[英]Trouble sshing into Azure Linux Virtual Machine
I followed the following guide to set up a Linux Virtual Machine using Terraform:我按照以下指南使用 Terraform 设置 Linux 虚拟机:
https://docs.microsoft.com/en-us/azure/developer/terraform/create-linux-virtual-machine-with-infrastructure https://docs.microsoft.com/en-us/azure/developer/terraform/create-linux-virtual-machine-with-infrastructure
Everything was sucessfully created in Azure.一切都在 Azure 中成功创建。 I am having trouble with the last step of being able to ssh into the virtual machine.我在通过 ssh 进入虚拟机的最后一步遇到了麻烦。 I use the following command in Windows powershell:我在 Windows powershell 中使用以下命令:
ssh azureuser@public_ip_here ssh azureuser@public_ip_here
It gives me the following error:它给了我以下错误:
azureuser@52.186.144.190: Permission denied (publickey).
I've tried using the RDP file from the Azure portal by downloading the RDP file and importing it in RDP but I get the following error:我已尝试通过下载 RDP 文件并将其导入 RDP 来使用 Azure 门户中的 RDP 文件,但出现以下错误:
Things I've tried:我尝试过的事情:
I'm wondering if I have to somehow configure the Azure portal to allow myself to be able to ssh in the VM.我想知道我是否必须以某种方式配置 Azure 门户以允许自己能够在 VM 中进行 ssh。
My main.tf code is:我的 main.tf 代码是:
provider "azurerm" {
# The "feature" block is required for AzureRM provider 2.x.
# If you're using version 1.x, the "features" block is not allowed.
version = "~>2.0"
features {}
}
resource "azurerm_resource_group" "myterraformgroup" {
name = "myResourceGroup"
location = "eastus"
tags = {
environment = "Terraform Demo"
}
}
resource "azurerm_virtual_network" "myterraformnetwork" {
name = "myVnet"
address_space = ["10.0.0.0/16"]
location = "eastus"
resource_group_name = azurerm_resource_group.myterraformgroup.name
tags = {
environment = "Terraform Demo"
}
}
resource "azurerm_subnet" "myterraformsubnet" {
name = "mySubnet"
resource_group_name = azurerm_resource_group.myterraformgroup.name
virtual_network_name = azurerm_virtual_network.myterraformnetwork.name
address_prefixes = ["10.0.1.0/24"]
}
resource "azurerm_public_ip" "myterraformpublicip" {
name = "myPublicIP"
location = "eastus"
resource_group_name = azurerm_resource_group.myterraformgroup.name
allocation_method = "Dynamic"
tags = {
environment = "Terraform Demo"
}
}
resource "azurerm_network_security_group" "myterraformnsg" {
name = "myNetworkSecurityGroup"
location = "eastus"
resource_group_name = azurerm_resource_group.myterraformgroup.name
security_rule {
name = "SSH"
priority = 1001
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "22"
source_address_prefix = "*"
destination_address_prefix = "*"
}
tags = {
environment = "Terraform Demo"
}
}
resource "azurerm_network_interface" "myterraformnic" {
name = "myNIC"
location = "eastus"
resource_group_name = azurerm_resource_group.myterraformgroup.name
ip_configuration {
name = "myNicConfiguration"
subnet_id = azurerm_subnet.myterraformsubnet.id
private_ip_address_allocation = "Dynamic"
public_ip_address_id = azurerm_public_ip.myterraformpublicip.id
}
tags = {
environment = "Terraform Demo"
}
}
resource "azurerm_network_interface_security_group_association" "example" {
network_interface_id = azurerm_network_interface.myterraformnic.id
network_security_group_id = azurerm_network_security_group.myterraformnsg.id
}
resource "random_id" "randomId" {
keepers = {
# Generate a new ID only when a new resource group is defined
resource_group = azurerm_resource_group.myterraformgroup.name
}
byte_length = 8
}
resource "azurerm_storage_account" "mystorageaccount" {
name = "diag${random_id.randomId.hex}"
resource_group_name = azurerm_resource_group.myterraformgroup.name
location = "eastus"
account_tier = "Standard"
account_replication_type = "LRS"
tags = {
environment = "Terraform Demo"
}
}
resource "tls_private_key" "example_ssh" {
algorithm = "RSA"
rsa_bits = 4096
}
output "tls_private_key" { value = tls_private_key.example_ssh.private_key_pem }
resource "azurerm_linux_virtual_machine" "myterraformvm" {
name = "myVM"
location = "eastus"
resource_group_name = azurerm_resource_group.myterraformgroup.name
network_interface_ids = [azurerm_network_interface.myterraformnic.id]
size = "Standard_DS1_v2"
os_disk {
name = "myOsDisk"
caching = "ReadWrite"
storage_account_type = "Premium_LRS"
}
source_image_reference {
publisher = "Canonical"
offer = "UbuntuServer"
sku = "18.04-LTS"
version = "latest"
}
computer_name = "myvm"
admin_username = "azureuser"
disable_password_authentication = true
admin_ssh_key {
username = "azureuser"
public_key = tls_private_key.example_ssh.public_key_openssh
}
boot_diagnostics {
storage_account_uri = azurerm_storage_account.mystorageaccount.primary_blob_endpoint
}
tags = {
environment = "Terraform Demo"
}
}
Any help/pointers would be greatly appreciated!任何帮助/指针将不胜感激!
After my validation, you could save the output private pem key to a file named key.pem
in the home directory.经过我的验证,您可以将输出的 pem 私钥保存到主目录中名为key.pem
的文件中。 for example, C:\\Users\\username\\
in Windows 10 or /home/username/
in Linux.例如,Windows 10 中的C:\\Users\\username\\
或 Linux 中的/home/username/
。
Then you can access the Azure VM via the command in the shell.然后就可以通过 shell 中的命令访问 Azure VM。
ssh -i "C:\Users\username\key.pem" azureuser@23.x.x.x
Result结果
In addition , the private key generated by tls_private_key will be stored unencrypted in your Terraform state file.此外,由tls_private_key生成的私钥将不加密地存储在您的 Terraform 状态文件中。 It's recommended to generate a private key file outside of Terraform and distribute it securely to the system where Terraform will be run.建议在 Terraform 之外生成一个私钥文件,并将其安全地分发到将运行 Terraform 的系统。
You can use ssh-keygen in PowerShell in Windows 10 to create the key pair on the client machine.您可以在 Windows 10 的 PowerShell 中使用ssh-keygen在客户端计算机上创建密钥对。 The key pair is saved into the directory C:\\Users\\username\\.ssh
.密钥对保存在目录C:\\Users\\username\\.ssh
。
For example, then you can send the public key to the Azure VM with Terraform function file:例如,然后您可以使用 Terraform 函数文件将公钥发送到 Azure VM:
admin_ssh_key {
username = "azureuser"
public_key = file("C:\\Users\\someusername\\.ssh\\id_rsa.pub")
#tls_private_key.example_ssh.public_key_openssh
}
First create the key.首先创建密钥。
ssh-keygen -t rsa -b 2048 -C email@example.com ssh-keygen -t rsa -b 2048 -C email@example.com
Second add the path of key.其次添加密钥的路径。
admin_ssh_key { admin_ssh_key {
username = "azureuser" public_key = file("C:\\\\Users\\\\someusername\\\\.ssh\\\\id_rsa.pub")
} }
Finally login.最后登录。
ssh -i "C:\\Users\\someusername.ssh\\id_rsa" azureuser@20.xxx ssh -i "C:\\Users\\someusername.ssh\\id_rsa" azureuser@20.xxx
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.