Welcome to this section of this course where you will learn about troubleshooting options for the oracle cloud infrastructure components. As the first section in this module of troubleshooting, you will learn about compute related troubleshooting. So in the next few videos you will learn about how do you troubleshoot a compute instance or related components for a computer. So the first thing we're going to look at is let's say you have a compute instance up and running and by default, the images that are published in O. C. I. Or the oracle provided images provide only key based authentication, which means password based authentication is by default disabled and by default the OPC user is provisioned. Now if you want, you can alter the ssh d dot conflict file in the Os to later on enable root logins and password based authentication for your compute but by default that is not enabled. Now let's understand why this is the case. A password based authentication is easily trackable compared to a key based authentication. So it is more secure and the key pair basically takes care of the trust establishment between the public and private key. And generally what happens is on the client computer, you need to have the private key and the corresponding public key is uploaded to the compute instance. When you set up the compute instance in general, if you're using any of the images provided. When you create the compute instance itself, you get the option to upload and then when you log in from this, you give the private key as the means to authenticate. Now many times you might land up having a problem because of some basic problems wherein you have key errors where you don't have the correct private key, always remember the private key and public a key pair. If you created a key pair you should always use the corresponding private key to login. If you have lost or got your private key corrupted, you would have to upload a new public key of the new private key to the computer instance and we will see how we can do that from an instance console connection in the next video. Sometimes you may transfer the private key to another computer and under such cases you need to take care of giving the right permissions for the private key. The private key should be kept in such a way that you have only 400 permissions so that people can read or they can't write to that. That's a requirement when you work with the ssh keys. So you need to take care of it. Then when you're using Linux or mac kind of a client, you might use the open ssh private key in the client computer. Whereas if you're using a Windows environment, you need to take care of converting it into a pooty format. If you're using Putty and things like that. So these are some of the standard troubleshooting when you are having key related problems, then you could have firewall issues in general. When you have a V C N provision with the wizard. It takes care of creating the rules in the security list. So you will see in every V C n that you create with the wizard. It enables you to take care of making connections through Ssh. If you look at the two security lists, the default security list is generally associated with the public subnets and in that you will have a rule that allows from any iP address for 22 on the compute instances is enabled so that at the firewall level network level it is allowed and all compute instance images of Lennox type that is provided by oracle has the Os level firewall iP tables enabled for it. If you are using windows based instances, you need to open up a rule to open 3389 on TCP to allow network communication on that and in the operating system firewall, the remote desktop protocol is generally enabled. Otherwise you will not even be able to log in. On the other hand, if you look at the private sub net, the default rule for ssh is only to allow from within the V C N to be able to reach other computers on TCP 22. If you created a V C N by using create VC an option instead of the start wizard, then there would be no rules available and it is your responsibility to set up the firewall rules to ensure that is taken care and os level firewall as well as security list or network security groups should allow that communication to happen. And as I mentioned earlier, you need to take care of if your client is a Windows to take care of using Putty and convert the private key into a PPK format, which the standard tools like Putty gen will give you the ability to do the conversion. These are all things you need to take care from the client side, whereas on the server side, the public key should be uploaded into the users ssh directory in which there is the authorized keys. For example, if I go to this particular environment where we have various compute instances in place, I have my cloud shell environment running and in my cloud shell, my private key public key pair that was created is under the dot ssh directory. We see that here we uploaded the public key whenever we create a computer instance and this is the private key, The permissions have to be taken care appropriately specifically for the private key. When you're using the client computer, you can always transfer this private key to any other client and ensure permissions are taken care whereas when you do a ssh to the OPC user, which is the default user which comes along with your compute instance, os for oracle Linux, for example, and if you establish an ssh connection inside the OPC users dot ssh directory, you will have authorized key file which would have the public key that you uploaded during instance creation put in here only the public keys that are present within this will be used for authentication. A single user can have multiple public keys and anybody with the corresponding private key for such public keys, provided they have network access will be able to perform operations of connecting Now, user's home directory where the public is uploaded also has certain specific privileges which have to be taken care if you alter the privileges, it may give errors. So these are all things to take care from a standard authentication mechanism for your Linux and Windows instances. What we will see now is what if there is a problem in able to connect which is coming up in the next video.
