When working with resources on the Oracle public cloud, whatever it is IaaS or PaaS, the principle access method is based on SSH keys exchange. Once our instance is created this is going to be the first and only way accessing it. Of course afterward additional ports/services can be opened. However the question is how to manage these keys and how important are they?
In the process of creating an Instance, while talking about IaaS, one pre-requirement is to configure at least one SSH Key pair. the principle is to generate an SSH key pair in RSA format on the gatway / jumphost which will be used to access the public could hosted instance.
ssh-keygen -b 2048 -t rsa
This generates a private and public key. The public one need then to be upload in the Oracle Public Cloud interface.
Once there the SSH key can be assigned to an instance during the creation process
You can assign as much SSH keys than you want / need to a single instance. This will correspond to all machines that are allowed to access the instance. However here is the key!
If you miss this step, you cannot afterward ADD or MODIFY the SSH key(s) attached to an instance.
As shown above, unlike for Storage or Security Lists there is no option for the SSH keys configuration once the instance is created.
Unfortunately this as currently an uglier consequence: If you loose or make a mistake for any reason with your key pair then you can’t access your instance anymore. The only solution so far will be to re-create the whole instance!
The conclusion is that while working with Oracle Public Cloud, your SSH keys for the machines accessing the instances need to be carefully integrated in a backup strategy!
Talking with Oracle people shows that this limitation is taken under consideration and solutions will be available shortly (maybe a console-like access to the instance).
Cheers