Connecting to a node over SSH
To connect to a Kubernetes cluster node over SSH:
-
Add the public key to the meta information when creating a node group.
Note
SSH connection using a login and password is disabled by default on Linux images that are used on nodes.
For more information, see Connecting to a VM via SSH.
Create SSH key pairs
Prepare the keys for use with your Kubernetes cluster node. To do this:
-
Open the terminal.
-
Use the
ssh-keygen
command to create a new key:ssh-keygen -t ed25519
After you run the command, you will be asked to specify the names of files where the keys will be saved and enter the password for the private key. The default name is
id_ed25519
. Keys are created in the~/.ssh
directory.The public part of the key will be saved in a file with the name
<key name>.pub
.
-
Run
cmd.exe
orpowershell.exe
. -
Use the
ssh-keygen
command to create a new key. Run this command:ssh-keygen -t ed25519
After you run the command, you will be asked to specify the names of files where the keys will be saved and enter the password for the private key. The default name is
id_ed25519
. Keys are created in theC:\Users\<username>\.ssh\
directory.The public part of the key will be saved in a file with the name
<key name>.pub
.
To create keys for Windows, use the PuTTY application.
-
Download
and install PuTTY. -
Make sure that the directory where you installed PuTTY is included in
PATH
:- Right-click on My computer. Click Properties.
- In the window that opens, select Additional system parameters, then Environment variables (located in the lower part of the window).
- Under System variables, find
PATH
and click Edit. - In the Variable value field, append the path to the directory where you installed PuTTY.
-
Launch the PuTTYgen app.
-
Select Ed25519 as the pair type to generate. Click Generate and move the cursor in the field above it until key creation is complete.
-
In Key passphrase, enter a strong password. Enter it again in the field below.
-
Click Save private key and save the private key. Never share it with anyone and do not tell anyone the passphrase for it.
-
Save the key in a text file in a single line. To do this, copy the public key from the text field to a text file with the name
id_ed25519.pub
.
Convert the public key to the relevant format
You can manage users and SSH keys via metadata, which is why you must transmit keys in a defined format.
The file with the public key is created in the format:
ssh-ed25519 AAAAB3NzaC*********** ed25519-key-20190412
You need to convert the key to <username>:ssh-ed25519 <key body> <username>
format so that it looks like this:
username:ssh-ed25519 AAAAB3NzaC***********zo/lP1ww== username
You can pass multiple public keys in the same file to grant access to different users:
username:ssh-ed25519 AAAAB3NzaC***********zo/lP1ww== username
username2:ssh-ed25519 ONEMOREkey***********88OavEHw== username2
Create a node group and add the public key
To create a node group with the necessary parameters, use the following command:
ncp managed-kubernetes node-group create \
--name <node group name> \
--cluster-name <Kubernetes cluster name> \
--fixed-size <number of nodes in the group> \
--network-interface security-group-ids=[<list of security groups>],subnets=<subnet name>,ipv4-address=nat \
--metadata-from-file ssh-keys=<name of the file with public keys>
Warning
The user-data
key is not supported for transmitting user data. Parameters for ssh connections must be specified in the ssh-keys
key in the VM metadata.
Update node group keys
To update the SSH keys of a node group, use the following command:
ncp managed-kubernetes node-group add-metadata \
--name <node group name> \
--metadata-from-file ssh-keys=<name of the file with public keys>
Get the public IP address of the node
To connect, specify the node public IP address. You can find it using one of the following methods.
Use the following command for kubectl. The public IP address is listed in the EXTERNAL-IP
column.
kubectl get nodes -o wide
Result:
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
cl17i6943n92sb98jifg-itif Ready <none> 31m v1.13.3 10.0.0.27 84.201.145.251 Ubuntu 18.04.1 LTS 4.15.0-29-generic docker://18.6.2
cl17i6943n92sb98jifg-ovah Ready <none> 31m v1.13.3 10.0.0.22 84.201.149.184 Ubuntu 18.04.1 LTS 4.15.0-29-generic docker://18.6.2
- Open the Compute Cloud section in the folder where you created your Kubernetes cluster.
- Click the VM that you want to find the public address for.
- The public IP address is shown in the Network section in Public IPv4.
-
Find the IDs of the VMs that correspond to the node group.
ncp managed-kubernetes node-group list-nodes <node group name>
-
Copy the required VM ID and run the command:
ncp compute instance get <VM ID>
Connect to the node
You can connect to a node over SSH once it is started (with the RUNNING
status). You can use the ssh
utility in Linux or macOS, or PuTTY
In the terminal, run the following command:
ssh <username>@<public IP address of the node>
If this is the first time you connect to the node, you might see a warning about an unknown host:
The authenticity of host '130.193.40.101 (130.193.40.101)' can't be established.
ECDSA key fingerprint is SHA256:PoaSwqxRc8g6iOXtiH7ayGHpSN0MXwUfWHkGgpLELJ8.
Are you sure you want to continue connecting (yes/no)?
Type yes
in the terminal and press Enter.
In Windows, a connection is established using the PuTTY application.
- Run the Pageant application.
- Right-click on the Pageant icon in the task bar.
- In the context menu, select Add key.
- Select a PuTTY-generated private key in the
.ppk
format. If a password is set for the key, enter it.
- Run PuTTY.
-
In the Host Name (or IP address) field, enter the public IP address of the VM you want to connect to. Specify port
22
and SSH as the connection type. -
In the tree on the left, select Connection - SSH - Auth.
-
Set the Allow agent forwarding option.
-
In the Private key file for authentication field, select the file with the private key.
-
Go back to the Sessions menu. In the Saved sessions field, enter any session name and click Save. The session settings are saved under the specified name. You can use this session profile to connect using Pageant.
-
Click Open. If this is the first time you connect to the node, you might see a warning about an unknown host:
Click Yes. A terminal window opens suggesting that you enter the login of the user on whose behalf the connection is being established. Type the user name you specified in the file with the public key and click Enter. If everything is configured correctly, the connection with the server will be established.
-
If you saved the session profile in PuTTY, you can use Pageant to establish a connection in the future:
- Right-click on the Pageant icon in the task bar.
- Select the Saved sessions menu item.
- In the saved sessions list, select the necessary session.