |
| 22 | +- A Scaleway account logged into the [console](https://console.scaleway.com) |
| 23 | +- [Owner](/identity-and-access-management/iam/concepts/#owner) status or [IAM permissions](/identity-and-access-management/iam/concepts/#permission) allowing you to perform actions in the intended Organization |
| 24 | +- An [SSH key](/identity-and-access-management/organizations-and-projects/how-to/create-ssh-key/) |
| 25 | +- An [Instance](/compute/Instances/how-to/create-an-Instance/) |
| 26 | + |
| 27 | +## The authorized_keys file |
| 28 | + |
| 29 | +Scaleway stores authorized SSH keys in the `/root/.ssh/authorized_keys` file. If you inspect this file, you might notice a small comment mentioning the use of tags to add SSH keys directly to Instances. |
| 30 | + |
| 31 | +```bash |
| 32 | +cat /root/.ssh/authorized_keys |
| 33 | +# |
| 34 | +# WARNING: Automatically generated file |
| 35 | +# This file will be erased at every boot |
| 36 | +# This file was generated with '/usr/sbin/scw-fetch-ssh-keys' |
| 37 | +# |
| 38 | +# To ad |
| 39 | +# To add a new key, you can: |
| 40 | +# -- Add keys on your Scaleway account https://cloud.scaleway.com/#/credentials |
| 41 | +# -- Add keys using server tags - https://cloud.scaleway.com/#/servers/<INSTANCE_ID> |
| 42 | +# - i.e: "AUTHORIZED_KEY=ssh-rsa_XXXXXXXXXXX AUTHORIZED_KEY=ssh-rsa_YYYYYYYYYYYYYYY" |
| 43 | +# - Be sure to replace all spaces with underscores |
| 44 | +# - $> sed 's/ /_/g' ~/.ssh/id_rsa.pub |
| 45 | +# -- Add the keys to '/root/.ssh/Instance_keys' which will be imported |
| 46 | +# |
| 47 | +# And recreate your 'authorized_keys' file with the new keys: |
| 48 | +# -- Run 'scw-fetch-ssh-keys --upgrade' |
| 49 | +[...] |
| 50 | +``` |
| 51 | + |
| 52 | +This file lists all the SSH public keys allowed to access the Instance. Our goal is to add an Instance-specific SSH key that will not be automatically applied to other Instances. |
| 53 | + |
| 54 | + |
| 55 | +## How to add Instance-specific SSH keys using tags |
| 56 | + |
| 57 | +1. Click **Instances** in the **Compute** section of the side menu. The [Instances overview](https://console.scaleway.com/Instance/servers) displays. |
| 58 | +2. Click the Instance you want to add a specific key to. |
| 59 | +3. Navigate to the section where you can add tags to the Instance on the Instances overview page. |
| 60 | +4. Add the public SSH key tag by writing in the **Tags** form. You can add multiple keys by creating separate `AUTHORIZED_KEY` tags for each SSH key. |
| 61 | + The format for creating SSH key tags is: |
| 62 | + ```bash |
| 63 | + AUTHORIZED_KEY=ssh-rsa_XXXXXXXXXXX AUTHORIZED_KEY=ssh-rsa_YYYYYYYYYYYYYYY |
| 64 | + ``` |
| 65 | + <Message type="important"> |
| 66 | + Remember to replace any spaces with underscores (`_`) in the SSH public key string when entering it as a tag. Your actual SSH public key remains unchanged. |
| 67 | + |
| 68 | + For example, if your public key looks like this: |
| 69 | + ```bash |
| 70 | + ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG1hT8oQksyU9BLjoTtI93xT9+Ds9YRHTUZXq99c2EC3 |
| 71 | + ``` |
| 72 | + In the tag field, you would enter: |
| 73 | + |
| 74 | + ```bash |
| 75 | + AUTHORIZED_KEY=ssh-ed25519_AAAAC3NzaC1lZDI1NTE5AAAAIG1hT8oQksyU9BLjoTtI93xT9+Ds9YRHTUZXq99c2EC3 |
| 76 | + ``` |
| 77 | + </Message> |
| 78 | + |
| 79 | +4. Once you have added the SSH key tag(s), they will be saved automatically in the Scaleway console. |
| 80 | + |
| 81 | +### Updating the keys on your Instance |
| 82 | + |
| 83 | +1. Run the following command: |
| 84 | + |
| 85 | + ```bash |
| 86 | + scw-fetch-ssh-keys --upgrade |
| 87 | + ``` |
| 88 | +2. Verify the SSH key on the Instance by typing |
| 89 | + |
| 90 | + ```bash |
| 91 | + cat /root/.ssh/authorized_keys |
| 92 | + ``` |
| 93 | + |
| 94 | +The Instance-specific key has been added to the /root/.ssh/authorized_keys file on the Instance alongside with your account-wide configured keys. |
| 95 | +The specific tag public key will not propagate to other Instances in your infrastructure. |
| 96 | + |
| 97 | +<Message type="tip"> |
| 98 | + Another option to update the SSH keys of your Instances is to reboot them. |
| 99 | +</Message> |
| 100 | + |
| 101 | +## Conclusion |
| 102 | + |
| 103 | +You now have configured an Instance-specific SSH key through the Scaleway console. |
| 104 | +One of the main advantages of using tags for SSH keys is that they will not apply to other Instances, even after updates or reboots. |
| 105 | +This ensures that only the designated Instance can be accessed with the specified SSH key. |
0 commit comments