云端起舞 - Oracle公有云服务的公私密钥对详解
Joel Perez
Oracle ACE总监, Maximum Availability OCM,OTN 专家,全球第一批ACE称号获得者,致力于数据库高可用、灾难恢复、升级迁移和数据复制等方向设计和实现解决方案。
This article guides you to replace the public/private keypair associated to an Oracle Public Cloud Service with a new pair.
Most Oracle Public Cloud servicesprovide their services with VMs that users can access through a secure shell(SSH). For an SSH access, when you create your Oracle Public Cloud service, youassociate a public key to your service instance. Then when you want to accessthe VM for the service with Secure Shell, you provide the matching private key.This way, even if others know the IP address to your instance, there is nousername and password involved. Instead anyone who wants to access their VM, hasto provide their private key which makes it very secure.
The Oracle Public Cloud Servicewizard can create the public/private key pair for you, if you don't have analready existing pair that you must use. In case you want to update thepublic/private key pair that is associated to your VM, you can do that throughyour Oracle Public Cloud Service's console page.
Some Oracle Public Cloud services such as Oracle StorageCloud Service don't provide access to their VMs with Secure Shell. Instead youuse REST API calls to access the service. This article is for cloudservices that allow SSH access to their VMs and therefore, they provide you apublic/private key pair for SSH access.
某些Oracle公共云服务(如Oracle Storage Cloud Service)无法使用SSH访问其虚拟机。但可以使用REST API调用来访问服务。本文适用于允许SSH访问其VM的云服务,因此,它们为SSH访问提供了公私密钥对。
For updating Public/Private Key Pairs we have to generateand update them. In this article Part I, we will focus in the process ofgenerate them.
part 1:Generate the Keys
You already have a service instance that has a set of keysassociated to it. In order to replace them, first you need a pair of new keys
1.- You already have a service instance that has a set ofkeys associated to it. In order to replace them, first you need a pair of newkeys
2.- Provideyour Identity Domain and click Go.
提供个人域名然后单击 GO
Note: If you don't go to Oracle Cloud directly and use the link in your Welcome email instead, you don't need to provide your identity domain.
注意:如果您不直接访问Oracle Cloud,而是改用欢迎电子邮件中的链接,则不需要提供您的身份域。
3.- Enter your username and password and click SignIn.
In My Services dashboard, click the menu option foryour Oracle cloud service and then click Open Service Console. Thisexample in this article is for GoldenGate Cloud Service.
在我的服务面板,打开菜单选择“ OpenService Console”,以下的案例是在OGG的云服务上测试的。
4.- In the Services page, click Create Service. (You willnot create the service, you are just getting to the wizard's key generator.)
5.- In the wizard, there is a field for SSH Public key or afield with similar name. Click the Edit button.
Note: If thefirst step of the wizard doesn't have a public key field, continue filling thefields to proceed to the next steps until you get an SSH Public Key field.
6.- Select Create a New Key and then click Enter.
7.- Click Download.
8.- Click Save File in the opening sshkeybundle.zipwindow.
9.- Because the keys are generated every time in acompressed folder with the name of sshkeybundle.zip, change the name, so youdon't get confused which folder has your keys. Browse to the location of yourchoice and save it for example, as sshkeybundle_Jack.zip.
10.- Click Done in the Download Keys popup menu.
11.- Click Cancel in the wizard to come out of thewizard.
12.- Unzip the folder that contains thepublic/private key pair. For this example, sshkeybundle_Jack.zip.
13.- Rename your public and private keys. Forexample, from publicKey and privateKey to publicKey_Jack and privateKey_Jackrespectively.
Note: It's best if you use the Oracle generatedkeys for Oracle cloud services. For example, if you use PuTTy to create thepair of keys, the ppk format of the keys may not be accepted for connecting tothe VMs with SOCKS5 proxy server.
注意:建议使用Oracle云服务生成公私密钥对,如果使用Putty生成的话,在连接SOCKS5 proxy服务下的虚拟机的时候,密钥的格式可能不会被识别。
part 2 updating the keys.
this part guides you to replace the public/private key pair associated to an Oracle Public CloudService with a new pair.
1.- In Oracle Public Cloud's, My Services dashboard, click the menu option for your Oracle cloud service and then click Open Service Console.
在Oracle公有云服务的界面,打开My Services面板,在菜单中选中自己的公有云服务,然后点击Open Service Console。
2.- Click the menu option for the specific service instance you want to update its associatedpublic key and then select SSH Access. For this article the service instance is GGCS ervice-ABC.
在菜单栏选中你将要更改密钥对的公有云服务,选择SSH访问,本文中我使用的服务实例是GGCS ervice-ABC.
3.- In the Add New Key dialog box, the Key value field displays the current public keyvalue that is associated with the VM of your service. Select Upload a NewPublic Key option and click Browse.
在添加新密钥值的方框里,如果显示你的服务对应的当前的公钥对,那么点击Upload a NewPublic Key进行修改。
4.- Select the new public key. For example, publicKey_Jack.
5.- After the newpublic key, appears in the dialog box for the Upload a new SSH Public Keyfield, then, click Add New Key. Your VM is now associated with this newpublic key and you'll need your matching private key, such asprivateKey_Jack to access the VM for this service.
在上传新的SSH公钥字段时,当新的公钥出现在对话框中后,单击Add New Key。 你的VM现在与此新公钥相关联,将需要匹配的私钥,例如asprivateKey_Jack才能访问此服务的VM。
This is thecomplete process to update Public/Private Key Pairs of Oracle Public CloudServices