Securing root access to cluster nodes over SSH

In certain situations, you or the technical support team may need root access to cluster nodes via SSH. We recommend using SSH keys as they are generally more secure than passwords. You can generate a key pair on a client from which you will connect to the nodes via SSH. The private key will be stored on the client. Make sure you do not share the private key with anyone for security reasons. The public key will need to be uploaded to Virtuozzo Hybrid Infrastructure.

After the key is uploaded, you can access your cluster nodes by using the key authentication method with SSH. When connecting via SSH, follow these rules:

  • Do not enable third-party repositories. Install third-party software only from the default repository.
  • Use only commands allowed in the product documentation.

To create and upload a public key

Admin panel

  1. Obtain an SSH public key from the technical support team, or generate an SSH key pair on a client by using the ssh-keygen utility:

    # ssh-keygen -t rsa

    By default, the generated public key is located in /root/.ssh/id_rsa.pub.

  2. Open the Settings > Security > SSH screen, and then click Add.
  3. On the Add public key pane, paste the key, and then click Add key.

Command-line interface

Use the following command:

vinfra cluster sshkey add <file>
<file>
SSH public key file

For example, to add a public SSH key from the file mykey.pub to the list of trusted keys, run:

# vinfra cluster sshkey add id_rsa.pub

The added SSH key will appear in the vinfra cluster sshkey list output:

# vinfra cluster sshkey list
+---------------------+----------------------------------+------------------+
| id                  | key                              | label            |
+---------------------+----------------------------------+------------------+
| 8ccf7f1b-6a53-<...> | ssh-rsa AAAAB3NzaC1yc2EAAAA<...> | user@example.com |
|                     | user@example.com                 |                  |
+---------------------+----------------------------------+------------------+

To delete a public key

Admin panel

  1. On the Settings > Security > SSH screen, select the required SSH key, and then click Delete.
  2. Click Yes in the confirmation window.

Command-line interface

Use the following command:

vinfra cluster sshkey delete <sshkey>
<sshkey>
SSH key value

For example, to delete the SSH key with the ID 8ccf7f1b-6a53-4d74-99ce-c410d51a9921, run:

# vinfra cluster sshkey delete 8ccf7f1b-6a53-4d74-99ce-c410d51a9921