Adding ssh key pair to Openstack using cli: In this series of Openstack configuration and management, let’s look at how to add ssh keypairs to Openstack. This guide is based on Openstack Ocata release.

Public/private key pairs work by keeping the public key on the server, and the private key on your local workstation. Once the server has verified that the two keys match, a secure connection can be made.

So let us generate new ssh key pair, you can skip this if you already have one:

$ ssh-keygen -t rsa -b 4096
Generating public/private rsa key pair.
Enter file in which to save the key (/home/josphat/.ssh/id_rsa): 
Created directory '/home/josphat/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/josphat/.ssh/id_rsa.
Your public key has been saved in /home/josphat/.ssh/
The key fingerprint is:
28:14:e0:14:11:0d:77:23:2d:6c:65:12:4e:26:a1:de [email protected]
The key's randomart image is:
+--[ RSA 4096]----+
| XXO+= |
| + *=*.. |
|. ..o. |
|. .. . |
| . E. . S |
| . |
| |
| |
| |

Copy the key to the clipboard:

xclip -sel clip < ~/.ssh/

Then login to your Openstack controller node and save the key to a file:


Paste key contents inside the file, then save it.

Next step is importing the key using openstack keypair command:

# openstack keypair create --public-key josphat
| Field       | Value                                           |
| fingerprint | 19:7b:5c:14:a2:21:7a:a3:dd:56:c6:e4:3a:22:e8:3f |
| name        | josphat                                         |
| user_id     | 93f0f5c4197f4f73b01bfe8086ecbec0                |

The last “josphat” is the name of the keypair as seen on Openstack command CLI and Horizon dashboard.


# openstack keypair list
| Name          | Fingerprint                                     |
| jmutai_pubkey | 19:7b:5c:14:a2:21:7a:a3:dd:56:c6:e4:3a:22:e8:3f |
| josphat       | 19:7b:5c:14:a2:21:7a:a3:dd:56:c6:e4:3a:22:e8:3f |

The same can be confirmed on Horizon dashboard by going to Project > Key Pairs:

Adding keypairs to Openstack using cli

OpenStack can inject a public ssh key into an instance on launch, so that it’s ready for you to access using the private key once it is ready. Go ahead and create a new VM with the key pair uploaded:

openstack server create --flavor m1.tiny --image CoreOS-x86_64 \
 --nic net-id=a54af9d4-d297-45b6-a98c-79d84add5f2e --security-group default \
 --key-name josphat coreos-test-vm

If you don’t have any image uploaded, i made a comprehensive guide on how to add images to Openstack, check it on the link below:

Adding images to Openstack Glance

Network id, Image name(ID) and security groups can be obtained using:

# openstack image list
# openstack network list
# openstack security group list

Adding ssh key pair to Openstack using cli

Check if instance created is running, and obtain its ip address:

openstack server list

Verify access:

$ ping -c 4 ip_address

You can now login to the vm using:

ssh [email protected]_address

Since I’m using CoreOS image, default username is core

[email protected] ~ $ cat /etc/os-release 
NAME="Container Linux by CoreOS"
PRETTY_NAME="Container Linux by CoreOS 1409.8.0 (Ladybug)"

That’s all. More Openstack related tutorials to come.  Follow us on twitter to get updated.

More Articles:

How to add flavors to openstack using cli



Your support is our everlasting motivation,
that cup of coffee is what keeps us going!

As we continue to grow, we would wish to reach and impact more people who visit and take advantage of the guides we have on our blog. This is a big task for us and we are so far extremely grateful for the kind people who have shown amazing support for our work over the time we have been online.

Thank You for your support as we work to give you the best of guides and articles. Click below to buy us a coffee.


Please enter your comment!
Please enter your name here