Managing Security Group

Security groups permits you to manage the type of traffic that can access your instance. For example, you might use SSH to permit devices from your local network to access your instance. If your instance is a web server, you can enable HTTP or HTTPS access from any IP address, allowing outside users to browse the data on your web server.

Note: The following steps will only be used, if your configured and connected SSH terminal, throws the Network error, as shown in the attached screenshot.

Follow the steps below for troubleshooting the network error:

Step 1- Open the command prompt of your computer, then enter the following command, to check whether the IP address is responding or not.

ping <IP address> 

If you get an error message such as the one in the screenshot below, signifies that host was able to reach the destination, but it did not respond.

For such scenarios, you need to fix the rules/protocols in our compute instance’s security group, which we’ll be doing in steps ahead.

OpenStack provides each cloud administrator the flexibility to either use existing security group or create a new one.

Step 2- In order to resolve the network error, you need to edit the security group, which is connected to your project.

For this, in the left-navigation menu, go to Networks then to Security Groups, select your security group and click on Manage Rules.

Security groups serve as a firewall for connected instances, managing incoming and outgoing traffic at the instance level. To be able to connect to your project instance, you must add rules to a security group.

Step 3- Click on Add Rules button.

Note: The suggested security group permits all traffic on all ports for all protocols. This is due to the fact that each node has its own internal firewall.

Step 4- From the pop-up window, click on the drop-down menu and select SSH Rule, as shown in the image below.

Secure Shell Protocol or SSH is a remote administration protocol that enables users to secure, connect, manage, and alter their remote servers over the internet.

Step 5- In the Remote field, select CIDR.

Classless Inter-Domain Routing or CIDR assigns Internet Protocol (IP) addresses more flexibly by giving networks and individual devices distinctive and granular identification.

Step 6- In CIDR field, you may enter the range of IP addresses you want to communicate with, then click Add Rule.

By default, it allows data transmission and communication to/from all the ports.

Every time your project instance is launched, you can assign a security group to it. All instances to which the security group has been allocated will automatically be updated when rules are added or removed.

You can modify the security group of an instance after instance launch.