Prepare

Follow these steps to generate an SSH Key Pari for the SD-WAN Edge instance:

Before You Begin

Before you begin provisioning Roving Edge Infrastructure resources, ensure you have the following:

  • Credentials for an Oracle Cloud tenancy
  • A compartment where you have permission to create and manage resources
  • A computer, virtual machine, or an Oracle Linux 7/8 Instance in Roving Edge Infrastructure that has the following software and access to the internet.
  • A utility to generate API signing keys.
  • Most UNIX-like systems have openssl. You can also use Roving Edge Infrastructure to generate the API signing key and download the private key. Windows users can use git-bash.
  • A utility to generate SSH key pairs (most UNIX-like systems have ssh-keygen. Windows users can use PuTTYgen.
  • A web browser.

See the Oracle SD-WAN Implementation Guide, to learn about the foundations of Oracle SD-WAN Edge configuration and deployment.

Generate an API Signing Key

To authenticate with Roving Edge Infrastructure, you must provide an RSA key in the privacy-enhanced mail format (PEM).

Use OpenSSL to generate the key pair, and store it in a hidden subdirectory in your home folder:
  1. Create the hidden directory.
    mkdir ~/.rover
  2. Generate a private key (2048 bits or higher).
    openssl genrsa -out ~/.rover/rover-api-key.pem 2048
  3. Change the permissions of the private key so that only you can read it.
    chmod 600 ~/.rover/rover-api-key.pem
  4. Generate the public key for the private key.
    openssl rsa -pubout -in ~/.rover/rover-api-key.pem -out
            ~/.rover/rover-api-key-public.pem

Upload the API Signing Key

After you generate an API signing key, upload the public key for the appropriate user in Roving Edge Infrastructure:
  1. Sign in to the Roving Edge web console.
  2. In the Roving Edge Infrastructure web console, click User.
  3. In Profile, click your user account name.
  4. On the User Details page, click the API Keys link.
  5. To open the Add API Key Options window, click Add Public Key.
  6. Select the Paste Public Key option.
  7. Copy your public key value from the ~/.rover/rover-api-key-public.pem file and paste it in the PUBLIC KEY file.
  8. Click Add.
The key uploads and displays it's fingerprint in the APIs Keys table.

Note:

The API fingerprint displays additional information such as OCID, Tenancy OCID, and region. Save this information to a secure notepad for later use.

Generate an SSH Key Pair for the SD-WAN Edge Instance

SSH key pair will be used for secure access to the SD-WAN Edge instance. Generate the key pair on your localhost.

The public key created will be uploaded as part of the Terraform code when the SD-WAN instance is created.

  1. Use the ssh-keygen utility and generate an SSH key pair.

    Tip:

    Don't use a passphrase for the key pair.
    # ssh-keygen -t rsa -N "" -b 2048 -C "rover-sdwan-key"
            -f ~/.ssh/rover-sdwan-key
    • -t rsa: Indicates that you must generate the key pair using the RSA algorithm.
    • -N "": Passphrase, don't put anything between the quotation marks.
    • -C “rover-sdwan-key”: Key name. You can use your own key names, this name is stored in the keyfile. It is not the key file name.
    • -f ~/.ssh/rover-sdwan-key: The directory and file name where the ssh keys will be saved. In this example we are using local user's hidden .ssh directory to store the keys. The public key will have a .pub extension.
  2. Change the SSH private key permissions so that only you can access the private key in your .ssh directory with the following command:
    # chmod 600 ~/.ssh/rover-sdwan-key
The SSH key-pair is generated and saved in the directory that you specified.

Tip:

Make a note of the path.