Creating the SSH Keypair

In order to connect to and perform tasks on the bastion, you will use SSH with keypair authentication. In this section, you will create a key pair and store its private value and fingerprint to local files.

The SSH keypair will be used later for instantiating worker nodes. Optionally, you can create a separate keypair for the bastion and for worker nodes. In that case, follow the steps described here, and give each keypair a distinct name.

If you connect to your VMs using the Google Cloud console or the Google Cloud CLI, the Compute Engine creates the SSH keys on your behalf. For more information on how Compute Engine configures and stores keys, please check the Google Cloud documentation.

If you connect to your VMs using third party tools or OpenSSH, you will need to add a key to your VM before you can connect. If you don't have an SSH key already, you must create one. VMs accept the key formats listed in the sshd_config file (located in the /etc/ssh/ directory).

Keypair creation with ssh-keygen

There are several options on how to generate the SSH key,. The following is an example of how to generate one using the ssh-keygen tool, which saves your private key file to <KEY_FILENAME>, and your public key file to <KEY_FILENAME>.pub in the path specified when running the command.

  1. Open a terminal and use the ssh-keygen command with the -C flag to create a new SSH key pair.

    ssh-keygen -t rsa -f ~/.ssh/<KEY_FILENAME> -C <USERNAME> -b 2048

    Where:

    <KEY_FILENAME> is the name for your SSH key file

    <USERNAME> your username on the VM. For example, arcsight_user.

    For example, a <KEY_FILENAME> of my-ssh-key would generate a private key file named my-ssh-key and a public key file named my-ssh-key.pub.

    For Linux VMs, the <USERNAME> can't be root, unless the VM has been set to allow root login.

  2. Once the SSH key has been generated, execute the following command:

    cat ~/.ssh/<KEY_FILENAME>.pub

    And document the output on the Google Cloud worksheet.