When working with resources on the Oracle public cloud, whatever it is IaaS or PaaS, the principle access method is based on SSH keys exchange. Once our instance is created this is going to be the first and only way accessing it. Of course afterward additional ports/services can be opened. However the question is how to manage these keys and how important are they?

In the process of creating an Instance, while talking about IaaS, one pre-requirement is to configure at least one SSH Key pair. the principle is to generate an SSH key pair in RSA format on the gatway / jumphost which will be used to access the public could hosted instance.

ssh-keygen -b 2048 -t rsa

This generates a private and public key. The public one need then to be upload in the Oracle Public Cloud interface.

create-ssh-key

Once there the SSH key can be assigned to an instance during the creation process

associate-ssh-key

You can assign as much SSH keys than you want / need to a single instance. This will correspond to all machines that are allowed to access the instance. However here is the key!

If you miss this step, you cannot afterward ADD or MODIFY the SSH key(s) attached to an instance.

instance-ssh-keys

As shown above, unlike for Storage or Security Lists there is no option for the SSH keys configuration once the instance is created.

Unfortunately this as currently an uglier consequence: If you loose or make a mistake for any reason with your key pair then you can’t access your instance anymore. The only solution so far will be to re-create the  whole instance!

The conclusion is that while working with Oracle Public Cloud, your SSH keys for the machines accessing the instances need to be carefully integrated in a backup strategy!

Talking with Oracle people shows that this limitation is taken under consideration and solutions will be available shortly (maybe a console-like access to the instance).

Cheers