TAGS :Viewed: 10 - Published at: a few seconds ago

[ How to configure SSH login with key pairs for a Linux VM using azure-sdk-for-python? ]

I was trying to deploy a Linux VM on Windows Azure by using azure-sdk-for-python. Luckily, I was able to configure a VM with password based authentication but didn't succeed to use SSH keys. Can anyone explain as how I can configure ssh login through azure-sdk-for-python?

I found a test code of creating a linux vm with ssh keys here: (see the _create_vm_linux() function) https://github.com/WindowsAzure/azure-sdk-for-python/blob/master/test/azuretest/test_servicemanagementservice.py (It may not be a right example since it is in test but I guess it works at least.) It seems LinuxConfigurationSet(self, host_name=None, user_name=None, user_password=None, disable_ssh_password_authentication=None) prepares authentication with user_name, user_password and ssh. Also, it looks like PublicKey and KeyPair classes are used to configure SSH login with keys. However, these settings are unclear to me for their usage. I think I have to ask details about the test code.

For PublicKey, I assume the first parameter is a thumbprint of service management certificate and the second parameter is a local path of a SSH public key. pk = PublicKey(SERVICE_CERT_THUMBPRINT, u'/home/unittest/.ssh/authorized_keys') For KeyPair, I assume the first parameter is same with PublicKey and the second parameter is a local path of a SSH private key. (I am not sure why a private key is required here) pair = KeyPair(SERVICE_CERT_THUMBPRINT, u'/home/unittest/.ssh/id_rsa') And the key pairs are x509 certificate.

I tried it with these lines but failed to deploy a VM. I guess I misinterpreted the use of functions. Any help?

Answer 1

The SERVICE_CERT_THUMBPRINT is of the pem file whose pfx file you have to upload using add_service_certificate method.

You can generate a fresh set of keys using the following:

 openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout mycert.key -out mycert.pem

This will generate the key file and the pem file

 openssl pkcs12 -export -in mycert.pem -inkey mycert.key -out mycert.pfx

This will generate the pfx file

Upload the pfx file next

cert_data_path = "/home/swati/keys/mycert.pfx"
with open(cert_data_path, "rb") as bfile:
    cert_data = base64.b64encode(bfile.read())
    cert_format = 'pfx'
    cert_password = ''
    cert_res = sms.add_service_certificate(service_name='qubolecloud',

Get the fingerprint of the pem file using

openssl x509 -in mycert.pem -sha1 -noout -fingerprint
SHA1 Fingerprint=98:34:21:38:KJ:1E:D8:CC:A8:9E:89:21:DF:D7:5D:34:A7:D1:F2:E1

The SERVICE_CERT_THUMBPRINT mentioned in the test code is this fingerprint without the colons.

You can now login to the machine using the key file, example

ssh -i mycert.key -p 22 username@azurecloud.cloudapp.net

Refer http://msdn.microsoft.com/library/azure/jj157194.aspx#SSH for what the various fields mean. Feel free to ask questions, I spend considerable amount of time getting this setup.