💡 Learn more : Overview of Azure Cloud Shell (opens new window).
📺 Watch the video : How to generate SSH public key to log into Linux VM (opens new window).
# Generate SSH keys to log into Linux VM with Cloud Shell
For these instructions, I'll assume you have a Linux VM already setup and connecting via Cloud Shell.
1.) Log into Azure Cloud Shell and type
ssh-keygen -t rsa -b 2048. Accept all default by pressing enter. It has generated a public key that is stored in
/home/michael/.ssh/id_rsa.pub. as shown below.
michael@Azure:~/clouddrive$ ssh-keygen -t rsa -b 2048 Generating public/private rsa key pair. Enter file in which to save the key (/home/michael/.ssh/id_rsa): Created directory '/home/michael/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/michael/.ssh/id_rsa. Your public key has been saved in /home/michael/.ssh/id_rsa.pub. The key fingerprint is: SHA256:FHZVjZfU0zZaXoEvbg37/YUW+02VMIXl6UtUIumpHs0 michael@cc-72f9-63c154d-32136390-qk3bs The key's randomart image is: +---[RSA 2048]----+ | o ..ooBB*| | . o .++*X| | . . +=*+| | . o+=o.| | S +. *+.| | o E+.=o| | . .. =.+| | . . ++| | =| +----[SHA256]-----+ michael@Azure:~/clouddrive$
2.) Ensure the key was generated by typing
michael@Azure:~$ ls -a . .. .azure .bash_history .bash_logout .bashrc clouddrive .profile .ssh
3.) Looks good (we see
.ssh), we'll go ahead and copy it to our server with
michael@Azure:~$ ssh-copy-id user@ipaddy firstname.lastname@example.org's password: id_rsa.pub 100% 420 0.4KB/s 00:00
4.) SSH to the Linux server with
5.) Edit the ssh server configuration file with
sudo nano /etc/ssh/sshd_config.
5.1) These entries must be set to yes and they should already be that way by default: RSAAuthentication yes PubkeyAuthentication yes
6.) Reload the configuration with
sudo service ssh reload.
7.) Disconnect and try to connect without the need to give the password to the ssh-client
8.) If everything goes as planned, you should see:
michael@Azure:~$ ssh user@ipaddy Welcome to Ubuntu 16.04.3 LTS (GNU/Linux 4.4.0-92-generic x86_64) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support: https://ubuntu.com/advantage Get cloud support with Ubuntu Advantage Cloud Guest: http://www.ubuntu.com/business/services/cloud 15 packages can be updated. 0 updates are security updates. *** System restart required *** Last login: Sun Sep 10 23:49:35 2017 from 188.8.131.52
# BONUS: If you want to disable the password you previously set on the Linux machine
If you want to disable the password on the Linux machine that you previously set:
1.) SSH back into the machine with
2.) Disable password authentication with
sudo nano /etc/ssh/sshd_config.
2.1) Ensure the following settings should are set to no:
ChallengeResponseAuthentication no PasswordAuthentication no UsePAM no
2.2.) Reload the configuration with
sudo service ssh reload
3.) You can see if the password authentication is disabled by logging out and then trying to connect with key file authentication disabled with
ssh user@ipaddress -o PubkeyAuthentication=no. You should get "Permission denied".
# BONUS #2: You can easily do the same with BASH on Windows 10
You can have the same goodness that you have with Azure Cloud Shell on your local machine. In my case, I'm using BASH on Windows and can just run steps 1-5 listed above. Boom!