Creating SSH Keypairs
Overview
When you deploy a virtual machine, most combinations of venue and operating system require you to provide an SSH Public Key (currently only Windows on Azure does not). This key is inserted into the virtual machine at creation time so that you can remotely administer it. Tuono does not currently create or manage SSH Keys.
Goals
By completing this tutorial, you will learn to:
Generate SSH key pairs on various platforms
Configure your environment to use the generated keypair
Use the kepair to log in to your deployed infrastructure.
Platform Requirements
OpenSSH is installed by default on later Windows builds
Add the OpenSSH capability to the Windows machine
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0Set the StartType to 'Automatic'
Get-Service -Name ssh-agent | Set-Service -StartupType AutomaticStart the ssh-agent and sshd service
Start-Service ssh-agent; Start-Service sshdCreating an SSH Keypair
It is important to do this step as a normal user
On all platforms you can generate a keypair using the commandssh-keygen.
Generate an SSH keypair
ssh-keygen -t rsa -b 4096The fileid_rsacontains the private key, which you keep, as you will need to use it later to log into your virtual machine(s).
The dialogue should look like this:
Generating public/private rsa key pair.
Enter file in which to save the key (C:\Users\<username>/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in C:\Users\<username>/.ssh/id_rsa.
Your public key has been saved in C:\Users\<username>/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:5NORnkS+qUbDd/TLs1yECr7COPNrdMvbWT2FleBSiu4 <username>@<server>@<LOCAL-HOSTNAME>
The key's randomart image is:
+---[RSA 2048]----+
| . o |
| o..+ . .|
| ..=o.. ..|
| +.+ *.. + |
| S.O . + o|
| .o*.o o +.|
| +oE... =.o|
| +.+ oo + +.|
| =ooo.o o |
+----[SHA256]-----+It is up to you to safeguard the contents of theid_rsafile.
The fileis_rsa.pubcontains the public key, which you can place into a blueprint or into a variable as needed. Public keys do not need to be treated as secrets. The contents of the public key file can be shared freely without any consequence.
Using an SSH Keypair
Provisioning
Our tutorial contains a blueprint with a variable named admin_public_key. You can set this variable in your environment to the text string within theid_rsa.pubfile. It will look something like this:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDpEnqpk716xZdXfZQFr7MCGnqt55k4Jl714nD1aT/zQLGYYAlmR4fK+Tv1D3W7GNki04OVGFK9Jd8+MIXjl/0Wn4yyffH+46aA3Td1fOxq99K4LHBrn/t7yzICjqqRXzqbvZT/1q2Kb8auO8oyGQdE1v4N3qoSGj8TYj/597UaEGMCv4jqqkog5RyNbGOGmjHmKeBQ36mPnYrk1+M2LqnjyJdBLLLv4OzqW6jYSHeRo2nry1vtPMigS67/WoNDGrwXPBuYllFwtTsm3ZJwOJv+fb44wMyL73KSeiCDk3AcCicMQcmZKjL4kpkw8Y/NHk7ykcZ5Mdtaepzy2J2NaRjp <username>@<server>@<LOCAL-HOSTNAME>Theadmin_usernameaccount on the virtual machine will be configured to allow ssh inbound using the private key that matches. This defaults to "adminuser", but can be set to something more meaningful if you prefer.
Post-Provisioning Access
The IP address of the virtual machine is available in the Inventory at the bottom of the blueprint pane.
Assuming that you have enabled SSH access through firewall rules - as in the tutorial - and allow connectivity to the internet - again, as in the tutorial - you can connect to your virtual machine:
ssh <admin_username>@<ip>Adding Additional Keys
To add further public keys to the deployed Linux system - as deployed by the tutorial - the simplest way is to copy additional public key(s) to the system which generated the admin_public_key above and from there you can follow the platform-specific steps below.
Windows
type <path_to_additional_key> | ssh <admin_username>@<ip> 'cat >> .ssh/authorized_keysLinux/OSX
ssh-copy-id -i <path_to_additional_key> <admin_username>@<ip>Once this is done you can test the the additional machine(s) have access by logging in from them:
ssh <admin_username>@<ip>Last updated
Was this helpful?