Set Up and Modify Your SSH Key in the Oracle Cloud Environment
Author: Megan Elphingstone | | August 9, 2017
Creating an SSH key is part of the Oracle Cloud service setup, and it’s required for direct access to the Oracle Virtual Machine. Once your key is set up, you may want to grant access to an additional user or two, which requires modifying the existing key. In testing this, I ran into a few challenges and found a work around. This blog post will cover the initial setup, how to add an SSH key, and how to resolve issues.
The Oracle Documentation walks you through the steps for the initial setup, but adding a second key was a little confusing. Adding a third key was a problem that had to be solved.
Initial SSH Key Setup
An SSH key is required as part of the creation of your cloud service.
To create the key on UNIX, use the following command:
ssh-keygen -t rsa -b 4096 -C “firstname.lastname@example.org”
$ ssh-keygen -t rsa -b 4096 -C email@example.com
Generating public/private rsa key pair.
Enter file in which to save the key: ./oracle_cloud_keys/oracle_cloud_dbaas_key
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in ./oracle_cloud_keys/oracle_cloud_dbaas_key.
Your public key has been saved in ./oracle_cloud_keys/oracle_cloud_dbaas_key.pub.
The key fingerprint is:
The key’s randomart image is:
$ cd oracle_cloud_keys
-rw——- 1 megan.elphingstone staff 3326 Jun 29 13:00 oracle_cloud_dbaas_key
-rw-r–r– 1 megan.elphingstone staff 743 Jun 29 13:00 oracle_cloud_dbaas_key.pub
The public key is added to your cloud setup as shown below:
Copy the txt of your public key, or choose the file:
Continue with the creation of the initial database environment.
Once your environment has been setup, you may be ready to turn this over to your team or to share the environment with another DBA. Other DBAs that require server access will need to setup their own public/private key pair for access. Here is how to add another user’s public key to your cloud environment.
Enter your Identity Domain and then login with your username and password.
Access the SSH setup here by clicking on the three lines on the left:
Then click on “Database”
Click on SSH Access
Click on Add New Key
My first instinct here was to click Add New Key, but that wasn’t the right choice:
That leaves us two choices:
“Upload a new SSH Public Key value from a file”
Or clicking on “Key Value”
Since we were testing, we tried the first option and uploaded the key from a file. However, once this was completed, we saw that it had overwritten the prior key. So – that’s not what you want if you are trying to add to the existing key. (Unless you create a file that has the existing key in addition to the new key.)
To add a key, click on the “Key Value,” this will allow you access to the existing key values:
Scroll to the end of the existing text and hit the carriage return and paste the new key:
Now click “Add New Key”
At this I got an hour glass and the “add new key” was grayed out. I had to refresh to see that it was successful.
I was able to add a second key this way. But when I added a third key, I received the following error message:
Clicking on the exclamation point for more info gave me the following:
Failed to resetting the user ssh key, try again! Error message: SSH keys reset on VMs failed
I tried to add all three keys to a file and upload the file. This appeared to be successful, but when I tested them, the third key didn’t work. Looking at the Key Value showed that the third key was incomplete. This led me to believe there is a character limit on the Add New Key section of the Cloud Service webpage.
As an experienced DBA, I solved this the way I would have before the cloud – by editing the authorized key file on the server. Proceed with caution, and always create backups.
I logged in to the server with the first SSH key I created: Then I made a backup of the existing authorized_keys file.
$ ssh -i oracle_cloud_dbaas_key oracle@IPaddress
Enter passphrase for key ‘oracle_cloud_dbaas_key’:
[oracle@server ~]$ pwd /home/oracle [oracle@server ~]$ cd .ssh [oracle@server .ssh]$ ls -ltr -rw-r--r-- 1 oracle oinstall 3574 Jul 3 17:55 authorized_keys.bk -rw-r--r-- 1 oracle oinstall 4302 Jul 6 20:10 authorized_keys
After creating the backup, I edited it to add my third key to the end of the file. I can now login via all three keys.
In a real-world application, the DBA who did the initial setup may need to add the public keys for any additional DBAs who need server access. When I began testing this, I received a warning message that saving a new SSH key would require a server reboot, and that message no longer appears. The Oracle Cloud is evolving quickly, and this SSH administration issue may soon go away, but for the time being, I hope this blog post saves you some setup time, so you can go straight to testing the Oracle Cloud for your business needs.
Datavail is a specialized IT services company focused on Data Management with solutions in BI/DW, analytics, database administration, custom application development, and enterprise applications. We provide both professional and managed services delivered via our global delivery model, focused on Microsoft, Oracle and other leading technologies.
For additional resources please download, Oracle Database Cloud Services Muscles Up.
Datavail Script: Terms & Conditions
By using this software script (“Script”), you are agreeing to the following terms and condition, as a legally enforceable contract, with Datavail Corporation (“Datavail”). If you do not agree with these terms, do not download or otherwise use the Script. You (which includes any entity whom you represent or for whom you use the Script) and Datavail agree as follows:
- CONSIDERATION. As you are aware, you did not pay a fee to Datavail for the license to the Script. Consequently, your consideration for use of the Script is your agreement to these terms, including the various waivers, releases and limitations of your rights and Datavail’s liabilities, as setforth herein.
- LICENSE. Subject to the terms herein, the Script is provided to you as a non-exclusive, revocable license to use internally and not to transfer, sub-license, copy, or create derivative works from the Script, not to use the Script in a service bureau and not to disclose the Script to any third parties. No title or other ownership of the Script (or intellectual property rights therein) is assigned to you.
- USE AT YOUR OWN RISK; DISCLAIMER OF WARRANTIES. You agree that your use of the Script and any impacts on your software, databases, systems, networks or other property or services are solely and exclusively at your own risk. Datavail does not make any warranties, and hereby expressly disclaims any and all warranties, implied or express, including without limitation, the following: (1) performance of or results from the Script, (2) compatibility with any other software or hardware, (3) non-infringement or violation of third party’s intellectual property or other property rights, (4) fitness for a particular purpose, or (5) merchantability.
- LIMITATION ON LIABILITY; RELEASE. DATAVAIL SHALL HAVE NO, AND YOU WAIVE ANY, LIABILITY OR DAMAGES UNDER THIS AGREEMENT.
You hereby release Datavail from any claims, causes of action, losses, damages, costs and expenses resulting from your downloading or other use of the Script.
- AGREEMENT. These terms and conditions constitute your complete and exclusive legal agreement between you and Datavail.
The “ORA-12154: TNS:could not resolve the connect identifier specified” Oracle error is a commonly seen message for database administrators.