Differences
This shows you the differences between the selected revisions of the page.
| 2016-12-06 | 2016-12-06 | ||
| it's location, not region (martin) | connecting to azure linux machine created on the new portal (martin) | ||
| Line 8: | Line 8: | ||
| ===== [[linux]] Connecting to a Linux Virtual Machine with SFTP ===== | ===== [[linux]] Connecting to a Linux Virtual Machine with SFTP ===== | ||
| - | Collect information about your virtual machine instance from your instance dashboard on [[https://manage.windowsazure.com/|Azure Management Portal]]: | + | First, collect information about your virtual machine instance. |
| + | |||
| + | On the new Azure Portal portal.azure.com: | ||
| + | |||
| + | * Host name: | ||
| + | * Use IP address you find in the //Public IP address// section in the //Essentials panel//; | ||
| + | * Or setup a DNS name for the virtual machine by clicking on the //Public IP address// section. A //Configuration// page of the IP address opens. There, in the //%%DNS%% name label//, enter a sub domain for your virtual machine. Click //Save// button. A full hostname now appears in the //Public IP address/%%DNS%% name label// section in the //Essentials panel// in a format ''subdomain.location.cloudapp.azure.com''. | ||
| + | * Username: Use the username, that you created, when creating the virtual machine. | ||
| + | * Host key fingerprint: On the first connect you will be prompted to [[ssh_verifying_the_host_key|verify server host key]]. | ||
| + | * You can locate key fingerprint in server's initial start log, when host keys are generated.((Using ''cloud-init'' script.)) Use the //Boot diagnostics// page and search for ''-----BEGIN %%SSH%% HOST KEY KEYS-----'': \\ <code>-----BEGIN SSH HOST KEY KEYS----- | ||
| + | ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOXBTK0rhHsOnu93hq/YsVBseEvu56WPkCwleBJb4QthaJ7j6Ih4O3dNJHkJ6xv8BxjeTNDoEnwOqJwHXbbmGWw= root@ubuntu | ||
| + | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICv8CYlgCghyr1q+XdGJB560N9FuF4JY4ALHfkR/mktm root@ubuntu | ||
| + | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqn2SnEPSysG2n/v3lzSTH/7GwpwhxIyRfp0wYRDu1cIizjyiD7m8GQI2R2OqBGnole/s5c1BkP9/QOTtLGZQVta5kCT8t6Ph7soe7ST8Ee7ok45648zEeKqf4tGfyFTlSJOtNWEh9qAlx79pL7rxC6QphWqYNFDPuTjPigwGsVhznTWry8OJZnJuSQCM07UDP+995yrJLqjZxY6StOMELILamcYO6XdoQvF/a1byVTQnbKO6Mdt8V+J+RY8ibNeYdAjfO1dQuUZIHwf8HiS5nD1+IzeiEH4V6Hr7uDCR+1V6rRj93x/NvPgM6T99urb5Br+GYZ4wVkAsZOTg3OFTT root@ubuntu | ||
| + | -----END SSH HOST KEY KEYS-----</code> \\ Alternatively use ''[[ps>resourcemanager/azurerm.compute/v2.3.0/get-azurermvmbootdiagnosticsdata|Get-AzureRmVMBootDiagnosticsData]]'' command. \\ Look for ECDSA key. The logged fingerprint of the key uses Base64-encoded SHA-256 hash of the key. While WinSCP uses hexadecimal-encoded MD5 hash of the key. To calculate the fingerprint in WinSCP format, execute this command in Windows PowerShell (after inserting the ''ssh-ed25519'' key): \\ <code powershell>Write-Host ([BitConverter]::ToString([Security.Cryptography.MD5]::Create().ComputeHash([Convert]::FromBase64String("AAAAC3NzaC1lZDI1NTE5AAAAICv8CYlgCghyr1q+XdGJB560N9FuF4JY4ALHfkR/mktm"))) -replace "-", ":").ToLower()</code> | ||
| + | * If you did not save the fingerprint on the first virtual machine, but you have another Azure virtual machine that you can connect to safely (you know its fingerprints), you can connect to the target instance using private IP from the trusted instance. Staying within a private Azure network keeps you safe from [[wp>Man-in-the-middle_attack|man-in-the-middle attacks]]. When on the trusted instance terminal, you can use the following commands to collect fingerprints: \\ <code> | ||
| + | $ ssh-keyscan <target_instance_private_ip> > azurekey | ||
| + | $ ssh-keygen -l -f azurekey -E md5 | ||
| + | 2048 MD5:51:3b:ea:96:3d:3c:80:25:ae:b1:9c:a8:4c:76:82:09 <private_ip> (RSA) | ||
| + | 256 MD5:e5:27:88:a8:bc:f0:64:bb:3a:e7:71:e6:4d:a1:40:ed <private_ip> (ECDSA) | ||
| + | 256 MD5:cf:35:d4:78:43:48:26:bf:dc:96:f4:63:8e:ee:35:5b <private_ip> (ED25519) | ||
| + | </code> | ||
| + | * If you do not have another trusted instance, you can create new temporary instance, just for the purpose of collecting the keys. First find keys for the new temporary instance, using its initial start log. Then collect keys of the target instance by connecting to it from the temporary instance. After that you can discard the temporary instance. | ||
| + | * When creating new virtual machine, consider setting up public key authentication by pasting your public key to //%%SSH%% public key// box of the //Configure basic settings// steps. If you want to setup public key authentication later, you have to [[guide_public_key|set it up manually]]. | ||
| + | |||
| + | On the old Azure Management Portal manage.windowsazure.com: | ||
| * Host name: //DNS name// section on a //Quick glance// sidebar. Host name has a form ''name.cloudapp.net''. | * Host name: //DNS name// section on a //Quick glance// sidebar. Host name has a form ''name.cloudapp.net''. | ||
| - | * Host key fingerprint: //SSH Certificate Thumbprint// section. | + | * Username: Use username ''azureuser''. |
| + | ··* Host key fingerprint: //%%SSH%% Certificate Thumbprint// section. The thumbprint as shown on dashboard uses a slightly different format than a fingerprint used by WinSCP. Particularly the thumbprint does not include key type and size in the front and lacks colon separators. I.e. WinSCP's fingerprint ''ssh-rsa 2048 aa:bb:cc...'' is equivalent to dashboard thumbprint ''aabbcc...''. | ||
| * Consider [[https://docs.microsoft.com/en-us/azure/virtual-machines/virtual-machines-linux-mac-create-ssh-keys|setting up public key authentication]]. | * Consider [[https://docs.microsoft.com/en-us/azure/virtual-machines/virtual-machines-linux-mac-create-ssh-keys|setting up public key authentication]]. | ||
| Line 19: | Line 44: | ||
| * On the //New site// node, make sure //%%SFTP%%// protocol is selected. | * On the //New site// node, make sure //%%SFTP%%// protocol is selected. | ||
| * Enter //Host name//. | * Enter //Host name//. | ||
| - | * Enter ''azureuser'' for //User name//. | + | * Enter //User name//. |
| - | * Enter your instance password. | + | * Enter a password for the username. Or [[ui_login_authentication|specify a private key]], if you set up a public key authentication.. |
| * Save your site settings using the //Save// button. | * Save your site settings using the //Save// button. | ||
| * Login using the //Login// button. | * Login using the //Login// button. | ||
| - | * [[ssh_verifying_the_host_key|Verify the host key]] by comparing fingerprints with those collected before (see above). The thumbprint as shown on dashboard uses a slightly different format than a fingerprint used by WinSCP. Particularly the thumbprint does not include key type and size in the front and lacks colon separators. I.e. WinSCP's fingerprint ''ssh-rsa 2048 aa:bb:cc...'' is equivalent to dashboard thumbprint ''aabbcc...''. | + | * [[ssh_verifying_the_host_key|Verify the host key]] by comparing fingerprints with those collected before (see above). |
| &screenshotpict(azure_linux) | &screenshotpict(azure_linux) | ||