Passwords are vulnerable to brute force attacks, especially on Internet-facing VMS, such as WEB servers. When you connect to a Linux virtual machine (VM) in Azure, you should use public key cryptography to provide a more secure way to log on to your Linux VM. This procedure involves using the Secure Shell (SSH) command to Exchange public and private keys to authenticate yourself (not the user name and password). This article describes how to use the SSH key to generate the appropriate key on a Windows computer and create a Linux virtual machine in Azure. Azure requires at least 2048-bit adoption
Ssh-rsaThe public and private keys in the format. You can use the Ssh-keygen or OpenSSL tool to generate the relevant keys, both of which are available in git, and we need to install Git first.
1. Install git
Download and install Git for Windows: https://git-scm.com/from the following location.
In the installation process, accept the default option unless you specifically need to change the options.
Run Git bash from Start menu > Git > Git bash.
2. Create an SSH private key
In the Git Bash window, use the openssl.exe
create private key. The following example creates a key named myPrivateKey
and a certificate named myCert.pem
:
Openssl.exe req-x509-nodes-days 365-newkey rsa:2048 \
-keyout Myprivatekey.key-out Mycert.pem
Answer the country/region name, location, organization name, and other prompts. Where countries use 2-character codes, China is CN
A new private key and certificate will be created in the current working directory. For security reasons, you should set permissions on the private key so that only it can be accessed: chmod 0600 Myprivatekey.key
3. Create a private key for PuTTY
PuTTY is a common SSH client for Windows. Feel free to use any of the required SSH clients. To use PuTTY, you need to create another type of key-PuTTY private key (PPK).
Use Git Bash to convert the private key to an RSA private key that PuTTYgen can recognize. The following example creates a key named based on myPrivateKey
an existing key named myPrivateKey_rsa
: OpenSSL rsa-in./myprivatekey.key-out Myprivatekey_rsa
For security reasons, you should set permissions on the private key so that only it can be accessed: chmod 0600 Myprivatekey_rsa
Download and run puttygen:http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html from the following location
Click menu: File > Load private key
Locate the private key (in the previous example myPrivateKey_rsa
). The default directory when starting Git Bash is C:\Users\%username%
. Change the file filter to display all files (*. *):
Click Open. The public key is displayed at the top of the PuTTYgen window. When you create a Linux VM, copy and paste the public key into the Azure portal or the Azure Resource Manager template. You can also click Save Public Key to save the copy to your computer:
4. Create a secure Linux virtual machine in Azure
Sign in to the Azure portal and create a virtual machine to copy and paste the above public key into the Azure portal when you create a Linux VM. This public key is then typically stored on the new VM ~/.ssh/authorized_keys
.
Return to PuTTYgen , click Save Private Key: A prompt is displayed asking if you want to continue without entering a passphrase for the key. A pass phrase is like a password attached to a private key. Even if someone gets the private key, they will still not be able to authenticate with the key. They also need a pass phrase. Without a passphrase, if someone gets the private key, they can log in to any VM or service that uses that key. It is recommended to create a pass phrase. However, if you forget the passphrase, there is no way to recover it.
If you want to enter a passphrase, click No, enter the passphrase in the main PuTTYgen window, and click Save Private key again. Otherwise, click Yes to continue without providing an optional pass phrase.
5. Use Putty to log on to the Linux computer via SSH
Download and run putty:http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html from the following location
Fill in the Putty hostname [email protected](or [email protected] hostname) AS
Note: You cannot just fill in the IP address or host name, otherwise you will be prompted to enter your username and password after the connection.
Before you select Open, click the Connections > SSH > Authentication tab. Browse to the private key and select it:
Click Open to connect directly to the Linux virtual machine in Azure without having to enter your username and password.
Create a secure Linux virtual machine in Azure