This is the second part of the series that will walk you through the process of connecting to a Linux VM that runs on Windows Azure. The first part was focused on SSH connections using regular credentials. This post will demonstrate how to use SSH keys for stronger authentication.
Part 1: https://marcelzehner.ch/2013/06/24/quick-post-connect-to-a-linux-vm-on-windows-azure-part-12/
Part 2: This post
First we need to create a public and private key using OpenSSL. After installation you can open a command prompt, navigate to the bin directory inside the install directory and run openssl.exe using some parameters. Feel free to change them as needed.
OpenSSL.exe req –x509 –nodes –days 365 –newkey rsa:2048 –config ..\share\openssl.cnf –keyout path\name.key –out Cert.pem
“days” defines the certificate/key lifetime
“rsa:xxxx” specifies the key length
“config” needs to be added to find the openssl config file
“keyout” is used to specify the private key file name
“out” is used to store the public key/certificate
The key pair is used as follows: the public key is copied to the remote machine that a connection needs to me made to, in our case this is the Windows Azure VM. The private key is used on the client that will create the connection, in this case my Windows machine. This key needs to be stored in a secure way to make sure no one else will be able to create a successful connection to the Azure VM.
Now let’s create a new Linux VM in Azure and select the option to authenticate with a SSH key. Select the public key (*.pem) from the step before.
After the VM is provisioned check out the details of the VM to see the details to make a connection.
Now use Putty to create a connection to the VM.
After entering the user name a message tells us that authentication was not successful. Sure, we did not specify which private key to use to successfully complete the authentication process. That makes sense, and it shows that it’s no more possible to create connections when you are not the holder of the corresponding private key.
Before we can use our public key together with Putty, we need to transform it into another format that Putty can use. This can be done using a tool called Puttygen.exe. Download and start Puttygen and load the private key created earlier.
Now change the key comment to something meaningful and save the private key in a Putty-ready format (*.ppk).
For better protection of the private key it would make sense to add a passphrase that needs to be entered whenever the key is used. In this example I choose the easy way without the passphrase. I am lazy
As soon as the key is successfully transformed, start Putty again and configure the connection to use this key for authentication.
Now connect to the Linux VM again.
Enter the user name and boom … you are connected! No password is needed this time as the SSH keys were used to handle the authentication.
Now have fun administering your Linux VMs on Windows Azure!