You can generate a key pair by running a workflow in the vRealize Orchestrator Client. Alternatively, you can use a key pair that you generate in third-party tools. You can use the key pair to connect to an SSH host without a password.

A key pair consists of a public key and a private key. vRealize Orchestrator can use the private key to connect to the public key on an SSH host.

Generate a Key Pair in vRealize Orchestrator

You can run a workflow from the vRealize Orchestrator Client to generate a key pair.

Caution: All vRealize Orchestrator users with the right set of privileges can read, use, and overwrite your private key.

Prerequisites

Verify that the user account you are logged in with has the necessary permissions to run SSH workflows.

Procedure

  1. Log in to the vRealize Orchestrator Client.
  2. Navigate to Library > Workflows and enter the ssh tag in the workflow search box.
  3. Locate the Generate key pair workflow and click Run.
  4. Provide the required information.
    1. Select the key type and the key size.
      Depending on which key type you select during the key-pair generation, you might have to change the SSH service endpoint configuration to enable the type of certificate generated.
      Key Type Key Sizes
      RSA
      • 1024
      • 2048
      • 3072
      • 4096
      • 8192
      DSA
      • 1024
      • 2048
      • 3072
      ECDSA
      • 256
      • 384
      • 521
    2. (Optional) Enter a passphrase.
      You can use a passphrase to improve security. You can change the passphrase later.
    3. (Optional) Enter a comment.
  5. Click Run.
    Warning: If a key pair exists, the new key pair overwrites it.

Use an Externally Generated Key Pair

You can generate public or private key pairs using external tools such as OpenSSH or OpenSSL.

When generating RSA, DSA, and ECDSA private keys, the key must be in the PEM format.

Procedure

  1. To generate key pairs with an external tool, you must pass specific parameters to the commands of each tool.
    Tool Parameters
    OpenSSH

    Use the -m pem parameter.

    For example, you can run the following command:
    ssh-keygen -m pem -t ecdsa -b {256, 384, 521} -f vco_key
    OpenSSL The default format is PEM, so no additional parameters are needed.
    For example, you can run the following command:
    openssl ecparam -name {prime256v1, secp384r1, secp521r1} -genkey -noout -out vco_key
    Using OpenSSH, extract the corresponding public key from the private key.
    ssh-keygen -f vco_key -y > vco_key.pub
  2. Transfer the externally generated key pairs to /data/vco/usr/lib/vco/app-server/conf in vRealize Orchestrator.