[ How to configure SSH login with key pairs for a Linux VM using azure-sdk-for-python? ]
I was trying to deploy a Linux VM on Windows Azure by using azure-sdk-for-python. Luckily, I was able to configure a VM with password based authentication but didn't succeed to use SSH keys. Can anyone explain as how I can configure ssh login through azure-sdk-for-python?
I found a test code of creating a linux vm with ssh keys here: (see the _create_vm_linux() function) https://github.com/WindowsAzure/azure-sdk-for-python/blob/master/test/azuretest/test_servicemanagementservice.py (It may not be a right example since it is in test but I guess it works at least.) It seems LinuxConfigurationSet(self, host_name=None, user_name=None, user_password=None, disable_ssh_password_authentication=None) prepares authentication with user_name, user_password and ssh. Also, it looks like PublicKey and KeyPair classes are used to configure SSH login with keys. However, these settings are unclear to me for their usage. I think I have to ask details about the test code.
For PublicKey, I assume the first parameter is a thumbprint of service management certificate and the second parameter is a local path of a SSH public key.
pk = PublicKey(SERVICE_CERT_THUMBPRINT, u'/home/unittest/.ssh/authorized_keys')
For KeyPair, I assume the first parameter is same with PublicKey and the second parameter is a local path of a SSH private key. (I am not sure why a private key is required here)
pair = KeyPair(SERVICE_CERT_THUMBPRINT, u'/home/unittest/.ssh/id_rsa')
And the key pairs are x509 certificate.
I tried it with these lines but failed to deploy a VM. I guess I misinterpreted the use of functions. Any help?
The SERVICE_CERT_THUMBPRINT is of the pem file whose pfx file you have to upload using add_service_certificate method.
You can generate a fresh set of keys using the following:
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout mycert.key -out mycert.pem
This will generate the key file and the pem file
openssl pkcs12 -export -in mycert.pem -inkey mycert.key -out mycert.pfx
This will generate the pfx file
Upload the pfx file next
cert_data_path = "/home/swati/keys/mycert.pfx"
with open(cert_data_path, "rb") as bfile:
cert_data = base64.b64encode(bfile.read())
cert_format = 'pfx'
cert_password = ''
cert_res = sms.add_service_certificate(service_name='qubolecloud',
Get the fingerprint of the pem file using
openssl x509 -in mycert.pem -sha1 -noout -fingerprint
The SERVICE_CERT_THUMBPRINT mentioned in the test code is this fingerprint without the colons.
You can now login to the machine using the key file, example
ssh -i mycert.key -p 22 email@example.com
Refer http://msdn.microsoft.com/library/azure/jj157194.aspx#SSH for what the various fields mean. Feel free to ask questions, I spend considerable amount of time getting this setup.