Nov 26, 2018 You can copy this entire public key and then paste it into the Azure portal or an Azure Resource Manager template when you create a Linux VM. You can also select Save public key to save a copy to your computer: Optionally, to save the private key in PuTTy private key format (.ppk file), select Save private key. You will need the.ppk file later to use PuTTY to make an SSH connection to the VM. Asymmetric cryptography also known as public-key encryption uses a public/private key pair to encrypt and decrypt data. In.NET, the RSACryptoServiceProvider and DSACryptoServiceProvider classes are used for asymmetric encryption.
title | description | author | ms.service | ms.workload | ms.topic | ms.date | ms.author |
---|---|---|---|---|---|---|---|
Create and use an SSH key pair for Linux VMs in Azure | How to create and use an SSH public-private key pair for Linux VMs in Azure to improve the security of the authentication process. | virtual-machines-linux | article | cynthn |
With a secure shell (SSH) key pair, you can create virtual machines (VMs) in Azure that use SSH keys for authentication, eliminating the need for passwords to sign in. This article shows you how to quickly generate and use an SSH public-private key file pair for Linux VMs. You can complete these steps with the Azure Cloud Shell, a macOS or Linux host, the Windows Subsystem for Linux, and other tools that support OpenSSH.
[!NOTE]VMs created using SSH keys are by default configured with passwords disabled, which greatly increases the difficulty of brute-force guessing attacks.
For more background and examples, see Detailed steps to create SSH key pairs.
For additional ways to generate and use SSH keys on a Windows computer, see How to use SSH keys with Windows on Azure.
[!INCLUDE virtual-machines-common-ssh-support]
Create an SSH key pair
Use the
ssh-keygen
command to generate SSH public and private key files. By default, these files are created in the ~/.ssh directory. You can specify a different location, and an optional password (passphrase) to access the private key file. If an SSH key pair with the same name exists in the given location, those files are overwritten.The following command creates an SSH key pair using RSA encryption and a bit length of 4096:
If you use the Azure CLI to create your VM with the az vm create command, you can optionally generate SSH public and private key files using the
--generate-ssh-keys
option. The key files are stored in the ~/.ssh directory unless specified otherwise with the --ssh-dest-key-path
option. The --generate-ssh-keys
option will not overwrite existing key files, instead returning an error. In the following command, replace VMname and RGname with your own values:Provide an SSH public key when deploying a VM
To create a Linux VM that uses SSH keys for authentication, specify your SSH public key when creating the VM using the Azure portal, Azure CLI, Azure Resource Manager templates, or other methods:
If you're not familiar with the format of an SSH public key, you can display your public key with the following
cat
command, replacing ~/.ssh/id_rsa.pub
with the path and filename of your own public key file if needed:A typical public key value looks like this example:
If you copy and paste the contents of the public key file to use in the Azure portal or a Resource Manager template, make sure you don't copy any trailing whitespace. To copy a public key in macOS, you can pipe the public key file to
pbcopy
. Similarly in Linux, you can pipe the public key file to programs such as xclip
.The public key that you place on your Linux VM in Azure is by default stored in ~/.ssh/id_rsa.pub, unless you specified a different location when you created the key pair. To use the Azure CLI 2.0 to create your VM with an existing public key, specify the value and optionally the location of this public key using the az vm create command with the
--ssh-key-values
option. In the following command, replace VMname, RGname, and keyFile with your own values:If you want to use multiple SSH keys with your VM, you can enter them in a space-separated list, like this
--ssh-key-values sshkey-desktop.pub sshkey-laptop.pub
.SSH into your VM
With the public key deployed on your Azure VM, and the private key on your local system, SSH into your VM using the IP address or DNS name of your VM. In the following command, replace azureuser and myvm.westus.cloudapp.azure.com with the administrator user name and the fully qualified domain name (or IP address):
If you specified a passphrase when you created your key pair, enter that passphrase when prompted during the login process. The VM is added to your ~/.ssh/known_hosts file, and you won't be asked to connect again until either the public key on your Azure VM changes or the server name is removed from ~/.ssh/known_hosts.
If the VM is using the just-in-time access policy, you need to request access before you can connect to the VM. For more information about the just-in-time policy, see Manage virtual machine access using the just in time policy.
Next steps
- For more information on working with SSH key pairs, see Detailed steps to create and manage SSH key pairs.
- If you have difficulties with SSH connections to Azure VMs, see Troubleshoot SSH connections to an Azure Linux VM.
![Azure Generate Public Private Key Azure Generate Public Private Key](/uploads/1/2/6/0/126094197/578846275.jpg)
![Azure generate public private key encryption Azure generate public private key encryption](https://docs.microsoft.com/en-us/azure-stack/user/media/azure-stack-dev-start-howto-ssh-public-key/001-putty-key-gen-start.png)
To use an open SSH connection from your development machine to the server VM in your Azure Stack Hub instance that hosts your web app, you might need to create a Secure Shell (SSH) public and private key pair.
In this article, you create your keys and then use them to connect to your server. You can use an SSH client to get a bash prompt on the Linux server or use a Secure FTP (SFTP) client to move files to and from the server.
Create an SSH public key on Windows
In this section, you use PuTTY Key Generator to create a public SSH key and private key pair to use when you create a secure connection to Linux machines in your Azure Stack Hub instance. PuTTY is a free terminal emulator that can allow you to connect to a server via SSH and Telnet.
Azure Public Vs Private Cloud
- Open PuTTY Key Generator.
- Under Parameters, select RSA.
- In the Number of bits in a generated key box, enter 2048.
- Select Generate.
- In the Key area, generate some random characters by moving the cursor over the blank area.
- Enter a Key passphrase and confirm it in the Confirm passphrase box. Note your passphrase for later use.
- Select Save public key, and save it to a location where you can access it.
- Select Save private key, and save it to a location where you can access it. Remember that it belongs with the public key.
Your public key is stored in the text file you saved. The text looks like the following:
When an application requests the key, you copy and paste the entire contents of the text file.
Connect with SSH by using PuTTY
When you install PuTTY, you have both PuTTY Key Generator and an SSH client. In this section, you open the SSH client, PuTTY, and configure your connection values and SSH key. If you're on the same network as your Azure Stack Hub instance, you connect to your VM.
Before you connect, you will need:
Public Private Key Encryption
- PuTTY
- The IP address and username for the Linux machine in your Azure Stack Hub instance that uses an SSH public key as the Authentication type.
- Port 22 to be open for the machine.
- The public SSH key that you used when you created the machine.
- The client machine that runs PuTTY to be on the same network as your Azure Stack Hub instance.
- Open PuTTY.
- In the Host Name (or IP address) box, enter the username and public IP address of the machine (for example, [email protected]).
- Validate that the Port is 22 and the Connection type is SSH.
- In the Category tree, expand SSH and Auth.
- Next to the Private key file for authentication box, select Browse, and then search for the private key file (<filename>.ppk) of your public and private key pair.
- In the Category tree, select Session.
- Under Saved Sessions, enter a name for the session, and then select Save.
- In the Saved Sessions list, select the name of your session, and then select Load.
- Select Open. The SSH session opens.
Connect with SFTP with FileZilla
To move files to and from your Linux machine, you can use FileZilla, an FTP client that supports Secure FTP (SFTP). FileZilla runs on Windows 10, Linux, and macOS. The FileZilla client supports FTP, FTP over TLS (FTPS), and SFTP. It is open-source software that's distributed free of charge under the terms of the GNU General Public License.
Set your connection
- Download and install FileZilla.
- Open FileZilla.
- Select File > Site Manager.
- In the Protocol drop-down list, select SFTP - SSH File Transfer Protocol.
- In the Host box, enter the public IP address for your machine.
- In the Logon Type box, select Normal.
- Enter your username and password.
- Select OK.
- Select Edit > Settings.
- In the Select page tree, expand Connection, and then select SFTP.
- Select Add key file, and then enter your private key file (for example, <filename>.ppk).
- Select OK.
Azure Generate Public Private Key Data
Open your connection
- Open FileZilla.
- Select File > Site Manager.
- Select the name of your site, and then select Connect.
Next steps
Learn how to Set up a development environment in Azure Stack Hub.