Need help creating SSH keys for NetStorage?
1) Note what SSH keys Akamai NetStorage supports
- NetStorage supports both RSA and DSA keys as long as the key length is less than 1,000 characters.
- NetStorage does not support SSH protocol 1 keys (v1 keys). It only supports v2 keys.
- RSA keys must be 2048 bits or fewer and DSA keys must be 1024 bits or fewer
2) Generate SSH keys using ssh-keygen or a similar tool that produces keys in the OpenSSH format. On a Linux machine, use the following command to generate the NetStorage SSH Key:
ssh-keygen -v -t rsa -b 2048 -C "Any text" -f netstorage_key
where, -C "Any text" refers to the comments that you can add for the key to help identify the usage of the key and
netstorage_key refers to the name of the NetStorage key that you wish to give.
- An alternate method (applies to Windows users) is to use Puttygen, a GUI-based ssh key generating application which you can download for free.
When using this tool to generate your ssh key
- Make sure you upload the OpenSSH version of the public key to NetStorage by copying the text under "Public key for pasting into OpenSSH authorized_keys file:"
- Make sure you convert your private key to Open SSH format by clicking on the "Conversions" and selecting "Export Open SSH key"
Your public key should be in OpenSSH format as in the following examples:
RSA example key:
DSA sample SSH key:
3) Upload your public (.pub) key to NetStorage via the Luna management interface. It normally takes about an hour for your new key to propagate.
If you have trouble using secure access with NetStorage, consider the following possible key issues:
- Verify the key you uploaded to NetStorage is your public key, not your private key.
- Ensure your public key lengths are 2048 bits or less for SSH-2 RSA and 1024 bits or less for SSH-2 DSA.
- Make sure you're using a v2 key
- Verify that your private key does not allow read/write permission to other users/group.
- Make sure you DO NOT SHARE your password or keys especially via email.