无法通过 sshing 进入 Azure Linux 虚拟机
Trouble sshing into Azure Linux Virtual Machine
我按照以下指南使用 Terraform 设置了一个 Linux 虚拟机:
一切都已在 Azure 中成功创建。我无法通过 ssh 进入虚拟机的最后一步。我在 Windows powershell 中使用以下命令:
ssh azureuser@public_ip_here
它给我以下错误:
azureuser@52.186.144.190: Permission denied (publickey).
我尝试通过下载 RDP 文件并将其导入 RDP 来使用 Azure 门户中的 RDP 文件,但我收到以下错误:
我尝试过的事情:
- 使用上面的普通 ssh 命令
- 正在尝试将私钥放入 .pem 文件并为其分配受限权限。然后使用 ssh -i 命令传递此密钥。这也不行
- 使用从 Azure 门户下载的 RDP 文件(错误如下所示)
- 运行 Azure 门户中虚拟机的测试连接功能,显示连接成功,但我仍然无法访问虚拟机。
我想知道我是否必须以某种方式配置 Azure 门户以允许我自己能够在 VM 中进行 ssh。
我的main.tf代码是:
provider "azurerm" {
# The "feature" block is required for AzureRM provider 2.x.
# If you're using version 1.x, the "features" block is not allowed.
version = "~>2.0"
features {}
}
resource "azurerm_resource_group" "myterraformgroup" {
name = "myResourceGroup"
location = "eastus"
tags = {
environment = "Terraform Demo"
}
}
resource "azurerm_virtual_network" "myterraformnetwork" {
name = "myVnet"
address_space = ["10.0.0.0/16"]
location = "eastus"
resource_group_name = azurerm_resource_group.myterraformgroup.name
tags = {
environment = "Terraform Demo"
}
}
resource "azurerm_subnet" "myterraformsubnet" {
name = "mySubnet"
resource_group_name = azurerm_resource_group.myterraformgroup.name
virtual_network_name = azurerm_virtual_network.myterraformnetwork.name
address_prefixes = ["10.0.1.0/24"]
}
resource "azurerm_public_ip" "myterraformpublicip" {
name = "myPublicIP"
location = "eastus"
resource_group_name = azurerm_resource_group.myterraformgroup.name
allocation_method = "Dynamic"
tags = {
environment = "Terraform Demo"
}
}
resource "azurerm_network_security_group" "myterraformnsg" {
name = "myNetworkSecurityGroup"
location = "eastus"
resource_group_name = azurerm_resource_group.myterraformgroup.name
security_rule {
name = "SSH"
priority = 1001
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "22"
source_address_prefix = "*"
destination_address_prefix = "*"
}
tags = {
environment = "Terraform Demo"
}
}
resource "azurerm_network_interface" "myterraformnic" {
name = "myNIC"
location = "eastus"
resource_group_name = azurerm_resource_group.myterraformgroup.name
ip_configuration {
name = "myNicConfiguration"
subnet_id = azurerm_subnet.myterraformsubnet.id
private_ip_address_allocation = "Dynamic"
public_ip_address_id = azurerm_public_ip.myterraformpublicip.id
}
tags = {
environment = "Terraform Demo"
}
}
resource "azurerm_network_interface_security_group_association" "example" {
network_interface_id = azurerm_network_interface.myterraformnic.id
network_security_group_id = azurerm_network_security_group.myterraformnsg.id
}
resource "random_id" "randomId" {
keepers = {
# Generate a new ID only when a new resource group is defined
resource_group = azurerm_resource_group.myterraformgroup.name
}
byte_length = 8
}
resource "azurerm_storage_account" "mystorageaccount" {
name = "diag${random_id.randomId.hex}"
resource_group_name = azurerm_resource_group.myterraformgroup.name
location = "eastus"
account_tier = "Standard"
account_replication_type = "LRS"
tags = {
environment = "Terraform Demo"
}
}
resource "tls_private_key" "example_ssh" {
algorithm = "RSA"
rsa_bits = 4096
}
output "tls_private_key" { value = tls_private_key.example_ssh.private_key_pem }
resource "azurerm_linux_virtual_machine" "myterraformvm" {
name = "myVM"
location = "eastus"
resource_group_name = azurerm_resource_group.myterraformgroup.name
network_interface_ids = [azurerm_network_interface.myterraformnic.id]
size = "Standard_DS1_v2"
os_disk {
name = "myOsDisk"
caching = "ReadWrite"
storage_account_type = "Premium_LRS"
}
source_image_reference {
publisher = "Canonical"
offer = "UbuntuServer"
sku = "18.04-LTS"
version = "latest"
}
computer_name = "myvm"
admin_username = "azureuser"
disable_password_authentication = true
admin_ssh_key {
username = "azureuser"
public_key = tls_private_key.example_ssh.public_key_openssh
}
boot_diagnostics {
storage_account_uri = azurerm_storage_account.mystorageaccount.primary_blob_endpoint
}
tags = {
environment = "Terraform Demo"
}
}
任何 help/pointers 将不胜感激!
经过我的验证,您可以将输出的 pem 私钥保存到主目录中名为 key.pem 的文件中。例如,Windows 10 中的 C:\Users\username\ 或 Linux 中的 /home/username/。
然后就可以通过shell中的命令访问Azure VM了。
ssh -i "C:\Users\username\key.pem" azureuser@23.x.x.x
结果
此外,由tls_private_key生成的私钥将以未加密的方式存储在您的 Terraform 状态文件中。建议在 Terraform 之外生成一个私钥文件,并将其安全地分发到 Terraform 所在的系统 运行.
您可以在 Windows 10 中的 PowerShell 中使用 ssh-keygen 在客户端计算机上创建密钥对。密钥对保存在目录C:\Users\username\.ssh.
例如,那么您可以将public密钥发送到带有Terraform函数文件的Azure VM:
admin_ssh_key {
username = "azureuser"
public_key = file("C:\Users\someusername\.ssh\id_rsa.pub")
#tls_private_key.example_ssh.public_key_openssh
}
首先创建密钥。
ssh-keygen -t rsa -b 2048 -C 邮箱@example.com
第二次添加key的路径
admin_ssh_key {
username = "azureuser"
public_key = file("C:\Users\someusername\.ssh\id_rsa.pub")
}
终于登录了。
ssh -i "C:\Users\someusername.ssh\id_rsa" azureuser@20.x.x.x
我按照以下指南使用 Terraform 设置了一个 Linux 虚拟机:
一切都已在 Azure 中成功创建。我无法通过 ssh 进入虚拟机的最后一步。我在 Windows powershell 中使用以下命令:
ssh azureuser@public_ip_here
它给我以下错误:
azureuser@52.186.144.190: Permission denied (publickey).
我尝试通过下载 RDP 文件并将其导入 RDP 来使用 Azure 门户中的 RDP 文件,但我收到以下错误:
我尝试过的事情:
- 使用上面的普通 ssh 命令
- 正在尝试将私钥放入 .pem 文件并为其分配受限权限。然后使用 ssh -i 命令传递此密钥。这也不行
- 使用从 Azure 门户下载的 RDP 文件(错误如下所示)
- 运行 Azure 门户中虚拟机的测试连接功能,显示连接成功,但我仍然无法访问虚拟机。
我想知道我是否必须以某种方式配置 Azure 门户以允许我自己能够在 VM 中进行 ssh。
我的main.tf代码是:
provider "azurerm" {
# The "feature" block is required for AzureRM provider 2.x.
# If you're using version 1.x, the "features" block is not allowed.
version = "~>2.0"
features {}
}
resource "azurerm_resource_group" "myterraformgroup" {
name = "myResourceGroup"
location = "eastus"
tags = {
environment = "Terraform Demo"
}
}
resource "azurerm_virtual_network" "myterraformnetwork" {
name = "myVnet"
address_space = ["10.0.0.0/16"]
location = "eastus"
resource_group_name = azurerm_resource_group.myterraformgroup.name
tags = {
environment = "Terraform Demo"
}
}
resource "azurerm_subnet" "myterraformsubnet" {
name = "mySubnet"
resource_group_name = azurerm_resource_group.myterraformgroup.name
virtual_network_name = azurerm_virtual_network.myterraformnetwork.name
address_prefixes = ["10.0.1.0/24"]
}
resource "azurerm_public_ip" "myterraformpublicip" {
name = "myPublicIP"
location = "eastus"
resource_group_name = azurerm_resource_group.myterraformgroup.name
allocation_method = "Dynamic"
tags = {
environment = "Terraform Demo"
}
}
resource "azurerm_network_security_group" "myterraformnsg" {
name = "myNetworkSecurityGroup"
location = "eastus"
resource_group_name = azurerm_resource_group.myterraformgroup.name
security_rule {
name = "SSH"
priority = 1001
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "22"
source_address_prefix = "*"
destination_address_prefix = "*"
}
tags = {
environment = "Terraform Demo"
}
}
resource "azurerm_network_interface" "myterraformnic" {
name = "myNIC"
location = "eastus"
resource_group_name = azurerm_resource_group.myterraformgroup.name
ip_configuration {
name = "myNicConfiguration"
subnet_id = azurerm_subnet.myterraformsubnet.id
private_ip_address_allocation = "Dynamic"
public_ip_address_id = azurerm_public_ip.myterraformpublicip.id
}
tags = {
environment = "Terraform Demo"
}
}
resource "azurerm_network_interface_security_group_association" "example" {
network_interface_id = azurerm_network_interface.myterraformnic.id
network_security_group_id = azurerm_network_security_group.myterraformnsg.id
}
resource "random_id" "randomId" {
keepers = {
# Generate a new ID only when a new resource group is defined
resource_group = azurerm_resource_group.myterraformgroup.name
}
byte_length = 8
}
resource "azurerm_storage_account" "mystorageaccount" {
name = "diag${random_id.randomId.hex}"
resource_group_name = azurerm_resource_group.myterraformgroup.name
location = "eastus"
account_tier = "Standard"
account_replication_type = "LRS"
tags = {
environment = "Terraform Demo"
}
}
resource "tls_private_key" "example_ssh" {
algorithm = "RSA"
rsa_bits = 4096
}
output "tls_private_key" { value = tls_private_key.example_ssh.private_key_pem }
resource "azurerm_linux_virtual_machine" "myterraformvm" {
name = "myVM"
location = "eastus"
resource_group_name = azurerm_resource_group.myterraformgroup.name
network_interface_ids = [azurerm_network_interface.myterraformnic.id]
size = "Standard_DS1_v2"
os_disk {
name = "myOsDisk"
caching = "ReadWrite"
storage_account_type = "Premium_LRS"
}
source_image_reference {
publisher = "Canonical"
offer = "UbuntuServer"
sku = "18.04-LTS"
version = "latest"
}
computer_name = "myvm"
admin_username = "azureuser"
disable_password_authentication = true
admin_ssh_key {
username = "azureuser"
public_key = tls_private_key.example_ssh.public_key_openssh
}
boot_diagnostics {
storage_account_uri = azurerm_storage_account.mystorageaccount.primary_blob_endpoint
}
tags = {
environment = "Terraform Demo"
}
}
任何 help/pointers 将不胜感激!
经过我的验证,您可以将输出的 pem 私钥保存到主目录中名为 key.pem 的文件中。例如,Windows 10 中的 C:\Users\username\ 或 Linux 中的 /home/username/。
然后就可以通过shell中的命令访问Azure VM了。
ssh -i "C:\Users\username\key.pem" azureuser@23.x.x.x
结果
此外,由tls_private_key生成的私钥将以未加密的方式存储在您的 Terraform 状态文件中。建议在 Terraform 之外生成一个私钥文件,并将其安全地分发到 Terraform 所在的系统 运行.
您可以在 Windows 10 中的 PowerShell 中使用 ssh-keygen 在客户端计算机上创建密钥对。密钥对保存在目录C:\Users\username\.ssh.
例如,那么您可以将public密钥发送到带有Terraform函数文件的Azure VM:
admin_ssh_key {
username = "azureuser"
public_key = file("C:\Users\someusername\.ssh\id_rsa.pub")
#tls_private_key.example_ssh.public_key_openssh
}
首先创建密钥。
ssh-keygen -t rsa -b 2048 -C 邮箱@example.com
第二次添加key的路径
admin_ssh_key {
username = "azureuser" public_key = file("C:\Users\someusername\.ssh\id_rsa.pub")}
终于登录了。
ssh -i "C:\Users\someusername.ssh\id_rsa" azureuser@20.x.x.x