I created a VM using "use existing public key". When I try logging into Linux Server using SSH, I'm getting error as "Permission denied (publickey)". In case if I select "use existing key stored in Azure", it is working as expected.
Can you please suggest why I'm getting this error.
Regards,
Santosh
You can not use the public key created in Azure as Use Existing Public Key. Public Key Created in Azure in only for User existing key stored in Azure.
For using the Use Existing Public Key You need to create a Public Key in your local machine or you can create using azureCLI as well.
The following command creates an SSH key pair using RSA encryption and a bit length of 4096:
ssh-keygen -m PEM -t rsa -b 4096
Using the above command you will have two key one is private(id_rsa) and another is public(id_rsa.pub).Use the Public One you can get the key at this location cd /home/rahul/.ssh/
Refere this Microsoft Document.
Related
I'm recently working on creating a cloud instance on Azure. Once I created a new VM for the service I need, it always lets me download a pem file. However, it seems like I can log in to the VM through SSH without using the pem file.
Besides that, when I check the "authorized_keys" file on the new VM, it includes a public key, which is not the one on my local machine's "id_rsa.pub" file.
I'm wondering how I could log in without the public key stored in the authorized_keys file?
I think this question is related to SSH, thanks in advance!
Why we get a pem file when creating a VM on Microsoft Azure?
Disabling password logins to SSH is a common practice for SSH hardening [1,2]. The PEM file provided by default will help you achieve this.
Besides that, when I check the "authorized_keys" file on the new VM,
it includes a public key, which is not the one on my local machine's
"id_rsa.pub" file
I believe you are viewing the file for another user or comparing the wrong keys.
I'm wondering how I could log in without the public key stored in the
authorized_keys file?
You could change the authorized_keys file you are referring to by modifying the AuthorizedKeysFile variable in the /etc/ssh/sshd_config file.
I'm creating an instance on AWS, and it's given me a .pem file that will allow me to connect to my instance.
I always use public/private keys to connect to remote servers.
I'd like to know what's the difference between these methods on AWS.
You can ask AWS to create a public/private key in the Amazon EC2 console. When you do this, AWS retains the public key and downloads the private key (.pem) to you. Make sure you save it, because you can't get the private key again.
Alternatively, you can create your own public/private key outside of AWS. You can then Import the key into the Amazon EC2 console.
In both cases, the key is then available to select when launching an Amazon EC2 instance. When an AMI provided by AWS is used for the new instance, software on the instance will automatically copy the public keypair into the /home/ec2-user/.ssh/authorized_keys file.
For Windows users, a program on the AMI will generate a random Administrator password, encrypt the password using the selected keypair, and the user must then provide the private key to decrypt the password. (You are encouraged to change the Administrator password after login.)
If you use Windows and want to use PuTTY to SSH into an Amazon EC2 instance, you will need a .ppk file. This can be selected when generating the keypair, or you can use PuTTYGen to convert the key.
Bottom line: The .pem file is your private key.
I'm remotely logging into my Raspberry Pi via SSH. I'm starting to use it for web development testing and would like to push to git repositories from the Raspberry Pi. Do I reuse the public key or do I need to make a new pair of keys? Do I need to use ssh-agent to manage the keys?
The public key used for SSH login is written in ~/.ssh/authorized_keys
I already tried making new key pairs with ssh-keygen and adding the new public key as a Bitbucket Deployment key.
Thanks!
A pair of key is supposed to represent an identity, i.e. your own machine. Unless you have different machines with different levels of trust (for example, a work machine and a personal machine), you don't need to generate different pair of keys on the same machine for different services.
Concerning key pairs, note that they are pairs, i.e. two keys (a public and a private one). id_rsa is the usual name of your private key on that machine. authorized_keys is the usual name of a list of public keys, for other machines, authorized to log in on that machine. The name of your public key is most certainly id_rsa.pub. That's why copying your authorized_keys to id_rsa elsewhere doesn't make much sense.
I'm trying to setup continuous deployment for an Azure website using bitbucket.
The problem is I'm using a submodule (which I own) that Azure doesn't have permission to, because it doesn't add that by default.
I'm trying to figure out how to add an SSH key so that Azure can connect and get the submodule.
Steps I've taken.
Created a New Public/Private Key with PuttyGen, Added the public key to my bitbucket account under the name Azure
FTPed into Azure, and added both the public and private key files (.ppk) to the .ssh directory (yeah I didn't know which one I was suppose to add). They are named azurePrivateKey.ppk, and azurePublicKey.
Updated my config file to look like this
HOST *
StrictHostKeyChecking no
Host bitbucket.org
HostName bitbucket.org
PreferredAuthentications publickey
IdentityFile ~/.ssh/azurePrivateKey.ppk
(no clue if that's right)
Updated my Known Hosts to look like this
bitbucket.org,131.103.20.168, <!--some key here...it was here when i opened the file, assuming it's the public key for the repo i tried to add-->
bitbucket.org,131.103.20.168, <!--the new public key i tried to add-->
And I still get the same error, no permission to get submodule. So i'm having trouble figuring out which step I did incorrectly as I've never done this before.
Better late then never, and it could be usefull for others :
A Web App already have a ssh key, to get it :
https://[web-site-name].scm.azurewebsites.net/api/sshkey?ensurePublicKey=1
You can then add this key to you git repo deploy key.
I've never set that up in Azure but some general rules of thumb for handling SSH keys:
The private key in $HOME/.ssh/ must have file mode 600 (RW only for the owner)
You need both, the public and the private key in this folder, usually named id_rsa and id_rsa.pub but you can change the filename to whatever you like
You have to convert the private key generated by puttykeygen to a OpenSSH2 compatible format, see How to convert SSH keypairs generated using PuttyGen
known_hosts stores the public keys of the servers you've already connected to. That's useful to make sure that you are really connecting to the same server again. more detailed information on this topic
HTH
So if you like me had multiple private submodules on the same github account as the app service is deployed at you can give your service access to all your modules by moving the deployment key.
Go to the repo where your service is hosted.
In settings go to deploy keys.
Remove the deployment key.
Get the public key from https://[your-web-app].scm.azurewebsites.net/api/sshkey?ensurePublicKey=1
Add the key to your SSH keys in the account settings for github.
If you have modules on several accounts you can add the same key to each account.
After this the service can access private repos on all accounts with the key.
I got a problem with upgrading my deployment to windows server 2012, my deploy works fine with osfamily=2 and compiled with .net4, but failed at .net4.5 and osfamily=3,
the exception I saw when remote to the vm is "Keyset does not exist", seems to related to some certificates. My program using the certificates to encrypt some stream and should be able to using this certs to decode this stream after I deploy it.
I checked the certs on vm, it is installed fine, in the right place.
So I suspect this is an issue with the different secure policy with 2012 that prevent my role to get the key in the certs.
this blocks me for a while so Thank a lot for any clue!
Keyset does not exist typically refers to an error when your program is trying to access a private key of a certificate and is unable to do so, either because the private key does not exist or because it has no permissions to access it
You will need to find the certificate in question in your certificate store, verify that it contains a private key (that will show up in the properties of the certificate)
And then verify that your process/application pool has permissions to access the private key by right-clicking on the certificate from the certificate store and choosing: All Tasks->Manage Private Keys. From there, make sure to add sufficient users to the allowed list
Hope this helps