Skip to main content

Lab 004: Securing Virtual Machine SSH Access

Requirements

The Nautilus DevOps team needs to set up a new Virtual Machine (VM) on the Azure cloud that can be accessed securely from their landing host (azure-client). Follow the steps below to complete this task:

  1. Create an SSH Key: On the azure-client host, check if an SSH key already exists. If it doesn’t exist, create a new SSH key on the azure-client host that will be used for password-less SSH access.

  2. Create a Virtual Machine: Use the Azure Portal or Azure CLI to create a new Virtual Machine named xfusion-vm in the westus region. Set the VM size to Standard_B1s and configure the VM with SSH access for the azureuser account using the newly created SSH key.

  3. Configure SSH Access: Ensure that the SSH key from the azure-client host is added to the azureuser account on xfusion-vm, enabling secure, password-less SSH access from the azure-client host.

  4. Verify Connectivity: Test the connection from azure-client to xfusion-vm using SSH to confirm that password-less access has been set up correctly.

  5. Complete these tasks entirely with Azure CLI.

Note

The solution can be implemented using both the Azure Cloud Console and the Azure CLI. This document outlines the CLI-based approach to accomplish these tasks. It is recommended to first explore the Azure Cloud Console for hands-on experience and a practical understanding of the process before utilizing the CLI approach, unless specifically instructed otherwise.

Prerequisites

  • Azure CLI is authenticated on azure-client.
  • A resource group containing kml exists.
  • SSH client is installed.

Steps

RESOURCE_GROUP=$(az group list --query "[?contains(name, 'kml')].name | [0]" --output tsv)
LOCATION="westus"
VM_NAME="xfusion-vm"
IMAGE="Ubuntu2404"
SIZE="Standard_B1s"
ADMIN_USERNAME="azureuser"
SSH_KEY_PATH="$HOME/.ssh/id_rsa.pub"

# Create SSH key if missing
if [ ! -f "$SSH_KEY_PATH" ]; then
  ssh-keygen -t rsa -b 2048 -f "${SSH_KEY_PATH%.pub}" -q -N ""
fi

# Create VM
az vm create \
  --resource-group "$RESOURCE_GROUP" \
  --name "$VM_NAME" \
  --image "$IMAGE" \
  --size "$SIZE" \
  --admin-username "$ADMIN_USERNAME" \
  --ssh-key-values "$SSH_KEY_PATH" \
  --os-disk-size-gb 128 \
  --location "$LOCATION" \
  --storage-sku Standard_LRS

VM_PUBLIC_IP=$(az vm list-ip-addresses --resource-group "$RESOURCE_GROUP" --name "$VM_NAME" --query "[].virtualMachine.network.publicIpAddresses[0].ipAddress" --output tsv)

echo "VM Public IP: $VM_PUBLIC_IP"
ssh "$ADMIN_USERNAME@$VM_PUBLIC_IP"

Verification

  • Confirm VM xfusion-vm is running in westus.
  • Confirm SSH login succeeds without password prompt using generated key.

Resources

Azure CLI Docs