编辑手记:大多数Oracle公共云服务的用户可以通过SSH访问虚拟机。创建服务时,将公钥与服务实例绑定,然后访问具有SSH服务的VM,需要提供匹配的私钥。这样,任何人想要访问服务的VM,必须提供对应的私钥,这在很大程度上保证了服务的安全性。
云端起舞系列文章回顾:
1、Configure and Practice Backup and Recovery in Cloud 在Oracle公有云上备份与恢复的配置和实践
2、Create a Primary and Standby Database in the Cloud 在Oracle公有云上创建standby数据库
3、 Create a database clone in the cloud 在Oracle公有云上创建克隆数据库
4、Oracle Cloud Database Patching Then patch like a king with single click Database As A Service (DbaaS) Oracle云上一键安装数据库补丁集
5、Find the IP address of an Oracle Public Cloud Service VM 快速查找Oracle公有云服务上VM服务器的IP地址
作者简介:
Joel Perez
Oracle ACE总监, Maximum Availability OCM,OTN 专家,全球第一批ACE称号获得者,致力于数据库高可用、灾难恢复、升级迁移和数据复制等方向设计和实现解决方案。
Purpose
This article guides you to replace the public/private keypair associated to an Oracle Public Cloud Service with a new pair.
这篇文章旨在教你如何创建及修改Oracle公有云服务上的公私密钥对。
Background
Most Oracle Public Cloud servicesprovide their services with VMs that users can access through a secure shell(SSH). For an SSH access, when you create your Oracle Public Cloud service, youassociate a public key to your service instance. Then when you want to accessthe VM for the service with Secure Shell, you provide the matching private key.This way, even if others know the IP address to your instance, there is nousername and password involved. Instead anyone who wants to access their VM, hasto provide their private key which makes it very secure.
大多数Oracle公共云服务保证其服务与用户可以通过SSH访问虚拟机。在创建Oracle公共云服务时,将公钥与服务实例绑定,访问具有SSH服务的VM时,需要提供匹配的私钥。这样,即使其他人知道实例的IP地址,也不会涉及用户名和密码。相反,任何人谁想要访问他们的VM,必须提供他们的私钥,这在很大程度上保证了服务的安全性。
The Oracle Public Cloud Servicewizard can create the public/private key pair for you, if you don't have analready existing pair that you must use. In case you want to update thepublic/private key pair that is associated to your VM, you can do that throughyour Oracle Public Cloud Service's console page.
如果您继续使用公私密钥对,但此时恰好没有,Oracle公共云服务向导可以帮助您创建公/私密钥对。如果要更新与VM相关联的公私密钥对,可以通过Oracle公共云服务的控制台页面进行更新。
Some Oracle Public Cloud services such as Oracle StorageCloud Service don't provide access to their VMs with Secure Shell. Instead youuse REST API calls to access the service. This article is for cloudservices that allow SSH access to their VMs and therefore, they provide you apublic/private key pair for SSH access.
某些Oracle公共云服务(如Oracle Storage Cloud Service)无法使用SSH访问其虚拟机。但可以使用REST API调用来访问服务。本文适用于允许SSH访问其VM的云服务,因此,它们为SSH访问提供了公私密钥对。
For updating Public/Private Key Pairs we have to generateand update them. In this article Part I, we will focus in the process ofgenerate them.
要谈到公私密钥对的更新,首先我们需要生成密钥对。这也是本文的重点内容之一。
part 1:Generate the Keys
You already have a service instance that has a set of keysassociated to it. In order to replace them, first you need a pair of new keys
假设当前已经有一个服务实例,且具有一组与其相关联的密钥。为了更新它们,首先需要一对新的密钥。步骤如下:
1.- Provideyour Identity Domain and click Go.
提供个人域名然后单击 GO
Note: If you don't go to Oracle Cloud directly and use the link in your Welcome email instead, you don't need to provide your identity domain.
注意:如果您不直接访问Oracle Cloud,而是改用欢迎电子邮件中的链接,则不需要提供您的域名。
2.- Enter your username and password and click SignIn.
输入用户名和密码,单击登陆
In My Services dashboard, click the menu option foryour Oracle cloud service and then click Open Service Console. Thisexample in this article is for GoldenGate Cloud Service.
在我的服务面板,打开菜单选择“ Open Service Console”,以下的案例是在OGG的云服务上测试的。
3.- In the Services page, click Create Service. (You willnot create the service, you are just getting to the wizard's key generator.)
在服务页面,选择创建服务。(当然此处上不需要手动创建服务的,只需要通过点击按钮一键生成服务)
4.- In the wizard, there is a field for SSH Public key or afield with similar name. Click the Edit button.
在创建服务的页面,需要填写SSH公钥,点击编辑按钮。
Note: If thefirst step of the wizard doesn't have a public key field, continue filling thefields to proceed to the next steps until you get an SSH Public Key field.
注意:如果在第一步不存在填写公钥的选项,只需要继续填写后面的选项,直到SSH出现。
5.- Select Create a New Key and then click Enter.
选择创建新的公钥并点击回车。
6.- Click Download.
选择下载
7.- Click Save File in the opening sshkeybundle.zip window.
在打开的sshkeybundle.zip页面选择保存文件
8.- Because the keys are generated every time in acompressed folder with the name of sshkeybundle.zip, change the name, so youdon't get confused which folder has your keys. Browse to the location of yourchoice and save it for example, as sshkeybundle_Jack.zip.
由于在每次压缩一个文件夹到sshkeybundle.zip到时候都会生成一个公钥,因此记得修改名字,以免混淆哪一个文件夹对应你的公钥。浏览配置并保存,如sshkeybundle_Jack.zip。
9.- Click Done in the Download Keys popup menu.
在下载密钥弹出的菜单中单击完成。
10.- Click Cancel in the wizard to come out of thewizard.
单击取消就可以退出页面。
11.- Unzip the folder that contains thepublic/private key pair. For this example, sshkeybundle_Jack.zip.
解压包含公私密钥对的压缩包。
12.- Rename your public and private keys. Forexample, from publicKey and privateKey to publicKey_Jack and privateKey_Jackrespectively.
重新命名公私密钥对,例如将公钥和私钥分别命名为publicKey_Jack和privateKey_Jack。
Note: It's best if you use the Oracle generatedkeys for Oracle cloud services. For example, if you use PuTTy to create thepair of keys, the ppk format of the keys may not be accepted for connecting tothe VMs with SOCKS5 proxy server.
注意:建议使用Oracle云服务生成公私密钥对,如果使用Putty生成的话,在连接SOCKS5 proxy服务下的虚拟机的时候,密钥的格式可能不会被识别。
part 2 updating the keys.
this part guides you to replace the public/private key pair associated to an Oracle Public CloudService with a new pair.
第二部分我们将会讲述更新Oracle公有云服务上的公私密钥对。
步骤如下:
1.- In Oracle Public Cloud's, My Services dashboard, click the menu option for your Oracle cloud service and then click Open Service Console.
在Oracle公有云服务的界面,打开My Services面板,在菜单中选中自己的公有云服务,然后点击Open Service Console。
2.- Click the menu option for the specific service instance you want to update its associatedpublic key and then select SSH Access. For this article the service instance is GGCS ervice-ABC.
在菜单栏选中你将要更改密钥对的公有云服务,选择SSH访问,本文中我使用的服务实例是GGCS ervice-ABC.
3.- In the Add New Key dialog box, the Key value field displays the current public keyvalue that is associated with the VM of your service. Select Upload a NewPublic Key option and click Browse.
在添加新密钥值的方框里,如果显示你的服务对应的当前的公钥对,那么点击Upload a New Public Key进行修改。
4.- Select the new public key. For example, publicKey_Jack.
选择新的公钥,例如publicKey_Jack。
5.- After the newpublic key, appears in the dialog box for the Upload a new SSH Public Keyfield, then, click Add New Key. Your VM is now associated with this newpublic key and you'll need your matching private key, such asprivateKey_Jack to access the VM for this service.
在上传新的SSH公钥字段时,当新的公钥出现在对话框中后,单击Add New Key。 你的VM现在与此新公钥相关联,将需要匹配的私钥,例如asprivateKey_Jack才能访问此服务的VM。
This is thecomplete process to update Public/Private Key Pairs of Oracle Public CloudServices
以上是完整的更新oracle公有云上的公私密钥对的步骤。希望对你有帮助。
有任何疑问欢迎加入云和恩墨大讲堂跟讲师面对面交流。
文章转自数据和云公众号,原文链接