azure - 无法连接到 Azure Linux 虚拟机
问题描述
我按照以下指南使用 Terraform 设置 Linux 虚拟机:
一切都在 Azure 中成功创建。我无法通过 ssh 进入虚拟机的最后一步。我在 Windows powershell 中使用以下命令:
ssh azureuser@public_ip_here
它给了我以下错误:
azureuser@52.186.144.190: Permission denied (publickey).
我尝试通过下载 RDP 文件并将其导入 RDP 来使用 Azure 门户中的 RDP 文件,但出现以下错误:
我尝试过的事情:
- 如上使用普通的 ssh 命令
- 尝试将私钥放在 .pem 文件中并为其分配受限权限。然后使用 ssh -i 命令传递此密钥。这也不起作用
- 使用从 Azure 门户下载的 RDP 文件(错误如下所示)
- 在 Azure 门户中运行虚拟机的测试连接功能,显示连接成功,但我仍然无法访问 VM。
我想知道我是否必须以某种方式配置 Azure 门户以允许自己能够在 VM 中进行 ssh。
我的 main.tf 代码是:
provider "azurerm" {
# The "feature" block is required for AzureRM provider 2.x.
# If you're using version 1.x, the "features" block is not allowed.
version = "~>2.0"
features {}
}
resource "azurerm_resource_group" "myterraformgroup" {
name = "myResourceGroup"
location = "eastus"
tags = {
environment = "Terraform Demo"
}
}
resource "azurerm_virtual_network" "myterraformnetwork" {
name = "myVnet"
address_space = ["10.0.0.0/16"]
location = "eastus"
resource_group_name = azurerm_resource_group.myterraformgroup.name
tags = {
environment = "Terraform Demo"
}
}
resource "azurerm_subnet" "myterraformsubnet" {
name = "mySubnet"
resource_group_name = azurerm_resource_group.myterraformgroup.name
virtual_network_name = azurerm_virtual_network.myterraformnetwork.name
address_prefixes = ["10.0.1.0/24"]
}
resource "azurerm_public_ip" "myterraformpublicip" {
name = "myPublicIP"
location = "eastus"
resource_group_name = azurerm_resource_group.myterraformgroup.name
allocation_method = "Dynamic"
tags = {
environment = "Terraform Demo"
}
}
resource "azurerm_network_security_group" "myterraformnsg" {
name = "myNetworkSecurityGroup"
location = "eastus"
resource_group_name = azurerm_resource_group.myterraformgroup.name
security_rule {
name = "SSH"
priority = 1001
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "22"
source_address_prefix = "*"
destination_address_prefix = "*"
}
tags = {
environment = "Terraform Demo"
}
}
resource "azurerm_network_interface" "myterraformnic" {
name = "myNIC"
location = "eastus"
resource_group_name = azurerm_resource_group.myterraformgroup.name
ip_configuration {
name = "myNicConfiguration"
subnet_id = azurerm_subnet.myterraformsubnet.id
private_ip_address_allocation = "Dynamic"
public_ip_address_id = azurerm_public_ip.myterraformpublicip.id
}
tags = {
environment = "Terraform Demo"
}
}
resource "azurerm_network_interface_security_group_association" "example" {
network_interface_id = azurerm_network_interface.myterraformnic.id
network_security_group_id = azurerm_network_security_group.myterraformnsg.id
}
resource "random_id" "randomId" {
keepers = {
# Generate a new ID only when a new resource group is defined
resource_group = azurerm_resource_group.myterraformgroup.name
}
byte_length = 8
}
resource "azurerm_storage_account" "mystorageaccount" {
name = "diag${random_id.randomId.hex}"
resource_group_name = azurerm_resource_group.myterraformgroup.name
location = "eastus"
account_tier = "Standard"
account_replication_type = "LRS"
tags = {
environment = "Terraform Demo"
}
}
resource "tls_private_key" "example_ssh" {
algorithm = "RSA"
rsa_bits = 4096
}
output "tls_private_key" { value = tls_private_key.example_ssh.private_key_pem }
resource "azurerm_linux_virtual_machine" "myterraformvm" {
name = "myVM"
location = "eastus"
resource_group_name = azurerm_resource_group.myterraformgroup.name
network_interface_ids = [azurerm_network_interface.myterraformnic.id]
size = "Standard_DS1_v2"
os_disk {
name = "myOsDisk"
caching = "ReadWrite"
storage_account_type = "Premium_LRS"
}
source_image_reference {
publisher = "Canonical"
offer = "UbuntuServer"
sku = "18.04-LTS"
version = "latest"
}
computer_name = "myvm"
admin_username = "azureuser"
disable_password_authentication = true
admin_ssh_key {
username = "azureuser"
public_key = tls_private_key.example_ssh.public_key_openssh
}
boot_diagnostics {
storage_account_uri = azurerm_storage_account.mystorageaccount.primary_blob_endpoint
}
tags = {
environment = "Terraform Demo"
}
}
任何帮助/指针将不胜感激!
解决方案
经过我的验证,您可以将输出的私人 pem 密钥保存到key.pem
主目录中命名的文件中。例如,C:\Users\username\
在 Windows 10 或/home/username/
Linux 中。
然后,您可以通过 shell 中的命令访问 Azure VM。
ssh -i "C:\Users\username\key.pem" azureuser@23.x.x.x
结果
此外,由tls_private_key生成的私钥将不加密地存储在您的 Terraform 状态文件中。建议在 Terraform 之外生成一个私钥文件,并将其安全地分发到将运行 Terraform 的系统。
您可以在 Windows 10 的 PowerShell 中使用ssh-keygen在客户端计算机上创建密钥对。密钥对保存在目录C:\Users\username\.ssh
中。
例如,您可以使用 Terraform 函数文件将公钥发送到 Azure VM:
admin_ssh_key {
username = "azureuser"
public_key = file("C:\\Users\\someusername\\.ssh\\id_rsa.pub")
#tls_private_key.example_ssh.public_key_openssh
}
推荐阅读
- python - 将整个 git repo 下载到 google colab
- azure - 为现有 AKS 群集应用节点自动缩放器时出错
- https - HTTPS 文件传输在遇到 0x1a(替换字符)时停止
- java - 在 Java 中验证特定的字符串模式
- raspberry-pi - 我可以从服务器/树莓派触发 Google Home 上的 Google Assistant 操作吗?
- jquery - 如何在 ajax 的下一个插入中修复“数组到字符串的转换”
- c# - 查询映射的 CustomObject 时出现 NullPointerException
- php - Wordpress - php 更新后 Ajax 请求不再有效
- ssl - 如何使用反向代理修复 Keycloak 中的“我们很抱歉需要 HTTPS”?
- javascript - 服务人员返回正确响应但仍然出现“无互联网”错误