如何使用来自 Azure Key Vault 的证书通过 Bastion 连接到 Azure 虚拟机?
[英]How to use a certificate from a Azure Key Vault to connect to a Azure Virtual Machine through Bastion?
问题描述
I want to secure an azure virtual machine.
我想保护 azure 虚拟机。 Currently, I have a login and a password that I use to connect in SSH with Putty.目前,我有一个登录名和密码,用于在 SSH 中使用 Putty 进行连接。
My idea is to create an RSA certificate in an Azure Key Vault (I managed to do that just fine) and use it to connect to my virtual machine through Bastion.我的想法是在 Azure Key Vault 中创建一个 RSA 证书(我成功地做到了这一点)并使用它通过 Bastion 连接到我的虚拟机。 I have no problem using the certificate instead of a password:我使用证书而不是密码没有问题:
However, I first need to configure the machine to use this certificate instead of the currently defined password.但是,我首先需要将机器配置为使用此证书而不是当前定义的密码。 I figured it must happen in the reset password tab, but I cannot find what to put inside SSH public key:我认为它一定发生在重置密码选项卡中,但我找不到在 SSH 公钥中放入的内容:
I cannot find a way to retrieve the public key from the azure portal, I can download the certificate under the CER or the PFX format, but I tried to get the public key from those files using OpenSSL, but no matter what I do it is invalid.我找不到从 azure 门户检索公钥的方法,我可以下载 CER 或 PFX 格式的证书,但我尝试使用 OpenSSL 从这些文件中获取公钥,但无论我做什么都是无效的。
How can I get a public key that follows the format "ssh-rsa AAAA... username@domainname" that azure requires from a certificate generated in an Azure Key Vault or a from a.pfx or.cer file?如何从 Azure Key Vault 或 a.pfx 或 .cer 文件中生成的证书中获取 azure 需要的格式为“ssh-rsa AAAA ... username@domainname”的公钥?
1 个解决方案
解决方案1
1 2023-02-01 05:33:38
I tried to reproduce the same in my environment and got the results like below :我尝试在我的环境中重现相同的内容并得到如下结果:
To reset SSH public key check the below workarounds:要重置 SSH 公钥,请检查以下解决方法:
Try to login to your terminal or cloud bash like below:尝试登录到您的终端或云 bash,如下所示:
ssh username@host
sudo -i
By default, ssh-keygen will generate an RSA key purse with one public and private key默认情况下,ssh-keygen 会生成一个RSA 密钥库,公钥和私钥各一个
ssh-keygen -t rsa -b 2048
y
ssh-keygen will generate public/private RSA key pair -> Next click Enter if you do not specify any dir it will generate under /root/.ssh/id_rsa I tried with default one click enter -> overwrite y -> Enter passphrase click Enter -> Enter like below: ssh-keygen将生成公共/私有 RSA 密钥对 -> 如果您未指定任何目录,则单击Enter它将在/root/.ssh/id_rsa下生成我尝试使用默认click enter -> overwrite y -> Enter passphrase click Enter -> Enter如下:
The public key will be saved in /root/.ssh/id_rsa.pub.公钥将保存在 /root/.ssh/id_rsa.pub 中。 SSH key command generated both public/private under the home directory of user root SSH key命令在root用户的主目录下生成了public/private
cd /root/.ssh/
ls
Now, Try to add the public key to the target server现在,尝试将公钥添加到目标服务器
id_rsa - private key
id_rsa.pub - public key
Use the public key and paste in vm and update like below:使用公钥并粘贴到 vm 中并更新如下:
When I try to login my SSH it got login with public key without getting the password-authentication successfully like below:当我尝试登录我的 SSH 时,它使用公钥登录但没有成功获得密码验证,如下所示:
Now, I tried to connect virtual machine through Bastion it's connected successfully like below:现在,我尝试通过 Bastion 连接虚拟机,它已成功连接,如下所示:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.