堆栈内存溢出
  简体   繁体   English

SSH 到 Azure Linux 虚拟机时遇到问题

[英]Trouble sshing into Azure Linux Virtual Machine

 原文  2020-11-04 01:30:07       azure/ virtual-machine/ azure-virtual-machine

问题描述

I followed the following guide to set up a Linux Virtual Machine using Terraform:我按照以下指南使用 Terraform 设置 Linux 虚拟机:

https://docs.microsoft.com/en-us/azure/developer/terraform/create-linux-virtual-machine-with-infrastructure https://docs.microsoft.com/en-us/azure/developer/terraform/create-linux-virtual-machine-with-infrastructure

Everything was sucessfully created in Azure.一切都在 Azure 中成功创建。 I am having trouble with the last step of being able to ssh into the virtual machine.我在通过 ssh 进入虚拟机的最后一步遇到了麻烦。 I use the following command in Windows powershell:我在 Windows powershell 中使用以下命令:

ssh azureuser@public_ip_here ssh azureuser@public_ip_here

It gives me the following error:它给了我以下错误:

azureuser@52.186.144.190: Permission denied (publickey).

I've tried using the RDP file from the Azure portal by downloading the RDP file and importing it in RDP but I get the following error:我已尝试通过下载 RDP 文件并将其导入 RDP 来使用 Azure 门户中的 RDP 文件,但出现以下错误:

也不适用于 RDP

Things I've tried:我尝试过的事情:

  1. Using the normal ssh command as above使用上面的普通 ssh 命令
  2. Trying to put the private key in a .pem file and assigning it restricted permissions.尝试将私钥放在 .pem 文件中并为其分配受限权限。 Then passing this key in using the ssh -i command.然后使用 ssh -i 命令传递这个密钥。 This doesn't work either这也不起作用
  3. Using RDP file downloaded from Azure portal (error shown below)使用从 Azure 门户下载的 RDP 文件(错误如下所示)
  4. Ran the test connection feature for the Virtual Machine in the Azure portal and that shows connection successful but I'm still not able to access the VM.在 Azure 门户中运行虚拟机的测试连接功能,显示连接成功,但我仍然无法访问 VM。

I'm wondering if I have to somehow configure the Azure portal to allow myself to be able to ssh in the VM.我想知道我是否必须以某种方式配置 Azure 门户以允许自己能够在 VM 中进行 ssh。

My main.tf code is:我的 main.tf 代码是:

provider "azurerm" {
    # The "feature" block is required for AzureRM provider 2.x. 
    # If you're using version 1.x, the "features" block is not allowed.
    version = "~>2.0"
    features {}
}

resource "azurerm_resource_group" "myterraformgroup" {
    name     = "myResourceGroup"
    location = "eastus"

    tags = {
        environment = "Terraform Demo"
    }
}

resource "azurerm_virtual_network" "myterraformnetwork" {
    name                = "myVnet"
    address_space       = ["10.0.0.0/16"]
    location            = "eastus"
    resource_group_name = azurerm_resource_group.myterraformgroup.name

    tags = {
        environment = "Terraform Demo"
    }
}

resource "azurerm_subnet" "myterraformsubnet" {
    name                 = "mySubnet"
    resource_group_name  = azurerm_resource_group.myterraformgroup.name
    virtual_network_name = azurerm_virtual_network.myterraformnetwork.name
    address_prefixes       = ["10.0.1.0/24"]
}

resource "azurerm_public_ip" "myterraformpublicip" {
    name                         = "myPublicIP"
    location                     = "eastus"
    resource_group_name          = azurerm_resource_group.myterraformgroup.name
    allocation_method            = "Dynamic"

    tags = {
        environment = "Terraform Demo"
    }
}

resource "azurerm_network_security_group" "myterraformnsg" {
    name                = "myNetworkSecurityGroup"
    location            = "eastus"
    resource_group_name = azurerm_resource_group.myterraformgroup.name

    security_rule {
        name                       = "SSH"
        priority                   = 1001
        direction                  = "Inbound"
        access                     = "Allow"
        protocol                   = "Tcp"
        source_port_range          = "*"
        destination_port_range     = "22"
        source_address_prefix      = "*"
        destination_address_prefix = "*"
    }

    tags = {
        environment = "Terraform Demo"
    }
}

resource "azurerm_network_interface" "myterraformnic" {
    name                      = "myNIC"
    location                  = "eastus"
    resource_group_name       = azurerm_resource_group.myterraformgroup.name

    ip_configuration {
        name                          = "myNicConfiguration"
        subnet_id                     = azurerm_subnet.myterraformsubnet.id
        private_ip_address_allocation = "Dynamic"
        public_ip_address_id          = azurerm_public_ip.myterraformpublicip.id
    }

    tags = {
        environment = "Terraform Demo"
    }
}

resource "azurerm_network_interface_security_group_association" "example" {
    network_interface_id      = azurerm_network_interface.myterraformnic.id
    network_security_group_id = azurerm_network_security_group.myterraformnsg.id
}

resource "random_id" "randomId" {
    keepers = {
        # Generate a new ID only when a new resource group is defined
        resource_group = azurerm_resource_group.myterraformgroup.name
    }

    byte_length = 8
}

resource "azurerm_storage_account" "mystorageaccount" {
    name                        = "diag${random_id.randomId.hex}"
    resource_group_name         = azurerm_resource_group.myterraformgroup.name
    location                    = "eastus"
    account_tier                = "Standard"
    account_replication_type    = "LRS"

    tags = {
        environment = "Terraform Demo"
    }
}

resource "tls_private_key" "example_ssh" {
  algorithm = "RSA"
  rsa_bits = 4096
}
output "tls_private_key" { value = tls_private_key.example_ssh.private_key_pem }

resource "azurerm_linux_virtual_machine" "myterraformvm" {
    name                  = "myVM"
    location              = "eastus"
    resource_group_name   = azurerm_resource_group.myterraformgroup.name
    network_interface_ids = [azurerm_network_interface.myterraformnic.id]
    size                  = "Standard_DS1_v2"

    os_disk {
        name              = "myOsDisk"
        caching           = "ReadWrite"
        storage_account_type = "Premium_LRS"
    }

    source_image_reference {
        publisher = "Canonical"
        offer     = "UbuntuServer"
        sku       = "18.04-LTS"
        version   = "latest"
    }

    computer_name  = "myvm"
    admin_username = "azureuser"
    disable_password_authentication = true

    admin_ssh_key {
        username       = "azureuser"
        public_key     = tls_private_key.example_ssh.public_key_openssh
    }

    boot_diagnostics {
        storage_account_uri = azurerm_storage_account.mystorageaccount.primary_blob_endpoint
    }

    tags = {
        environment = "Terraform Demo"
    }
}

Any help/pointers would be greatly appreciated!任何帮助/指针将不胜感激!

2 个解决方案

解决方案1
 1 已采纳  2020-11-05 02:52:07

After my validation, you could save the output private pem key to a file named key.pem in the home directory.经过我的验证,您可以将输出的 pem 私钥保存到主目录中名为key.pem的文件中。 for example, C:\\Users\\username\\ in Windows 10 or /home/username/ in Linux.例如,Windows 10 中的C:\\Users\\username\\或 Linux 中的/home/username/

在此处输入图片说明

Then you can access the Azure VM via the command in the shell.然后就可以通过 shell 中的命令访问 Azure VM。

ssh -i "C:\Users\username\key.pem"  azureuser@23.x.x.x

Result结果

在此处输入图片说明

In addition , the private key generated by tls_private_key will be stored unencrypted in your Terraform state file.此外,由tls_private_key生成的私钥将不加密地存储在您的 Terraform 状态文件中。 It's recommended to generate a private key file outside of Terraform and distribute it securely to the system where Terraform will be run.建议在 Terraform 之外生成一个私钥文件,并将其安全地分发到将运行 Terraform 的系统。

You can use ssh-keygen in PowerShell in Windows 10 to create the key pair on the client machine.您可以在 Windows 10 的 PowerShell 中使用ssh-keygen在客户端计算机上创建密钥对。 The key pair is saved into the directory C:\\Users\\username\\.ssh .密钥对保存在目录C:\\Users\\username\\.ssh

For example, then you can send the public key to the Azure VM with Terraform function file:例如,然后您可以使用 Terraform 函数文件将公钥发送到 Azure VM:

admin_ssh_key {
    username       = "azureuser"
    public_key     = file("C:\\Users\\someusername\\.ssh\\id_rsa.pub")     
    #tls_private_key.example_ssh.public_key_openssh
}

解决方案2
 0  2021-07-19 13:46:27

  • First create the key.首先创建密钥。

    ssh-keygen -t rsa -b 2048 -C email@example.com ssh-keygen -t rsa -b 2048 -C email@example.com

  • Second add the path of key.其次添加密钥的路径。

    admin_ssh_key { admin_ssh_key {

     username = "azureuser" public_key = file("C:\\\\Users\\\\someusername\\\\.ssh\\\\id_rsa.pub")

    } }

  • Finally login.最后登录。

    ssh -i "C:\\Users\\someusername.ssh\\id_rsa" azureuser@20.xxx ssh -i "C:\\Users\\someusername.ssh\\id_rsa" azureuser@20.xxx

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 azure-linux虚拟机处于“停止”状态 - azure - linux virtual machine stuck at “stopping” 为 Azure Linux 虚拟机启用 HTTPS - Enable HTTPS for Azure Linux Virtual Machine 如何将现有Linux虚拟机添加到Azure中的虚拟网络 - How to add an exisiting Linux virtual machine to virtual network in Azure 在Windows Server上以Azure虚拟机运行的Linux容器 - Linux Container on Windows Server Running as Azure Virtual Machine 从Powershell中的Image创建Azure中的Linux虚拟机 - Creating Linux Virtual Machine in Azure from Image in Powershell 使用Python在Azure中从磁盘创建Linux虚拟机 - Creating a linux virtual machine from disk in azure using python 使用适用于Linux的Azure命令行工具创建虚拟机 - Creating a Virtual machine using Azure command line tool for linux 从 Linux 虚拟机如何检测/识别 Azure 平台 - From Linux Virtual machine how to detect/identify Azure platform 在Windows Azure中运行CentOS Linux的虚拟机上安装MongoDB - Install MongoDB on a virtual machine running CentOS Linux in Windows Azure 使用Azure REST API检索Linux虚拟机的存储使用情况 - retrieve the storage usage for a Linux Virtual Machine using the Azure REST API
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM