TIP
💡 Learn more : Overview of Azure Cloud Shell (opens new window).
📺 Watch the video : How to generate SSH public key to log into Linux VM (opens new window).
# Generate SSH keys to log into Linux VM with Cloud Shell
For these instructions, I'll assume you have a Linux VM already setup and connecting via Cloud Shell.
1.) Log into Azure Cloud Shell and type ssh-keygen -t rsa -b 2048. Accept all default by pressing enter. It has generated a public key that is stored in /home/michael/.ssh/id_rsa.pub. as shown below.
michael@Azure:~/clouddrive$ ssh-keygen -t rsa -b 2048
Generating public/private rsa key pair.
Enter file in which to save the key (/home/michael/.ssh/id_rsa):
Created directory '/home/michael/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/michael/.ssh/id_rsa.
Your public key has been saved in /home/michael/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:FHZVjZfU0zZaXoEvbg37/YUW+02VMIXl6UtUIumpHs0 michael@cc-72f9-63c154d-32136390-qk3bs
The key's randomart image is:
+---[RSA 2048]----+
| o ..ooBB*|
| . o .++*X|
| . . +=*+|
| . o+=o.|
| S +. *+.|
| o E+.=o|
| . .. =.+|
| . . ++|
| =|
+----[SHA256]-----+
michael@Azure:~/clouddrive$
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
2.) Ensure the key was generated by typing ls -a.
michael@Azure:~$ ls -a
. .. .azure .bash_history .bash_logout .bashrc clouddrive .profile .ssh
2
3
3.) Looks good (we see .ssh), we'll go ahead and copy it to our server with ssh-copy-id user@ipaddy:
michael@Azure:~$ ssh-copy-id user@ipaddy
mbcrump@52.161.31.243's password:
id_rsa.pub 100% 420 0.4KB/s 00:00
2
3
4.) SSH to the Linux server with ssh user@ipaddy.
5.) Edit the ssh server configuration file with sudo nano /etc/ssh/sshd_config.
5.1) These entries must be set to yes and they should already be that way by default: RSAAuthentication yes PubkeyAuthentication yes
6.) Reload the configuration with sudo service ssh reload.
7.) Disconnect and try to connect without the need to give the password to the ssh-client ssh user@ipaddy.
8.) If everything goes as planned, you should see:
michael@Azure:~$ ssh user@ipaddy
Welcome to Ubuntu 16.04.3 LTS (GNU/Linux 4.4.0-92-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
Get cloud support with Ubuntu Advantage Cloud Guest:
http://www.ubuntu.com/business/services/cloud
15 packages can be updated.
0 updates are security updates.
*** System restart required ***
Last login: Sun Sep 10 23:49:35 2017 from 40.83.147.69
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
# BONUS: If you want to disable the password you previously set on the Linux machine
If you want to disable the password on the Linux machine that you previously set:
1.) SSH back into the machine with ssh user@ipaddy.
2.) Disable password authentication with sudo nano /etc/ssh/sshd_config.
2.1) Ensure the following settings should are set to no:
ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no
2.2.) Reload the configuration with sudo service ssh reload
3.) You can see if the password authentication is disabled by logging out and then trying to connect with key file authentication disabled with ssh user@ipaddress -o PubkeyAuthentication=no. You should get "Permission denied".
# BONUS #2: You can easily do the same with BASH on Windows 10
You can have the same goodness that you have with Azure Cloud Shell on your local machine. In my case, I'm using BASH on Windows and can just run steps 1-5 listed above. Boom!