Create a secure Linux virtual machine in Azure

Source: Internet
Author: User
Tags openssl openssl rsa

Passwords are vulnerable to brute force attacks, especially on Internet-facing VMS, such as WEB servers. When you connect to a Linux virtual machine (VM) in Azure, you should use public key cryptography to provide a more secure way to log on to your Linux VM. This procedure involves using the Secure Shell (SSH) command to Exchange public and private keys to authenticate yourself (not the user name and password). This article describes how to use the SSH key to generate the appropriate key on a Windows computer and create a Linux virtual machine in Azure. Azure requires at least 2048-bit adoption Ssh-rsaThe public and private keys in the format. You can use the Ssh-keygen or OpenSSL tool to generate the relevant keys, both of which are available in git, and we need to install Git first.

1. Install git

    • Download and install Git for Windows: https://git-scm.com/from the following location.

    • In the installation process, accept the default option unless you specifically need to change the options.

    • Run Git bash from Start menu > Git > Git bash.

2. Create an SSH private key

In the Git Bash window, use the openssl.exe create private key. The following example creates a key named myPrivateKey and a certificate named myCert.pem :

Openssl.exe req-x509-nodes-days 365-newkey rsa:2048 \
-keyout Myprivatekey.key-out Mycert.pem

Answer the country/region name, location, organization name, and other prompts. Where countries use 2-character codes, China is CN

A new private key and certificate will be created in the current working directory. For security reasons, you should set permissions on the private key so that only it can be accessed: chmod 0600 Myprivatekey.key

3. Create a private key for PuTTY

PuTTY is a common SSH client for Windows. Feel free to use any of the required SSH clients. To use PuTTY, you need to create another type of key-PuTTY private key (PPK).

Use Git Bash to convert the private key to an RSA private key that PuTTYgen can recognize. The following example creates a key named based on myPrivateKey an existing key named myPrivateKey_rsa : OpenSSL rsa-in./myprivatekey.key-out Myprivatekey_rsa

For security reasons, you should set permissions on the private key so that only it can be accessed: chmod 0600 Myprivatekey_rsa

Download and run puttygen:http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html from the following location

Click menu: File > Load private key

Locate the private key (in the previous example myPrivateKey_rsa ). The default directory when starting Git Bash is C:\Users\%username% . Change the file filter to display all files (*. *):

Click Open. The public key is displayed at the top of the PuTTYgen window. When you create a Linux VM, copy and paste the public key into the Azure portal or the Azure Resource Manager template. You can also click Save Public Key to save the copy to your computer:

4. Create a secure Linux virtual machine in Azure

Sign in to the Azure portal and create a virtual machine to copy and paste the above public key into the Azure portal when you create a Linux VM. This public key is then typically stored on the new VM ~/.ssh/authorized_keys .

Return to PuTTYgen , click Save Private Key: A prompt is displayed asking if you want to continue without entering a passphrase for the key. A pass phrase is like a password attached to a private key. Even if someone gets the private key, they will still not be able to authenticate with the key. They also need a pass phrase. Without a passphrase, if someone gets the private key, they can log in to any VM or service that uses that key. It is recommended to create a pass phrase. However, if you forget the passphrase, there is no way to recover it.

If you want to enter a passphrase, click No, enter the passphrase in the main PuTTYgen window, and click Save Private key again. Otherwise, click Yes to continue without providing an optional pass phrase.

5. Use Putty to log on to the Linux computer via SSH

Download and run putty:http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html from the following location

Fill in the Putty hostname [email protected](or [email protected] hostname) AS

Note: You cannot just fill in the IP address or host name, otherwise you will be prompted to enter your username and password after the connection.

Before you select Open, click the Connections > SSH > Authentication tab. Browse to the private key and select it:

Click Open to connect directly to the Linux virtual machine in Azure without having to enter your username and password.

Create a secure Linux virtual machine in Azure

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.