Importing a Keypair

You can import a keypair created with a third-party tool. This action only imports the public key of the keypair, while you keep the private key. The public key is stored by 3DS OUTSCALE, and is only available in the metadata of the virtual machines (VMs) for which the keypair is used. However, the private key is never provided to 3DS OUTSCALE.

You can import a keypair in one of the following types: RSA (2048 bits or preferably 4096 bits), Ed25519, and ECDSA (256 bits, 384 bits, or 521 bits). The following formats can be used: PEM, PKCS8, RFC4716, and OpenSSH.

Only RSA keypairs can decrypt the password of a Windows VM.

You can also directly create a 2048-bit RSA keypair using Cockpit or AWS CLI. For more information, see Creating a Keypair.

Importing a Keypair Using Cockpit v2

Before you begin: Create a keypair with a third-party tool. For an example with ssh-keygen, see Creating a Keypair > ssh-keygen.

  1. In the Keypairs dashboard, click IconImport Import Keypair.
    The IMPORT KEYPAIR dialog box appears.

  2. Provide the following information:

    • Click IconExport Upload public keypair file and select the public key of the keypair you want to import.

      Never provide the private key of the keypair as it enables connection to your VMs.

    • In the Name field, type a name for the keypair.

      This name must be unique in your account, and contain between 1 and 255 ASCII printable characters. Accented letters are not allowed.

  3. Click Import.
    The keypair is imported.

Importing a Keypair Using OSC CLI

Before you begin: Create a keypair with a third-party tool. For an example with ssh-keygen, see Creating a Keypair > ssh-keygen.

The CreateKeypair command creates a keypair to use with your virtual machines (VMs).
You can use this method in two different ways:

  • Creating a keypair: In that case, 3DS OUTSCALE creates a 2048-bit RSA keypair, stores its public key in your account, and returns its private key in the response of the call so that you can save it in a file.
    When you save the returned private key, make sure you replace the \n escape sequences with real line breaks.

  • Importing a keypair created locally: If you already have a keypair that you have created locally with a third-party tool, you can import its public key in your account. The following types of key can be imported: RSA (2048 bits or preferably 4096 bits), Ed25519, and ECDSA (256 bits, 384 bits, or 521 bits). The following formats can be used: PEM, PKCS8, RFC4716, and OpenSSH.

For more information, see About Keypairs.

Request sample: Importing a keypair created locally
$ osc-cli api CreateKeypair --profile "default" \
    --KeypairName "import-keypair-example" \
    --PublicKey "$(cat key_name.pub)"

This command contains the following attributes that you need to specify:

  • DryRun: (optional) If true, checks whether you have the required permissions to perform the action.

  • KeypairName: A unique name for the keypair, with a maximum length of 255 ASCII printable characters.

  • PublicKey: (optional) The public key to import in your account, if you are importing an existing keypair. This value must be Base64-encoded.

The CreateKeypair command returns the following elements:

  • Keypair: Information about the created keypair.

    • KeypairFingerprint: The MD5 public key fingerprint, as specified in section 4 of RFC 4716.

    • KeypairName: The name of the keypair.

    • KeypairType: The type of the keypair (ssh-rsa, ssh-ed25519, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, or ecdsa-sha2-nistp521).

    • PrivateKey: The private key, returned only if you are creating a keypair (not if you are importing). When you save this private key in a .rsa file, make sure you replace the \n escape sequences with real line breaks.

  • ResponseContext: Information about the context of the response.

    • RequestId: The ID of the request.

Result sample: Importing a keypair created locally
{
  "ResponseContext": {
    "RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
  },
  "Keypair": {
    "KeypairType": "ssh-rsa",
    "KeypairName": "create-keypair-example",
    "KeypairFingerprint": "11:22:33:44:55:66:77:88:99:00:aa:bb:cc:dd:ee:ff"
  }
}

Importing a Keypair Using oapi-cli

Before you begin: Create a keypair with a third-party tool. For an example with ssh-keygen, see Creating a Keypair > ssh-keygen.

The CreateKeypair command creates a keypair to use with your virtual machines (VMs).
You can use this method in two different ways:

  • Creating a keypair: In that case, 3DS OUTSCALE creates a 2048-bit RSA keypair, stores its public key in your account, and returns its private key in the response of the call so that you can save it in a file.
    When you save the returned private key, make sure you replace the \n escape sequences with real line breaks.

  • Importing a keypair created locally: If you already have a keypair that you have created locally with a third-party tool, you can import its public key in your account. The following types of key can be imported: RSA (2048 bits or preferably 4096 bits), Ed25519, and ECDSA (256 bits, 384 bits, or 521 bits). The following formats can be used: PEM, PKCS8, RFC4716, and OpenSSH.

For more information, see About Keypairs.

Request sample: Importing a keypair created locally
$ oapi-cli --profile "default" CreateKeypair \
    --KeypairName "import-keypair-example" \
    --PublicKey --file "key_name.pub"

This command contains the following attributes that you need to specify:

  • DryRun: (optional) If true, checks whether you have the required permissions to perform the action.

  • KeypairName: A unique name for the keypair, with a maximum length of 255 ASCII printable characters.

  • PublicKey: (optional) The public key to import in your account, if you are importing an existing keypair. This value must be Base64-encoded.

The CreateKeypair command returns the following elements:

  • Keypair: Information about the created keypair.

    • KeypairFingerprint: The MD5 public key fingerprint, as specified in section 4 of RFC 4716.

    • KeypairName: The name of the keypair.

    • KeypairType: The type of the keypair (ssh-rsa, ssh-ed25519, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, or ecdsa-sha2-nistp521).

    • PrivateKey: The private key, returned only if you are creating a keypair (not if you are importing). When you save this private key in a .rsa file, make sure you replace the \n escape sequences with real line breaks.

  • ResponseContext: Information about the context of the response.

    • RequestId: The ID of the request.

Result sample: Importing a keypair created locally
{
  "ResponseContext": {
    "RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
  },
  "Keypair": {
    "KeypairType": "ssh-rsa",
    "KeypairName": "create-keypair-example",
    "KeypairFingerprint": "11:22:33:44:55:66:77:88:99:00:aa:bb:cc:dd:ee:ff"
  }
}

Importing a Keypair Using AWS CLI

Before you begin:

To import a keypair, use the import-key-pair command following this syntax:

Request sample
$ aws ec2 import-key-pair \
    --profile YOUR_PROFILE \
    --key-name MyKeyPair \
    --public-key-material fileb://~/.ssh/id_rsa.pub \
    --endpoint https://fcu.eu-west-2.outscale.com

This command contains the following attributes that you need to specify:

  • (optional) profile: The named profile you want to use, created when configuring AWS CLI. For more information, see Installing and Configuring AWS CLI.

  • key-name: A name for the new keypair.

    This name must be unique in your account, and contain between 1 and 255 ASCII printable characters. Accented letters are not allowed.

  • public-key-material: The path to the public key you want to import. The public key you provide must be Base64-encoded, or AWS CLI can encode it for you if you prefix the path with fileb://.

    Never provide the private key of the keypair as it enables connection to your VMs.

  • endpoint: The endpoint corresponding to the Region you want to send the request to. For more information, see Installing and Configuring AWS CLI.

The import-key-pair command returns the following elements:

  • KeyName: The unique name of the newly created keypair.

  • KeyFingerprint: The MD5 public key fingerprint as specified in section 4 of RFC 4716.

Result sample
{
  "KeyName": "MyKeyPair",
  "KeyFingerprint": "1a:11:aa:11:aa:11:a1:a1:1a:11:1a:11:1a:1a:a1:aa"
}

A new keypair is imported from the specified public key.

Related Pages

Corresponding API Methods

AWS™ and Amazon Web Services™ are trademarks of Amazon Technologies, Inc or its affiliates in the United States and/or other countries.