Oracle Cloud as a Host Directory

By following this integration guide, you can add Oracle Cloud Infrastructure (OCI) as a host directory in PrivX. This allows providing access to your OCI Compute instances via PrivX.

Disclaimers

This document includes instructions regarding third-party products by Oracle. These instructions are provided for general guidance only.

Documentation involving third-party products include creating API keys in OCI. The instructions in this manual were verified against the Oracle products current in February 2025. These instructions will need to be adapted when using other versions of Oracle products.

SSH Communications Security Corporation does not make any warranties as to the accuracy, reliability, or usefulness of these instructions, or guarantee that the content related to third-party products is up to date.

SSH Communications Security Corporation does not provide any warranties regarding third-party products, such as OCI, nor provide any support or other services for third-party products.

For instructions about setting up and operating Oracle products, we always recommend that you consult the official Oracle documentation intended for the specific version(s) of Oracle products in your use, and/or directly contact Oracle representatives or support.

Prerequisites

Check and ensure the following before performing the procedures in this document:

  • Create or designate an OCI user account for integrating OCI to PrivX. This OCI user needs at least the following permissions:
    • Capability to create API keys.
    • Read instances.
    • Inspect dedicated-vm-hosts
    • Inspect all-resources.

Integration Steps

The high-level workflow for importing OCI hosts to PrivX:

  1. Create an API key in OCI.
  2. Use the API key to create an Oracle Cloud host directory in PrivX.

These steps are described in more detail in the following sections.

Create an OCI API Key

  1. Log into the OCI account that is used for integration. Under Profile, navigate to API Keys. Click Add API Key to create/import new keys.

  2. You can choose to generate and download new API key pair. Alternatively, you can upload the public key of an existing key pair.

    If you are using OpenSSL to generate the key pair and if the private key is passphrase-protected, refer to Creating OCI-Compatible Key Pairs with OpenSSL for achieving this with the correct key formats.

    Click Add. You will be presented with the configuration values.

    Note the values for user, fingerprint, tenancy, and region in the configuration preview. These are required later for configuring PrivX.

Add Oracle Cloud Host Directory to PrivX

  1. Access the PrivX GUI. On the Administration→Directories page, click Add Directory.

  2. Provide at least the required information for the directory:

    • Name: Unique name for identifying the directory in PrivX.
    • Type: Set to Oracle Cloud.
    • User: user value from the configuration preview.
    • Tenancy: tenancy value from the configuration preview.
    • Home region: region value from the configuration preview.
    • Private Key: The private key of the API key.
    • Fingerprint: fingerprint value from the configuration preview.
    • Passphrase: API-key passphrase (if set).

Click Save to apply your changes. The Oracle Cloud host directory should be created successfully. You may verify back on the Administration→Directories page that the directory exists in PrivX. Once PrivX has completed directory scan, you may verify imported hosts by clicking next to the Oracle Cloud directory and selecting List Hosts.

Creating OCI-Compatible Key Pairs with OpenSSL

By default, passphrase-protected key pairs generated with OpenSSL lack info fields required by OCI. To fix this issue, you should use the PEM key format instead:

  1. Create the key pair:

    ssh-keygen -t rsa -b 2048 -f ~/.oci/oci_api_key -N "MySecurePassphrase"

  2. Convert the key pair to PEM format:

    ssh-keygen -p -m PEM -f ~/.oci/oci_api_key
openssl rsa -pubout -in ~/.oci/oci_api_key -out ~/.oci/oci_api_key_public.pem

  3. Upload the PEM-format public key to OCI and the private key contents to PrivX, as described in earlier parts of this guide.

    For more information about generating OCI-compatible API signing keys with OpenSSL, see https://docs.oracle.com/en-us/iaas/Content/API/Concepts/apisigningkey.htm#apisigningkey_topic_How_to_Generate_an_API_Signing_Key_Mac_Linux

Was this page helpful?