azure - 设置adminPassword无效;linux 部署在 Azure 资源管理器中
问题描述
我正在使用 ARM 模板来部署 linux 机器。在我的Microsoft.Compute/virtualMachines
部署中,我有包括这个在内的属性(按照文档)
"osProfile": {
"computerName": "computer-name-here",
"adminUsername": "[parameters('AdminUserName')]",
"adminPassword": "password following rules here",
"linuxConfiguration": {
"disablePasswordAuthentication": false
}
"secrets": []
},
问题是使用该用户名和密码登录不适用于 VM。
当机器旋转,然后ssh user@host
失败,说公钥认证失败。当我使用特殊标志强制要求输入密码时,结果相同。
当我检查 VM 的自动化脚本时,我看到我的属性通过了,但缺少 adminPassword。我假设他们出于安全考虑将其从控制台中删除,但 SSH 客户端确实使它看起来像是忽略了我配置的参数并启用了 ssh 密钥访问。
是否可以使用 Azure 进行用户名/密码登录,还是我错过了什么?
编辑更多细节:
生成我的 osProfile 的方式是通过执行此操作的模板:(请注意,我在用户名前面加上“密码”以确保替换正确)
"authConfig-sshpublickey": {
"adminUsername": "[concat('pubkey-',parameters('AdminUserName'))]",
"adminPassword": "",
"linuxConfiguration": {
"disablePasswordAuthentication": true,
"ssh": {
"publicKeys": [
{
"path": "[concat('/home/', parameters('AdminUserName'),'/.ssh/authorized_keys')]",
"keyData": "[parameters('AdminCredential')]"
}
]
}
}
},
"authConfig-password": {
"adminUsername": "[concat('password-',parameters('AdminUserName'))]",
"linuxConfiguration": null,
"adminPassword": "[parameters('AdminCredential')]"
},
"authConfig": "[variables(concat('authConfig-',parameters('AdminAuthType')))]"
然后我像这样在VM中设置它:
"osProfile": {
"computerName": "[concat(variables('namePrefixes').vm, '-', copyIndex())]",
"adminUsername": "[variables('authConfig').adminUsername]",
"adminPassword": "[variables('authConfig').adminPassword]",
"linuxConfiguration": "[variables('authConfig').linuxConfiguration]"
},
因为在运行时我使用的是 AdminAuthType=password,所以它会进行替换。
我运行模板,它正确设置了我的所有基础设施,然后我进入 Azure 控制台,检查生成的 VM 的自动化脚本,我看到了:
"osProfile": {
"computerName": "[parameters('extra stuff here')]",
"adminUsername": "password-myuser",
"linuxConfiguration": {
"disablePasswordAuthentication": false
},
"secrets": []
},
所以,结论:
- 它是在密码验证的基础上替换的
- 当我明确告诉它不要插入时,它正在插入 linuxConfiguration。
- adminPassword 没有出现在自动化脚本中,但如前所述,我不确定这是出于安全原因,还是从未真正通过。
解决方案
确切的答案是肯定的,可以通过 Azure 上的用户名/密码登录。使用您发布的模板,您可以忽略属性“linuxConfiguration”和“secrets”。简单的模板可以是这样的:
"osProfile": {
"computerName": "[variables('vmName')]",
"adminUsername": "[parameters('adminUsername')]",
"adminPassword": "[parameters('adminPassword')]"
},
如果没有属性“linuxConfiguration”,则不会配置 ssh 密钥。以及下面的整个模板示例:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"adminUsername": {
"type": "string",
"metadata": {
"description": "User name for the Virtual Machine."
}
},
"adminPassword": {
"type": "securestring",
"metadata": {
"description": "Password for the Virtual Machine."
}
},
"dnsLabelPrefix": {
"type": "string",
"metadata": {
"description": "Unique DNS Name for the Public IP used to access the Virtual Machine."
}
},
"ubuntuOSVersion": {
"type": "string",
"defaultValue": "16.04.0-LTS",
"allowedValues": [
"12.04.5-LTS",
"14.04.5-LTS",
"15.10",
"16.04.0-LTS"
],
"metadata": {
"description": "The Ubuntu version for the VM. This will pick a fully patched image of this given Ubuntu version."
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Location for all resources."
}
}
},
"variables": {
"storageAccountName": "[concat(uniquestring(resourceGroup().id), 'salinuxvm')]",
"imagePublisher": "Canonical",
"imageOffer": "UbuntuServer",
"nicName": "myVMNic",
"addressPrefix": "10.0.0.0/16",
"subnetName": "Subnet",
"subnetPrefix": "10.0.0.0/24",
"storageAccountType": "Standard_LRS",
"publicIPAddressName": "myPublicIP",
"publicIPAddressType": "Dynamic",
"vmName": "MyUbuntuVM",
"vmSize": "Standard_A1",
"virtualNetworkName": "MyVNET",
"subnetRef": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), variables('subnetName'))]"
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"name": "[variables('storageAccountName')]",
"apiVersion": "2017-06-01",
"location": "[parameters('location')]",
"sku": {
"name": "[variables('storageAccountType')]"
},
"kind": "Storage",
"properties": {}
},
{
"apiVersion": "2017-04-01",
"type": "Microsoft.Network/publicIPAddresses",
"name": "[variables('publicIPAddressName')]",
"location": "[parameters('location')]",
"properties": {
"publicIPAllocationMethod": "[variables('publicIPAddressType')]",
"dnsSettings": {
"domainNameLabel": "[parameters('dnsLabelPrefix')]"
}
}
},
{
"apiVersion": "2017-04-01",
"type": "Microsoft.Network/virtualNetworks",
"name": "[variables('virtualNetworkName')]",
"location": "[parameters('location')]",
"properties": {
"addressSpace": {
"addressPrefixes": [
"[variables('addressPrefix')]"
]
},
"subnets": [
{
"name": "[variables('subnetName')]",
"properties": {
"addressPrefix": "[variables('subnetPrefix')]"
}
}
]
}
},
{
"apiVersion": "2017-04-01",
"type": "Microsoft.Network/networkInterfaces",
"name": "[variables('nicName')]",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Network/publicIPAddresses/', variables('publicIPAddressName'))]",
"[resourceId('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]"
],
"properties": {
"ipConfigurations": [
{
"name": "ipconfig1",
"properties": {
"privateIPAllocationMethod": "Dynamic",
"publicIPAddress": {
"id": "[resourceId('Microsoft.Network/publicIPAddresses',variables('publicIPAddressName'))]"
},
"subnet": {
"id": "[variables('subnetRef')]"
}
}
}
]
}
},
{
"apiVersion": "2017-03-30",
"type": "Microsoft.Compute/virtualMachines",
"name": "[variables('vmName')]",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts/', variables('storageAccountName'))]",
"[resourceId('Microsoft.Network/networkInterfaces/', variables('nicName'))]"
],
"properties": {
"hardwareProfile": {
"vmSize": "[variables('vmSize')]"
},
"osProfile": {
"computerName": "[variables('vmName')]",
"adminUsername": "[parameters('adminUsername')]",
"adminPassword": "[parameters('adminPassword')]"
},
"storageProfile": {
"imageReference": {
"publisher": "[variables('imagePublisher')]",
"offer": "[variables('imageOffer')]",
"sku": "[parameters('ubuntuOSVersion')]",
"version": "latest"
},
"osDisk": {
"createOption": "FromImage"
},
},
"networkProfile": {
"networkInterfaces": [
{
"id": "[resourceId('Microsoft.Network/networkInterfaces',variables('nicName'))]"
}
]
},
"diagnosticsProfile": {
"bootDiagnostics": {
"enabled": true,
"storageUri": "[concat(reference(concat('Microsoft.Storage/storageAccounts/', variables('storageAccountName')), '2016-01-01').primaryEndpoints.blob)]"
}
}
}
}
],
"outputs": {
"hostname": {
"type": "string",
"value": "[reference(variables('publicIPAddressName')).dnsSettings.fqdn]"
},
"sshCommand": {
"type": "string",
"value": "[concat('ssh ', parameters('adminUsername'), '@', reference(variables('publicIPAddressName')).dnsSettings.fqdn)]"
}
}
}
此外,将检查 NSG 规则是否允许流量。希望这会帮助你。
更新
使用密码创建虚拟机时,创建虚拟机后模板中的密码配置如下,出于安全考虑,您无法看到密码:
如果您使用公共 ssh 密钥创建 VM,它将如下所示:
您在发布的用于创建 VM 的模板中设置了两种身份验证方式。请选择一项进行设置。如果您选择密码,请按照我上面发布的模板进行操作。
推荐阅读
- asp.net - HttpPost 在发布和远程 SQL Server 后返回 400 但与 localdb 一起工作正常吗?
- django - 向 Django CursorPagination 添加跳过参数
- linux - PHP 8.0:如何应用 xdebug.ini
- python - 使用 python multiprocessing.Pool 进入睡眠状态的子进程
- r - 如何对循环数据进行多路方差分析?
- kivy - 在 kivymd 中更改屏幕时更改工具栏标题
- google-sheets - Apps 脚本自定义公式在工作表中显示“公式解析错误”
- flutter - 如何从我的 Flutter 应用中打开 Telegram 聊天?
- google-sheets - 在非连续单元格上使用 TEXTJOIN 和 UNIQUE
- wordpress - 页面加载后预加载器不会淡出