33
雲端起舞 - Oracle公有雲服務的公私密鑰對詳解
編輯手記:大多數Oracle公共雲服務的用戶可以通過SSH訪問虛擬機。創建服務時,將公鑰與服務實例綁定,然後訪問具有SSH服務的VM,需要提供匹配的私鑰。這樣,任何人想要訪問服務的VM,必須提供對應的私鑰,這在很大程度上保證了服務的安全性。
雲端起舞係列文章回顧:
1、Configure and Practice Backup and Recovery in Cloud 在Oracle公有雲上備份與恢複的配置和實踐
2、Create a Primary and Standby Database in the Cloud 在Oracle公有雲上創建standby數據庫
3、 Create a database clone in the cloud 在Oracle公有雲上創建克隆數據庫
4、Oracle Cloud Database Patching Then patch like a king with single click Database As A Service (DbaaS) Oracle雲上一鍵安裝數據庫補丁集
5、Find the IP address of an Oracle Public Cloud Service VM 快速查找Oracle公有雲服務上VM服務器的IP地址
作者簡介:
Joel Perez
Oracle ACE總監, Maximum Availability OCM,OTN 專家,全球第一批ACE稱號獲得者,致力於數據庫高可用、災難恢複、升級遷移和數據複製等方向設計和實現解決方案。
Purpose
This article guides you to replace the public/private keypair associated to an Oracle Public Cloud Service with a new pair.
這篇文章旨在教你如何創建及修改Oracle公有雲服務上的公私密鑰對。
Background
Most Oracle Public Cloud servicesprovide their services with VMs that users can access through a secure shell(SSH). For an SSH access, when you create your Oracle Public Cloud service, youassociate a public key to your service instance. Then when you want to accessthe VM for the service with Secure Shell, you provide the matching private key.This way, even if others know the IP address to your instance, there is nousername and password involved. Instead anyone who wants to access their VM, hasto provide their private key which makes it very secure.
大多數Oracle公共雲服務保證其服務與用戶可以通過SSH訪問虛擬機。在創建Oracle公共雲服務時,將公鑰與服務實例綁定,訪問具有SSH服務的VM時,需要提供匹配的私鑰。這樣,即使其他人知道實例的IP地址,也不會涉及用戶名和密碼。相反,任何人誰想要訪問他們的VM,必須提供他們的私鑰,這在很大程度上保證了服務的安全性。
The Oracle Public Cloud Servicewizard can create the public/private key pair for you, if you don't have analready existing pair that you must use. In case you want to update thepublic/private key pair that is associated to your VM, you can do that throughyour Oracle Public Cloud Service's console page.
如果您繼續使用公私密鑰對,但此時恰好沒有,Oracle公共雲服務向導可以幫助您創建公/私密鑰對。如果要更新與VM相關聯的公私密鑰對,可以通過Oracle公共雲服務的控製台頁麵進行更新。
Some Oracle Public Cloud services such as Oracle StorageCloud Service don't provide access to their VMs with Secure Shell. Instead youuse REST API calls to access the service. This article is for cloudservices that allow SSH access to their VMs and therefore, they provide you apublic/private key pair for SSH access.
某些Oracle公共雲服務(如Oracle Storage Cloud Service)無法使用SSH訪問其虛擬機。但可以使用REST API調用來訪問服務。本文適用於允許SSH訪問其VM的雲服務,因此,它們為SSH訪問提供了公私密鑰對。
For updating Public/Private Key Pairs we have to generateand update them. In this article Part I, we will focus in the process ofgenerate them.
要談到公私密鑰對的更新,首先我們需要生成密鑰對。這也是本文的重點內容之一。
part 1:Generate the Keys
You already have a service instance that has a set of keysassociated to it. In order to replace them, first you need a pair of new keys
假設當前已經有一個服務實例,且具有一組與其相關聯的密鑰。為了更新它們,首先需要一對新的密鑰。步驟如下:
1.- Provideyour Identity Domain and click Go.
提供個人域名然後單擊 GO
Note: If you don't go to Oracle Cloud directly and use the link in your Welcome email instead, you don't need to provide your identity domain.
注意:如果您不直接訪問Oracle Cloud,而是改用歡迎電子郵件中的鏈接,則不需要提供您的域名。
2.- Enter your username and password and click SignIn.
輸入用戶名和密碼,單擊登陸
In My Services dashboard, click the menu option foryour Oracle cloud service and then click Open Service Console. Thisexample in this article is for GoldenGate Cloud Service.
在我的服務麵板,打開菜單選擇“ Open Service Console”,以下的案例是在OGG的雲服務上測試的。
3.- In the Services page, click Create Service. (You willnot create the service, you are just getting to the wizard's key generator.)
在服務頁麵,選擇創建服務。(當然此處上不需要手動創建服務的,隻需要通過點擊按鈕一鍵生成服務)
4.- In the wizard, there is a field for SSH Public key or afield with similar name. Click the Edit button.
在創建服務的頁麵,需要填寫SSH公鑰,點擊編輯按鈕。
Note: If thefirst step of the wizard doesn't have a public key field, continue filling thefields to proceed to the next steps until you get an SSH Public Key field.
注意:如果在第一步不存在填寫公鑰的選項,隻需要繼續填寫後麵的選項,直到SSH出現。
5.- Select Create a New Key and then click Enter.
選擇創建新的公鑰並點擊回車。
6.- Click Download.
選擇下載
7.- Click Save File in the opening sshkeybundle.zip window.
在打開的sshkeybundle.zip頁麵選擇保存文件
8.- Because the keys are generated every time in acompressed folder with the name of sshkeybundle.zip, change the name, so youdon't get confused which folder has your keys. Browse to the location of yourchoice and save it for example, as sshkeybundle_Jack.zip.
由於在每次壓縮一個文件夾到sshkeybundle.zip到時候都會生成一個公鑰,因此記得修改名字,以免混淆哪一個文件夾對應你的公鑰。瀏覽配置並保存,如sshkeybundle_Jack.zip。
9.- Click Done in the Download Keys popup menu.
在下載密鑰彈出的菜單中單擊完成。
10.- Click Cancel in the wizard to come out of thewizard.
單擊取消就可以退出頁麵。
11.- Unzip the folder that contains thepublic/private key pair. For this example, sshkeybundle_Jack.zip.
解壓包含公私密鑰對的壓縮包。
12.- Rename your public and private keys. Forexample, from publicKey and privateKey to publicKey_Jack and privateKey_Jackrespectively.
重新命名公私密鑰對,例如將公鑰和私鑰分別命名為publicKey_Jack和privateKey_Jack。
Note: It's best if you use the Oracle generatedkeys for Oracle cloud services. For example, if you use PuTTy to create thepair of keys, the ppk format of the keys may not be accepted for connecting tothe VMs with SOCKS5 proxy server.
注意:建議使用Oracle雲服務生成公私密鑰對,如果使用Putty生成的話,在連接SOCKS5 proxy服務下的虛擬機的時候,密鑰的格式可能不會被識別。
part 2 updating the keys.
this part guides you to replace the public/private key pair associated to an Oracle Public CloudService with a new pair.
第二部分我們將會講述更新Oracle公有雲服務上的公私密鑰對。
步驟如下:
1.- In Oracle Public Cloud's, My Services dashboard, click the menu option for your Oracle cloud service and then click Open Service Console.
在Oracle公有雲服務的界麵,打開My Services麵板,在菜單中選中自己的公有雲服務,然後點擊Open Service Console。
2.- Click the menu option for the specific service instance you want to update its associatedpublic key and then select SSH Access. For this article the service instance is GGCS ervice-ABC.
在菜單欄選中你將要更改密鑰對的公有雲服務,選擇SSH訪問,本文中我使用的服務實例是GGCS ervice-ABC.
3.- In the Add New Key dialog box, the Key value field displays the current public keyvalue that is associated with the VM of your service. Select Upload a NewPublic Key option and click Browse.
在添加新密鑰值的方框裏,如果顯示你的服務對應的當前的公鑰對,那麼點擊Upload a New Public Key進行修改。
4.- Select the new public key. For example, publicKey_Jack.
選擇新的公鑰,例如publicKey_Jack。
5.- After the newpublic key, appears in the dialog box for the Upload a new SSH Public Keyfield, then, click Add New Key. Your VM is now associated with this newpublic key and you'll need your matching private key, such asprivateKey_Jack to access the VM for this service.
在上傳新的SSH公鑰字段時,當新的公鑰出現在對話框中後,單擊Add New Key。 你的VM現在與此新公鑰相關聯,將需要匹配的私鑰,例如asprivateKey_Jack才能訪問此服務的VM。
This is thecomplete process to update Public/Private Key Pairs of Oracle Public CloudServices
以上是完整的更新oracle公有雲上的公私密鑰對的步驟。希望對你有幫助。
有任何疑問歡迎加入雲和恩墨大講堂跟講師麵對麵交流。
文章轉自數據和雲公眾號,原文鏈接
最後更新:2017-07-18 20:36:49